Nameshield
Prerequisites
-
A dedicated Horizon account with enroll and revoke permissions must be set up
-
An authentication token must be obtained using Nameshield’s procedure
Limitations
-
CSR must contain at least a FQDN CN and DNS SAN
-
Only DNS SANs can be overriden
-
Renewal period of the profiles using this connector should be aligned with the renewal period of the NameShield platform (30d), as renewal will otherwise be blocked on the PKI.
Create the PKI connector
1. Log in to Horizon Administration Interface.
2. Access PKI from the drawer or card: .
3. Click on 
.
4. Select the correct PKI type.
5. Click on the next button
General tab
6. Fill in the common mandatory fields:
-
Connector Name* (string input):
Choose a meaningful connector name allowing to identify the mapping between the PKI and the Certificate Profile. It must be unique and must not contain spaces. -
Proxy (string select):
If the PKI is not directly reachable from Horizon, you can set up an HTTP/HTTPS proxy to properly forward the traffic. -
PKI Queue (string select):
The PKI Queue used to manage the PKI Requests (enrollment, revocation). -
Timeout (finite duration):
Represents a predefined interval of time without a PKI response, when the time has passed "Horizon" will cease trying to establish the communication. Must be a valid finite duration.
7. Click on the next button
8. Fill all mandatory fields:
-
Environment* (select):
Fill in the environment of the nameshield instance (Production or Testing). -
Organization ID* (number input):
Fill in the Nameshield Organization ID. -
Product ID* (number input):
Fill in the Nameshield Product ID. -
Customer ID* (number input):
Fill in the Nameshield Customer ID.
9. Click on the next button.
Authentication tab
-
API Key* (select):
SelectAPI Tokencredentials containing the authentication token used to connect to Nameshield.
10. Click on the save button.
You can edit 
, duplicate 
or delete 
the Nameshield connector.