Applivery Auth Connector Deployment and Configuration Guide

The Applivery Auth Connector is a helper service that supplies your Applivery workspace with valid SCEP challenge passwords, which are then delivered to devices so they can request certificates. This is typically required when NDES Certificate Authority services are hosted within private networks.

Applivery distributes the Auth Connector as a Docker container for both AMD64 and ARM64 architectures.

From an infrastructure perspective, the Auth Connector establishes outbound connections to the PKI server running the NDES service, retrieves SCEP challenges, and reports them back to the Applivery Dashboard for use in device configurations.

Step 1 - Configuring the Certificate Provider #

Before deploying the Auth Connector, you will need to configure a new Certificate Provider.

Once in the Applivery Dashboard, navigate to the Configuration (1) section (under Device Management). From the left side menu select Certificate providers (2) and click the + Create Certificate provider button (3).

The configuration form includes the following sections:

Server Configuration #

Server URL: https://<your-ndes-server>/certsrv/mscep/mscep.dll.
CA Fingerprint: This value must be extracted from the CA certificate used by the NDES server. To obtain it, open the CA certificate, navigate to the Extensions section, and locate the CA Fingerprint entry. Copy this value and paste it into the field.
Authority name: Enter the intermediate/issuing CA name exactly as it appears in the CA certificate.

Key Configuration #

Key Size: Typically 2048 or 4096, depending on security policy.
Key Type: RSA.

Subject Configuration #

Configure subject fields as required by the consuming service. Applivery supports interpolation tags to auto-fill values from device or user attributes.

Challenge Configuration #

Mode: NDES.
URL: https://<your-ndes-server>/certsrv/mscep_admin.
Username: Domain user with permissions for the Certificate Template configured on the NDES server.
Password: Password for the above user.

Click Save, then reopen the configuration to copy the Auth Connector Token (4) displayed at the top.

Step 2 - Auth Connector installation #

The next step is to deploy the Auth Connector Docker container.

The service is packaged as a Docker image, which you can download from the Applivery Docker registry:

				
					europe-southwest1-docker.pkg.dev/applivery/public/auth-connector

Available versions #

Architecture	Tags
linux/amd64	`latest`, `0.1.2`.
linux/arm64	`latest-arm`, `0.1.2-arm`.

How to configure the container #

You need to provide a few important pieces of information for the container to run:

CONNECTOR_TOKEN: The token obtained from the Certificate Provider in the previous step.
LOG_LEVEL: The level of logging detail. Options are debug, info, error, or silent. Default is info.
LOG_JSON: Set to true to output logs in JSON format, or false for plain text logs. Default is false.

You can provide these settings in two ways:

Using a .env file: A file that contains all the environment variables.
Directly as environment variables in your Docker run command or Docker Compose file.

Configuration file example #

				
					# Connector token of the Certificate provider. (required)
CONNECTOR_TOKEN=

# Required for private instance deployments.
# TENANT=

# Log level can be debug, info, error or silent. (default: info)
LOG_LEVEL=info

# Log as json. (default: false)
LOG_JSON=false

# Listening port for the report server. (default: 3000)
PORT=3000

Note You only need to set the TENANT variable for Private Instances.

Examples with docker run #

				
					# Environment variables
docker run \
-e CONNECTOR_TOKEN= YOUR_AUTH TOKEN\
-p 3000:3000 \
europe-southwest1-docker.pkg.dev/applivery/public/auth-connector:latest

				
					# Config file
docker run \
-v .env:/app/.env \
-p 3000:3000 \
europe-southwest1-docker.pkg.dev/applivery/public/auth-connector:latest

Examples with docker-compose #

				
					services:     
  # Config file
  applivery-auth-connector: 
    image: europe-southwest1-docker.pkg.dev/applivery/public/auth-connector:latest
    volumes:
      - .env:/app/.env
    ports:
      - 3000:3000

				
					services:
  applivery-auth-connector: 
    image: europe-southwest1-docker.pkg.dev/applivery/public/auth-connector:latest-arm
    environment:
      CONNECTOR_TOKEN: YOUR_AUTH_TOKEN
      #TENANT: 
      LOG_LEVEL: info
    ports:
      - 3000:3000

Status report #

An HTTP service runs on port 3000 inside the Auth Connector container, exposing a status report with information such as:

Number of challenges requested.
Total error count.
Additional operational metrics.

The same status information is also available directly in the Certificate Provider configuration in the Applivery Dashboard via the connector status icon.

A green checkmark indicates that the connector has reported successfully within the last 20 minutes.

Note Errors such as The password cache is full indicate that the NDES server has reached its request limit. Adjust the corresponding Windows Server registry values to increase this limit.

Updated on novembro 25, 2025