1.0 Introduction
The integration between AppViewX and Fortanix-Data-Security-Manager (DSM) helps enterprises overcome the challenges brought by managing private keys in a complex infrastructure. AppViewX acts as the automation and orchestration engine for the lifecycle management of X.509 certificates, and Fortanix DSM ensures the security of the private keys associated with those certificates in the cloud, on-premises or as a hybrid solution.
2.0 Prerequisites
The following are the prerequisites to perform integration with AppViewX on-premises:
Fortanix must provide the following files:
fortanix_pkcs11.soandpkcs11.confThe
pkcs11.conffile should have the API endpoint and the log file location configured.
3.0 Integrating Fortanix HSM with AppViewX On-Premises
The following are the steps to integrate Fortanix DSM with AppViewX on-premises:
Copy the files
fortanix_pkcs11.soandpkcs11.confto the AppViewX nodes where theavx_vendorsplugin is enabled.Place the
fortanix_pkcs11.sofile in the/opt/fortanix/pkcs11/directory.In the AppViewX nodes where the
avx_vendorsplugins are enabled, navigate to the AppViewX install and properties directory. Edit the properties file and enter the value for the keyFORTANIX_PKCS11_LIBRARY_PATHas follows:FORTANIX_PKCS11_LIBRARY_PATH = /opt/fortanix/pkcs11/fortanix_pkcs11.soPlace the
pkcs11.conffile in the/etc/fortanixdirectory.Once the above-mentioned steps are executed, restart the plugins and the gateway using the following command:
avx --restart plugins avx --restart gatewayOnce the Components are up and running, navigate to the AppViewX GUI, login, and navigate to Inventory → Device → HSM.
Figure 1: AppViewX GUI
Select Fortanix HSM and click Configure Now or the (+) the button, do the following:
Enter the Name and select the Data center.
Provide the API Key and any user-defined Key handler name.
Click Save.
Once saved, if the integration is completed successfully, you will see a pop up in the UI with a message indicating that the HSM settings have been saved successfully.