You can log in to the AppDefense Appliance using a self-signed or a CA certificate.

If the certificate is signed by the Certificate Authority (CA), then you must skip step 1 and 2 in the following procedure.

Procedure

  1. Log in to AppDefense Appliance with Secure Shell (SSH), and create a public-private key pair using OpenSSL with openssl genrsa -aes256 -out <private_key>.pem 2048.
    Enter a password when prompted.
  2. Convert the key pair to PEM certificate with openssl req -new -x509 -key <private_key>.pem -out <public_cert>.cer.
    Provide values for the following parameters.
    Country Name (two letter code) [AU]: 
    State or Province Name(full name) [Some-State]: 
    Locality Name(example, city) : 
    Organization Name(example, company) : 
    Organizational Unit Name (example, section) : 
    Common Name (example, server FQDN, or YOUR name) : 
    				
  3. Use the keytool command to import the certificate in the AppDefense Appliance TrustStore.
    keytool -importcert -file <public_cert>.cer -keystore "/opt/vmware/appdefense/etc/appd-appliance-truststore.jks"  -storepass <store_password>
    ….
    ….
    ….
    Trust this certificate? [no]:  yes
    Certificate was added to keystore
    
    Go to the file at /opt/vmware/appdefense/gateway-server/config/application.yml to obtain the <store_password>.

    If necessary, use the super user or sudo credentials to access the file. Look for trust-store-password in the yaml file.

  4. Create the PKS12/.pfx file using openssl pkcs12 -export -out <cert_name>.pfx -inkey <private_key>.pem -in <public_cert>.cer.
  5. Import the created PKS12/.pfx to the guest operating system from where you want to access the Appliance using the certificate.
  6. Open a Web browser, and navigate to AppDefense Appliance GUI at https://<applicance ip address> and press Enter.
    The Select a certificate window appears. It displays the list of certificates that you can select.
  7. Select the certificate that was imported to the AppDefense Appliance TrustStore, and press OK.
    After the authentication is successful, you can log in to AppDefense Appliance without the need to enter the user credentials.

Results

You can log in to AppDefense Appliance with self-signed or a CA certificate, without the need to enter the user credentials.