>
    Strata Copilot
    Add a HID PKIaaS CA
    Focus
    Focus
    1. Home
    2. Next‑Gen Trust Security
    3. Next-Gen Trust Security
    4. Next-Gen Trust Security Overview
    5. Overview: Certificate Issuance
    6. Adding a Certificate Authority
    7. Add a HID PKIaaS CA
    Next‑Gen Trust Security

    Add a HID PKIaaS CA

    Table of Contents

    Add a HID PKIaaS CA

    You can add a certificate authority (CA) from HID PKIaaS and import certificates based on its policies.

    Prerequisites

    • From your HID PKIaaS administrator, an account with access to the certificates to import. For security, CyberArk recommends the Service Requestor role.
    • From the account, an API ID and key.
    • The URL of your HID PKIaaS instance.
    • An understanding of which certificate policies you'll import certificates from.
    • In Next-Gen Trust Security, the Superuser role in the parent TSG.

    To set up the CA

    1. Sign in to Next-Gen Trust Security.
    2. Click Configuration > Certificate Authorities.
    3. Click New > HID PKIaaS.
    4. In Step 1 of 2:
      1. Enter a Name for the CA.
      2. Select the HID PKIaaS URL of your instance.
      3. In API Key ID, enter the API ID from the account.
      4. In API Key, enter the API key from the account.
      5. Click Test Connection.
      6. Click Create.
    5. In Step 2 of 2:
      1. In Product Options, search for and select the certificate policies from which you're importing certificates, then click Add.
      2. (Optional) In Import options, select Include revoked certificates or Include expired certificates.
      3. (Optional) Enable Scheduled import and choose a schedule.
      4. Click Done.
    After the import runs, your Next-Gen Trust Security inventory contains the imported HID PKIaaS certificates. You can also run the import manually in the Import tab.

    What's Next

    This CA is now ready to be added to one or more certificate issuing templates. To do this, select this CA when creating certificate issuing templates.

    © 2026 Palo Alto Networks, Inc. All rights reserved.