Installation overview¶
You can install Distributed Issuer in a Kubernetes cluster using Helm or on a Linux host using Docker.
Pre-installation setup¶
Before you install Distributed Issuer, you or a platform administrator must complete setup steps in the Next-Gen Trust Security user interface.
Pre-installation documentation
For Distributed Issuer pre-installation, see Getting Started with Distributed Issuer on the Next-Gen Trust Security documentation site.
Pre-installation includes the following:
- Create a CA account: Connect Distributed Issuer to a trusted certificate authority that supports subordinate CA providers, such as Zero Touch PKI or Microsoft Active Directory Certificate Services (AD CS).
- Create a subordinate CA provider: Define which CA account issues and defines Distributed Issuer's subordinate CA certificate.
- Create a policy: Set rules that determine how Distributed Issuer issues certificates.
- Save credentials: Create a Built-in Account and save its private key and client ID. Also save the Tenant Service Group ID (or
tsgID) for your Next-Gen Trust Security tenant. - Create a configuration: Tie together your Sub CA provider, policies, and client settings into a runtime configuration for Distributed Issuer.
Installing Distributed Issuer¶
Once NGTS setup is complete, install Distributed Issuer as follows:
- On Kubernetes using Helm.
- On a Linux host using Docker.