Import certificates from a Zero Touch PKI CA¶

In Certificate Manager - SaaS, you can connect to Zero Touch PKI via API and import certificates from its certificate authorities (CAs). You import certificates based on their Zero Touch PKI certificate policy.

Prerequisites¶

• From your Zero Touch PKI administrator, an account with access to the certificates to import. For security, CyberArk recommends the Service Requestor role.
• From the account, an API ID and key.
• The URL of your Zero Touch PKI instance.
• An understanding of which certificate policies you'll import certificates from.
• In Certificate Manager - SaaS, administrative access via the Platform Administrator, PKI Administrator, or System Administrator roles.

To import certificates from Zero Touch PKI¶

1. Sign in to Certificate Manager - SaaS.
2. Click Integrations > Certificate Authorities.
3. Click New > Zero Touch PKI.
4. In Step 1 of 2:
   1. Enter a Name for the CA.
   2. Select the Zero Touch PKI URL of your instance.
   3. In API Key ID, enter the API ID from the account.
   4. In API Key, enter the API key from the account.
   5. Click Test Connection.
   6. Click Create.
5. In Step 2 of 2:
   1. In Product Options, search for and select the certificate policies from which you're importing certificates.
   2. (Optional) In Import options, select Include revoked certificates or Include expired certificates.
   3. (Optional) Turn on Scheduled import and choose a schedule.
   4. Click Done.

After the import runs, your Certificate Manager - SaaS inventory contains the imported Zero Touch PKI certificates. You can also run the import manually in the Import tab.

Related Links¶

• About importing certificates from ZTPKI CAs
• Run an import from an existing ZTPKI CA connection