Add AWS Public CA
Table of Contents
Expand all | Collapse all
-
- Activate Next-Generation Trust Security
-
-
- Configure AWS connection
- Configure Azure Key Vault connection
-
- Workload Identity Federation authentication
- Workload Identity Federation - Azure Identity Provider authentication
- Next-Gen Trust Security Generated Key authentication
- User permissions
- Workload Identity Federation authentication
- Next-Gen Trust Security Generated Key authentication
- User permissions
- Supported OIDC claims
-
-
-
-
- Create an F5 BIG-IP LTM machine
- Create a Microsoft Azure Private Key Vault machine
- Create a Microsoft IIS machine
- Create a Microsoft Windows (PowerShell) machine
- Create a Microsoft SQL Server machine
- Create a Common KeyStore machine
- Create a Citrix ADC machine
- Create an Imperva WAF machine
- Create a VMware NSX Advanced Load Balancer (AVI) machine
- Create an A10 Thunder ADC machine
- Create a Cloudflare machine
- Create Kemp Virtual LoadMaster machine
- Create a Palo Alto Panorama machine
-
- Provision to an F5 BIG-IP LTM
- Provision to a Microsoft Azure Private Key Vault
- Provision to Microsoft IIS
- Provision to Microsoft Windows (PowerShell)
- Provision to Microsoft SQL Server
- Provision to a Common KeyStore
- Provision to a Citrix ADC
- Provision to an Imperva WAF
- Provision to VMware NSX Advanced Load Balancer (AVI)
- Provision to an A10 Thunder ADC
- Provision to Cloudflare
- Provision to a Kemp Virtual LoadMaster
- Provision to Palo Alto Panorama
-
-
- 47-Day Validity Readiness TLS Certificates dashboard
- About the Certificate Inventory
- Managing certificate lifecycle settings
- Reissuing certificates in Next-Gen Trust Security
- Downloading certificates, certificate chains, and keystores
- Retiring, recovering, and deleting certificates
- Finding certificates in the certificate inventory
- Importing certificates from a CA using EJBCA
- Notification Center overview
- Domain-based validation for external emails
- Managing user accounts
- Troubleshooting
Add AWS Public CA
Note (This feature is in Preview): This feature is currently available as a Preview and is not yet generally available (GA). Functionality and behavior may change before GA.
AWS provides a service that streamlines the procurement and management of SSL/TLS certificates. CyberArk has partnered with AWS to give you the ability to quickly and easily request and renew certificates.
Before you begin
You're going to need a few things to complete this procedure.
- You will need an AWS account.
- Your AWS access ID.
- Your AWS secret access key
- You will need at least one active VSatellite to provision certificates to AWS.
- CyberArk permissions for AWS IAM - you must attach the relevant IAM policies in the following JSON file to the Next-Gen Trust Security AWS Integration IAM Role in your AWS account:{ "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "acm:ListCertificates", "acm:GetCertificate", "acm:RequestCertificate" ], "Resource":"*" } ] }For more information, refer to Configure AWS Connection
- Sign in to Next-Gen Trust Security.
- Click Configuration > Certificate Authorities.
- Click New > AWS.
- Select a VSatellite.
- Select a certificate authority type.
- Click Next.
- Select a region.
- Enter your AWS access ID.
- Enter your AWS secret access key.Note: The AWS access ID and AWS secret access key authenticate and authorize requests to AWS. These credentials uniquely identify the AWS user or role and verify their permissions to perform actions through the AWS API. They're essential for secure communication and automation between CyberArk and AWS.
- Click Test Access, then click Next.
- (Optional) In Product Options, select the certificate authority products to map to certificate issuing templates (CITs).
- (Optional) Click Add.
- Click Create.
What's next
This CA is now ready to be added to one or more certificate issuing templates. To do this, select this CA when creating certificate issuing templates.