Adding a certificate authority¶

When you add a certificate authority (CA) to TLS Protect Cloud, you create a connection between TLS Protect Cloud and that CA. That connection enables TLS Protect Cloud to manage certificate life-cycles.

TLS Protect Cloud can connect to both external and internal CAs, in addition to its own built-in CA.

Before you begin¶

Before setting up your CA, review the following:

• If you plan to use paid public trust CAs (like DigiCert, excluding free ones like Let's Encrypt), an enterprise CA account is required. Make sure you have a billing setup for pre-purchasing certificate units or for post-use billing. This is simply because our platform doesn't support purchasing individual certificates with a credit card for each transaction.
• Have your CA authentication credentials ready before you can configure and test issuance. Each CA provider has its own authentication methodology.
• Make sure you have been assigned either the System Administrator or PKI Administrator roles required to add new CAs.

Getting started¶

Select your CA below for a detailed how-to.

Connector CAs using the CA Connector Framework¶

Because of the vast number of possible CAs, it's not possible for TLS Protect Cloud to natively support all options out of the box. However, if you use a CA that is not supported by TLS Protect Cloud, you can probably use their API to create a custom CA connector using the Venafi CA Connector Framework.

Venafi has developed two fully-supported CA connectors using the CA Connector Framework: one for a private CA, EJBCA, and another for a public CA, Sectigo.

You can use these connectors as-is. If you want to develop your own connector to a custom CA, these topics can help you see how to connect it to TLS Protect Cloud using the TLS Protect Cloud console.