Skip to content

Create a Sectigo Certificate Manager certificate authority

CyberArk Certificate Manager - SaaS supports cloud-native integration with Sectigo Certificate Manager, allowing you to manage certificate issuance, import existing certificates, and revoke certificates through your Sectigo Certificate Manager CA account.

Note

The Sectigo Certificate Manager cloud CA does not require VSatellites. If you previously configured a Sectigo Certificate Manager (VSatellite) custom CA, that configuration will continue to work. For information about the legacy custom CA, see Create a Sectigo Certificate Manager (VSatellite) connector.

Before you begin

Before configuring the Sectigo Certificate Manager CA account in Certificate Manager - SaaS, ensure you have:

  • A Sectigo Certificate Manager account with administrator access
  • API credentials configured in your Sectigo Certificate Manager account

As a Sectigo Certificate Manager administrator, ensure your account has the following settings:

  • Admin type: Select API
  • An API key
  • Certificate requests: Select Automatically approve certificate requests under Edit Standard Admin

For more information on managing your Sectigo Certificate Manager administrator accounts, see Managing administrators.

Add a Sectigo Certificate Manager CA account

  1. Sign in to Certificate Manager - SaaS.

  2. Click Integrations > Certificate Authorities.

  3. Click New, then click Add Certificate Authority Connector.

  4. On the Connection page:

    1. Enter a Name that will be used as the display name for the CA account.
    2. Select Sectigo Certificate Manager as the Certificate Authority Type.
    3. Click Next.

  5. On the Information page, provide the connection details for your Sectigo Certificate Manager account:

    1. In the Service Address field, enter the URL for your Sectigo Certificate Manager server.

      Example

      For example: hard.cert-manager.com

      If you have a custom URL associated with your account, you can enter it here. Do not include https:// in the URL.

    2. Enter your Customer URI.

      This is the last part of your Web Admin Console URL.

      Example

      For example, if your Web Admin Console were https://cert-manager.com/customer/MyCompany, your Customer URI would be MyCompany.

    3. Enter the Username and Password you use to log in to your Sectigo Certificate Manager account.

    4. Click Test Connection to verify your credentials and connectivity.

      If the test is successful, you'll see a confirmation message: "Connection to the Sectigo CA is established."

    5. Click Next.

  6. On the Issuance page, specify the product offerings to make available for certificate issuing templates:

    1. In the Product Options dropdown, select the Sectigo Certificate Manager products you want to use with Certificate Manager - SaaS.

      How do I know which product options to select?

      In this step, we recommend you select all products that you might want to use with Certificate Manager - SaaS.

      You can restrict which products are available to specific users when you create the issuing template. Selecting them here makes them available for issuing templates that use this CA account.

      You can modify this selection later by editing the CA account settings.

    2. Click Add.

    3. Click Next.

  7. (Optional) On the Import page, configure settings to import existing certificates from your Sectigo Certificate Manager account.

    If you don't want to set up certificate import, click Create to finish.

    1. In the Import options section, select whether to include revoked or expired certificates in the import.

    2. To schedule automatic imports, enable the Scheduled import option, then configure the schedule.

      Consider import duration when scheduling

      Certificate import from Sectigo Certificate Manager can take significant time, especially if you have a large certificate inventory. Import operations may take 45 minutes or longer depending on the number of certificates.

      The Sectigo Certificate Manager API imports the entire inventory of certificates in your account each time—it does not support incremental updates. It is recommended to configure weekly scheduled imports rather than more frequent intervals.

    3. Click Create.

Your new Sectigo Certificate Manager CA account appears in the Certificate Authorities list.

What's next

This CA is now ready to be added to one or more certificate issuing templates. To do this, select this CA when creating certificate issuing templates.