You need the following PowerShell scripts to connect the Venafi Adaptable CA interface to the KMES Series 3:

Copy Futurex KMES CA.ps1 into the AdaptableCA scripts folder, which is typically found at C:\Program Files\Venafi\Scripts\AdaptableCA.

You can run FuturexCreateCustomFields.ps1 from anywhere, as long as it can connect to the TPP web SDK. Refer to this Venafi Docs article for instructions on getting a token by using browser-based authentication.

To connect to a KMES Series 3, TPP uses a PowerShell configuration file containing user-defined parameters. Previously, you needed to modify specific parameters inside the script before running it. Now, you just run the script as-is, and it sets all configuration parameters from inside the Venafi TPP web UI.

The second PowerShell script, FuturexCreateCustomFields.ps1, defines three custom fields in TPP. These fields define the approval group within the KMES Series 3 that controls the approval of issuance requests, the validity period, and X.509 extension profiles. X.509 extension profiles enable you to set the type of certificate being deployed. This must match an option defined for the relevant issuance policy.

These fields are optional and can provide additional levels of granular control over Venafi policies for certificate attributes and issuance structure. These three fields are currently the only ones supported by Futurex and Venafi. You must use this script to add these custom fields and add them manually in the Venafi application.

To configure the script, open FuturexCreateCustomFields.ps1 in a text editor and change the following variables to ones appropriate for the Venafi TPP installation:

After you make these changes, run the script in PowerShell. You need to run the script only once on each server running Venafi, regardless of how many KMES Series 3 units or issuance policies you define.