About importing certificates from a Zero Touch PKI CA
Table of Contents
Expand all | Collapse all
-
- Activate Next-Generation Trust Security
-
-
- Configure AWS connection
- Configure Azure Key Vault connection
-
- Workload Identity Federation authentication
- Workload Identity Federation - Azure Identity Provider authentication
- Next-Gen Trust Security Generated Key authentication
- User permissions
- Workload Identity Federation authentication
- Next-Gen Trust Security Generated Key authentication
- User permissions
- Supported OIDC claims
-
-
-
-
- Create an F5 BIG-IP LTM machine
- Create a Microsoft Azure Private Key Vault machine
- Create a Microsoft IIS machine
- Create a Microsoft Windows (PowerShell) machine
- Create a Microsoft SQL Server machine
- Create a Common KeyStore machine
- Create a Citrix ADC machine
- Create an Imperva WAF machine
- Create a VMware NSX Advanced Load Balancer (AVI) machine
- Create an A10 Thunder ADC machine
- Create a Cloudflare machine
- Create Kemp Virtual LoadMaster machine
- Create a Palo Alto Panorama machine
-
- Provision to an F5 BIG-IP LTM
- Provision to a Microsoft Azure Private Key Vault
- Provision to Microsoft IIS
- Provision to Microsoft Windows (PowerShell)
- Provision to Microsoft SQL Server
- Provision to a Common KeyStore
- Provision to a Citrix ADC
- Provision to an Imperva WAF
- Provision to VMware NSX Advanced Load Balancer (AVI)
- Provision to an A10 Thunder ADC
- Provision to Cloudflare
- Provision to a Kemp Virtual LoadMaster
- Provision to Palo Alto Panorama
-
-
- 47-Day Validity Readiness TLS Certificates dashboard
- About the Certificate Inventory
- Managing certificate lifecycle settings
- Reissuing certificates in Next-Gen Trust Security
- Downloading certificates, certificate chains, and keystores
- Retiring, recovering, and deleting certificates
- Finding certificates in the certificate inventory
- Importing certificates from a CA using EJBCA
- Notification Center overview
- Domain-based validation for external emails
- Managing user accounts
- Troubleshooting
About importing certificates from a Zero Touch PKI CA
The Zero Touch PKI (ZTPKI) CA import feature enables PKI administrators to seamlessly import existing certificates issued by a specific ZTPKI certificate authority (CA) policy. This capability automates certificate discovery and onboarding, offering better visibility and centralized management of certificates across your ZTPKI environment.
Features and benefits
- Import active, expired, or revoked certificates: When you configure a ZTPKI CA in Next-Gen Trust Security for certificate import, you can choose to include not only active certificates, but also expired or revoked certificates, as well.
- ZTPKI CA integration: Add a ZTPKI CA connection with custom configurations to establish a trusted integration point for certificate management.
- Automated certificate import: Automatically discover and import all existing certificates issued by a selected ZTPKI policy, reducing manual work and minimizing errors.
- On-demand import: Initiate a manual certificate discovery at any time using the Import button.
- Detailed import statistics: From the Statistics tab of your connected ZTPKI CA, review currently used ZTPKI policies (Product Options) and information about issued and imported certificates.
These features help organizations improve PKI operational efficiency, reduce administrative overhead, and ensure broader security compliance by maintaining an up-to-date inventory of issued certificates.
Audience and use cases
The intended audience for this feature is PKI administrators who manage certificate lifecycles across enterprise environments using ZTPKI.
Typical use cases include:
- Automating the discovery and onboarding of certificates from an external ZTPKI CA.
- Centralizing certificate inventory management across multiple environments.
- Enhancing certificate visibility for audit, security, and compliance requirements.
Requirements and compatibility
To use the ZTPKI CA import feature, you must have:
- An active ZTPKI certificate authority with defined policies.
- Administrative access to configure ZTPKI CA connections.
- Necessary API credentials or authentication information for integration (depending on your ZTPKI deployment).
Next steps
Learn how to import certificates from a ZTPKI CA.