Skip to content

Adding a CA account in DevOpsACCELERATE

A CA account is a connection to a Certificate Authority API that provides certificate life cycle services. DevOpsACCELERATE offers two CA accounts, Digicert, GlobalSign, and Entrust Certificate Services.

When you add a CA account, you'll need to provide an API key. The API key is a key used by most CAs to identify your organization. This API key serves as an authentication mechanism instead of your password.

Note

DevOpsACCELERATE includes a built-in CA as the default CA Account.

Adding a CA account (certificate provider) often takes place when you create an Issuing Template.

See an overview of Issuing Templates.

For DigiCert CertCentral
  1. In the menu bar, click Settings > CA Accounts.
  2. In CA accounts, click Add New Account.
  3. Copy and paste your API Key from DigiCert CertCentral.

Important

You must have the Manager role or higher in Digicert CertCentral.

For GlobalSign Atlas

Note

If you don't yet have a GlobalSign account, visit https://www.globalsign.com/en/lp/venafi/ to create one.

  1. In the menu bar, click Settings > CA Accounts.
  2. In CA accounts, click Add New Account.
  3. Select GlobalSign as the Certificate Authority.
  4. Browse to your Credentials File.

    How do I find my GlobalSign credentials file?
    The Credentials file is supplied to you directly from GlobalSign when you create your GlobalSign account.
    
  5. Click Authenticate.

    After you authenticate, we'll show you GlobalSign's validation policy. This is a list of requirements that your certificate request must comply with before GlobalSign will issue a certificate for you. We'll also display this information, in a more readable form when you start setting up policies for your organization. GlobalSign example

  6. After the credential is authenticated, click Add Account.

    In CA Accounts, you'll see a tile for the new GlobalSign account you added.

For Entrust Certificate Services

Entrust Certificate Services features a tool that helps streamline the procurement and administration of SSL certificates. Venafi Cloud has partnered with Entrust Certificate Services to give you the ability to quickly and easily request and renew certificates.

  1. In the menu bar, click Settings > CA Accounts.
  2. In CA accounts, click New.
  3. Type in an Account Name for your Entrust account. Enter Account Name and choose CA from list

  4. Select Entrust from the Certificate Authority list.

  5. Upload an API SSL (client) certificate.

Note

The client certificate must have the Client Authentication EKU.

How do I create a client certificate?
  1. Log in to the Entrust Certificate Services web console.
  2. In the top menu, Navigate to Administration > Advanced Settings.
  3. Click API.

    Entrust settings panel

  4. Click the highlighted link to download the REST API for ECS Enterprise User Guide and Method Reference.

  5. Follow the steps in the Authentication section that includes instructions on how to create a public/private key pair, SSL certificate, and an API user and key.
  1. After you've uploaded the certificate, private key, and chain in PKCS#12 format, enter its passphrase.

  2. Type your Entrust username and provide the associated API Key.

    To learn how to retrieve your Entrust API key, see Entrust's Help document here.

    Add CA account panel

  3. Click Validate.

  4. After successful authentication, click Add Account.