Configure the Adaptable CA driver

5min

you need the following powershell scripts to connect the venafi adaptable ca interface to the {{k3}} futurex kmes ca ps1 futurexcreatecustomfields ps1 copy futurex kmes ca ps1 into the adaptableca scripts folder, which is typically found at c \program files\venafi\scripts\adaptableca you can run futurexcreatecustomfields ps1 from anywhere if it can connect to the tpp web sdk refer to this venafi docs article for instructions on getting a token by using browser based authentication because tpp tries to enumerate the script as if it is a driver, we recommend that you don't put the script in the adaptableca scripts folder configure the {{k3}} powershell driver to connect to a {{k3}} , tpp uses a powershell configuration file containing user defined parameters previously, you needed to modify specific parameters inside the script before running it now, you just run the script as is, and it sets all configuration parameters from inside the venafi tpp web ui you must install the system tls ca root certificate into the trusted root certificate authorities store in windows, or certificate validation fails to use multiple {{k3}} servers or even different issuing certificates, you must create additional copies of the driver script with different filenames and manually change the variables for each instance required if you change the driver script filename, it appears in tpp with a different name configure the custom fields powershell script the second powershell script, futurexcreatecustomfields ps1 , defines three custom fields in tpp these fields define the approval group within the {{k3}} that controls the approval of issuance requests, the validity period, and x 509 extension profiles x 509 extension profiles enable you to set the type of certificate being deployed this must match an option defined for the relevant issuance policy these fields are optional and can provide additional levels of granular control over venafi policies for certificate attributes and issuance structure these three fields are currently the only ones we and venafi support you must use this script to add these custom fields and add them manually in the venafi application to configure the script, open futurexcreatecustomfields ps1 in a text editor and change the following variables to the ones appropriate for the venafi tpp installation refer to this venafi docs article for instructions on getting a token by using browser based authentication \# configuration $sdkuri = "\<venafi trust protection platform hostname or ip>" $sdktoken = "\<venafi trust protection platform token>" after you make these changes, run the script in powershell you need to run the script only once on each server running venafi, regardless of how many {{k3}} units or issuance policies you define

Configure KMES TLS communication

Configure Venafi TPP to use the Futurex Adaptable CA driver