Add Google Cloud Private CA
Table of Contents
Expand all | Collapse all
-
- Activate Next-Generation Trust Security
-
-
- Configure AWS connection
- Configure Azure Key Vault connection
-
- Workload Identity Federation authentication
- Workload Identity Federation - Azure Identity Provider authentication
- Next-Gen Trust Security Generated Key authentication
- User permissions
- Workload Identity Federation authentication
- Next-Gen Trust Security Generated Key authentication
- User permissions
- Supported OIDC claims
-
-
-
-
- Create an F5 BIG-IP LTM machine
- Create a Microsoft Azure Private Key Vault machine
- Create a Microsoft IIS machine
- Create a Microsoft Windows (PowerShell) machine
- Create a Microsoft SQL Server machine
- Create a Common KeyStore machine
- Create a Citrix ADC machine
- Create an Imperva WAF machine
- Create a VMware NSX Advanced Load Balancer (AVI) machine
- Create an A10 Thunder ADC machine
- Create a Cloudflare machine
- Create Kemp Virtual LoadMaster machine
- Create a Palo Alto Panorama machine
-
- Provision to an F5 BIG-IP LTM
- Provision to a Microsoft Azure Private Key Vault
- Provision to Microsoft IIS
- Provision to Microsoft Windows (PowerShell)
- Provision to Microsoft SQL Server
- Provision to a Common KeyStore
- Provision to a Citrix ADC
- Provision to an Imperva WAF
- Provision to VMware NSX Advanced Load Balancer (AVI)
- Provision to an A10 Thunder ADC
- Provision to Cloudflare
- Provision to a Kemp Virtual LoadMaster
- Provision to Palo Alto Panorama
-
-
- 47-Day Validity Readiness TLS Certificates dashboard
- About the Certificate Inventory
- Managing certificate lifecycle settings
- Reissuing certificates in Next-Gen Trust Security
- Downloading certificates, certificate chains, and keystores
- Retiring, recovering, and deleting certificates
- Finding certificates in the certificate inventory
- Importing certificates from a CA using EJBCA
- Notification Center overview
- Domain-based validation for external emails
- Managing user accounts
- Troubleshooting
Add Google Cloud Private CA
Google Cloud provides a certificate authority service that streamlines the issuance and management of SSL/TLS certificates. CyberArk has partnered with Google Cloud so you can request, renew, revoke, and import certificates using Google Cloud Certificate Authority Service through CyberArk.
Before you begin
The following items are required to complete this procedure.
- A Google Cloud Platform (GCP) account with access to Google Cloud Certificate Authority Service (Private CA).
- A GCP project configured for Google Cloud Certificate Authority Service .
- The GCP region where your CA pool is hosted.
- The name of the CA pool in Google Cloud Certificate Authority Service.
- A Google Cloud Certificate Authority Service service account key in JSON format with permissions to manage certificates in the CA pool.
- At least one active VSatellite to provision certificates to Google Cloud.
- Sign in to Next-Gen Trust Security.
- Click Configuration > Certificate Authorities.
- Click New > Add Certificate Authority connector.
- Enter a Name.
- Select a VSatellite.
- In the Certificate Authority Type dropdown, select Google CA Service.
- Click Next.
- Enter your GCP Project.
- Enter your GCP Region.
- Enter your CA Pool.
- Paste your Service Account Key JSON.
- Click Test Connection, then click Next.
- (Optional) In Product Options (issuance), select the certificate authority products to map to certificate issuing templates (CITs).
- (Optional) Click Add to map additional products.
- Click Next.
- (Optional) On the next Product Options page (import), select the certificate authority products to import certificates from.
- Click Add to include additional products.
- (Optional) Enable one or more Import options:
- Include revoked certificates
- Include expired certificates
- Include pool CA certificates
- (Optional) Enable Scheduled import.
- Click Create.
The connector is created and appears in the Certificate Authorities list.
What's next
This CA is now ready to be added to one or more certificate issuing templates. To do this, select this CA when creating certificate issuing templates.