Add GlobalSign Atlas
Table of Contents
Expand all | Collapse all
-
- Activate Next-Generation Trust Security
-
-
- Configure AWS connection
- Configure Azure Key Vault connection
-
- Workload Identity Federation authentication
- Workload Identity Federation - Azure Identity Provider authentication
- Next-Gen Trust Security Generated Key authentication
- User permissions
- Workload Identity Federation authentication
- Next-Gen Trust Security Generated Key authentication
- User permissions
- Supported OIDC claims
-
-
-
-
- Create an F5 BIG-IP LTM machine
- Create a Microsoft Azure Private Key Vault machine
- Create a Microsoft IIS machine
- Create a Microsoft Windows (PowerShell) machine
- Create a Microsoft SQL Server machine
- Create a Common KeyStore machine
- Create a Citrix ADC machine
- Create an Imperva WAF machine
- Create a VMware NSX Advanced Load Balancer (AVI) machine
- Create an A10 Thunder ADC machine
- Create a Cloudflare machine
- Create Kemp Virtual LoadMaster machine
- Create a Palo Alto Panorama machine
-
- Provision to an F5 BIG-IP LTM
- Provision to a Microsoft Azure Private Key Vault
- Provision to Microsoft IIS
- Provision to Microsoft Windows (PowerShell)
- Provision to Microsoft SQL Server
- Provision to a Common KeyStore
- Provision to a Citrix ADC
- Provision to an Imperva WAF
- Provision to VMware NSX Advanced Load Balancer (AVI)
- Provision to an A10 Thunder ADC
- Provision to Cloudflare
- Provision to a Kemp Virtual LoadMaster
- Provision to Palo Alto Panorama
-
-
- 47-Day Validity Readiness TLS Certificates dashboard
- About the Certificate Inventory
- Managing certificate lifecycle settings
- Reissuing certificates in Next-Gen Trust Security
- Downloading certificates, certificate chains, and keystores
- Retiring, recovering, and deleting certificates
- Finding certificates in the certificate inventory
- Importing certificates from a CA using EJBCA
- Notification Center overview
- Domain-based validation for external emails
- Managing user accounts
- Troubleshooting
Add GlobalSign Atlas
Before you begin
You're going to need a few things to complete the CA configuration.
- A GlobalSign account. If you don't have an account yet, go here to get started.
- Your GlobalSign credentials file.
How do I create the GlobalSign credentials file?
- Log into the GlobalSign Atlas web portal.
- Navigate to Access Credentials > API Credentials, and click Generate an API Credential (the button, upper right).
- Select Encrypted File and click Continue.
- Paste in the following public key (which corresponds to the private key Next-Gen Trust Security will use to decrypt the .enc file), and click Continue.-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt95Jiu9oz1sw69XGCKB6 iwdUuiDFjQrSlKS1dikPmR9/Ska0D9trZdIEGe8YTEC2xy9p+LyUFkFRrNEOJadQ z8RG8O7CtNzc6dFdDgmGjVswmrn7J/bi+k1mfw4YsFXUR2eYVu+1AQZ+oVHruN4F 9kZWekEgL4EdC/isnaYwx+QoAcZObDYgduQEXpHwD5STfIeifdzfnc2boOYEpxWq QwtXl59hAVgzFSNv/asPS3aBuOKvpWhKF3MyIDIUqgL1znBXuG3iojWqyJUTvPPp JI+tLxcCC3ACuQpCBZAzwH4sNzPNyCqCGzKXakgD/+UAX61CyS6eiNNEH6FkFqb1 uQIDAQAB -----END PUBLIC KEY-----Select the Atlas server to which the credential will be linked, and click Continue.Select the identity to which the credential will be linked, and click Continue.Enter a name for the API credential, and click Continue.Click the DOWNLOAD KEY & SECRET AS .enc button, and save the file (this is the file you upload into Next-Gen Trust Security when creating a GlobalSign Atlas CA Account).Sign in to Next-Gen Trust Security.Click Configuration > Certificate Authorities.Click New > GlobalSign.Enter a Name that this CA should be called in Next-Gen Trust Security.Browse to your Credentials File.See the Before you begin section at the top of this page for details on how to get this file.Click Validate.After you authenticate, we'll show you GlobalSign's validation policy. This is a list of requirements that your certificate request must comply with before GlobalSign will issue a certificate for you. We'll also display this information in a more readable form when you start setting up policies for your organization.
Example validation policy
{ 'validity': {'secondsmin': 60, 'secondsmax': 7776000, 'notBeforeNegativeSkew': 200, 'notBeforePositiveSkew': 200}, 'subjectDn': { 'commonName': { 'presence': 'REQUIRED', 'format': '^([a-z0-9-_]+\\.)*(venafi\\.io|vfidev\\.com|thehotelcook\\.com)$' }, 'organization': {'presence': 'STATIC', 'format': 'Venafi, Inc.'}, 'organizationalUnit': {'isStatic': false, 'list': ['^.*$'], 'mincount': 0, 'maxcount': 3}, 'country': {'presence': 'STATIC', 'format': 'US'}, 'state': {'presence': 'STATIC', 'format': 'UT'}, 'locality': {'presence': 'STATIC', 'format': 'Salt Lake City'}, 'streetAddress': {'presence': 'FORBIDDEN', 'format': ''}, 'email': {'presence': 'FORBIDDEN', 'format': ''}, 'joiLocalityName': {'presence': 'FORBIDDEN', 'format': ''}, 'joiStateOrProvinceName': {'presence': 'FORBIDDEN', 'format': ''}, 'joiCountryName': {'presence': 'FORBIDDEN', 'format': ''}, 'businessCategory': {'presence': 'FORBIDDEN', 'format': ''} }, 'extendedKeyUsages': { 'ekus': { 'isStatic': true, 'list': ['1.3.6.1.5.5.7.3.2', '1.3.6.1.5.5.7.3.1'], 'mincount': 2, 'maxcount': 2 }, 'critical': false }, 'publicKey': {'keyType': 'RSA', 'allowedLengths': [4096, 3072, 2048], 'keyFormat': 'PKCS10'}, 'publicKeySignature': 'FORBIDDEN' }
What's Next
This CA is now ready to be added to one or more certificate issuing templates. To do this, select this CA when creating certificate issuing templates.