Skip to content

Adding a certificate authority

When you add a certificate authority (CA) to TLS Protect Cloud, you create a connection between TLS Protect Cloud and that CA. That connection enables TLS Protect Cloud to manage certificate life-cycles.

TLS Protect Cloud can connect to both external and internal CAs, in addition to its own built-in CA.

Before you begin

Before setting up your CA, review the following:

  • If you plan to use paid public trust CAs (like DigiCert, excluding free ones like Let's Encrypt), an enterprise CA account is required. Make sure you have a billing setup for pre-purchasing certificate units or for post-use billing. This is simply because our platform doesn't support purchasing individual certificates with a credit card for each transaction.
  • Have your CA authentication credentials ready before you can configure and test issuance. Each CA provider has its own authentication methodology.
  • Make sure you have been assigned either the Admin or PKI Administrator roles required to add new CAs.

Getting started

Select your CA below for a detailed how-to.

Venafi TLS Protect

Built-in CA TLS Protect Datacenter

Public certificate authorities

DigiCert Entrust GlobalSign Atlas GlobalSign MSSL Let's Encrypt (ACMEv2)

Private certificate authorities

Venafi Zero Touch PKI Microsoft AD CS

Custom certificate authority

ACMEv2