Skip to content

Adding a Venafi Zero Touch PKI certificate authority

Before you begin

You're going to need a few things to complete the CA configuration.

Zero Touch PKI account

If you don't already have an account, you'll need to set that up first. Contact your Zero Touch PKI administrator to establish an account with the proper account role that you can use to create a new Zero Touch PKI certificate authority.

To set up this CA, you'll need the following from Zero Touch PKI:

  • Zero Touch PKI URL
  • API Key ID
  • API Key

To set up the CA

Set up the connection

  1. Sign in to Venafi Control Plane.
  2. Click Integrations > Certificate Authorities.
  3. Click New > Venafi Zero Touch PKI.
  4. Enter a Name that this CA should be called in TLS Protect Cloud.
  5. In the Server URL field, select the URL for the Zero Touch PKI service that your private PKI is hosted at.
  6. Enter the API key ID and API key generated from one of the users in your Zero Touch PKI account.


    This user must have the proper role with permissions to the certificate policies that will be used when creating certificate issuing templates. Contact your Zero Touch PKI administrator if you do not have a user account with the correct permissions.

  7. Click Test Connection.

What's Next

This CA is now ready to be added to one or more certificate issuing templates. To do this, select this CA when creating certificate issuing templates.