Add Zero Touch PKI
Table of Contents
Expand all | Collapse all
-
- Activate Next-Generation Trust Security
-
-
- Configure AWS connection
- Configure Azure Key Vault connection
-
- Workload Identity Federation authentication
- Workload Identity Federation - Azure Identity Provider authentication
- Next-Gen Trust Security Generated Key authentication
- User permissions
- Workload Identity Federation authentication
- Next-Gen Trust Security Generated Key authentication
- User permissions
- Supported OIDC claims
-
-
-
-
- Create an F5 BIG-IP LTM machine
- Create a Microsoft Azure Private Key Vault machine
- Create a Microsoft IIS machine
- Create a Microsoft Windows (PowerShell) machine
- Create a Microsoft SQL Server machine
- Create a Common KeyStore machine
- Create a Citrix ADC machine
- Create an Imperva WAF machine
- Create a VMware NSX Advanced Load Balancer (AVI) machine
- Create an A10 Thunder ADC machine
- Create a Cloudflare machine
- Create Kemp Virtual LoadMaster machine
- Create a Palo Alto Panorama machine
-
- Provision to an F5 BIG-IP LTM
- Provision to a Microsoft Azure Private Key Vault
- Provision to Microsoft IIS
- Provision to Microsoft Windows (PowerShell)
- Provision to Microsoft SQL Server
- Provision to a Common KeyStore
- Provision to a Citrix ADC
- Provision to an Imperva WAF
- Provision to VMware NSX Advanced Load Balancer (AVI)
- Provision to an A10 Thunder ADC
- Provision to Cloudflare
- Provision to a Kemp Virtual LoadMaster
- Provision to Palo Alto Panorama
-
-
- 47-Day Validity Readiness TLS Certificates dashboard
- About the Certificate Inventory
- Managing certificate lifecycle settings
- Reissuing certificates in Next-Gen Trust Security
- Downloading certificates, certificate chains, and keystores
- Retiring, recovering, and deleting certificates
- Finding certificates in the certificate inventory
- Importing certificates from a CA using EJBCA
- Notification Center overview
- Domain-based validation for external emails
- Managing user accounts
- Troubleshooting
Add Zero Touch PKI
You can add a certificate authority (CA) from Zero Touch PKI and import certificates based on its policies.
Prerequisites
- From your Zero Touch PKI administrator, an account with access to the certificates to import. For security, CyberArk recommends the Service Requestor role.
- From the account, an API ID and key.
- The URL of your Zero Touch PKI instance.
- An understanding of which certificate policies you'll import certificates from.
- In Next-Gen Trust Security, administrative access via the Platform Administrator, PKI Administrator, or System Administrator roles.
To set up the CA
- Sign in to Next-Gen Trust Security.
- Click Configuration > Certificate Authorities.
- Click New > Zero Touch PKI.
- In Step 1 of 2:
- Enter a Name for the CA.
- Select the Zero Touch PKI URL of your instance.
- In API Key ID, enter the API ID from the account.
- In API Key, enter the API key from the account.
- Click Test Connection.
- Click Create.
- In Step 2 of 2:
- In Product Options, search for and select the certificate policies from which you're importing certificates.
- (Optional) In Import options, select Include revoked certificates or Include expired certificates.
- (Optional) Turn on Scheduled import and choose a schedule.
- Click Done.
After the import runs, your Next-Gen Trust Security inventory contains the imported Zero Touch PKI certificates. You can also run the import manually in the Import tab.
What's Next
This CA is now ready to be added to one or more certificate issuing templates. To do this, select this CA when creating certificate issuing templates.