Cloud Providers Overview
Table of Contents
Expand all | Collapse all
-
- Activate Next-Generation Trust Security
-
-
- Configure AWS connection
- Configure Azure Key Vault connection
-
- Workload Identity Federation authentication
- Workload Identity Federation - Azure Identity Provider authentication
- Next-Gen Trust Security Generated Key authentication
- User permissions
- Workload Identity Federation authentication
- Next-Gen Trust Security Generated Key authentication
- User permissions
- Supported OIDC claims
-
-
-
-
- Create an F5 BIG-IP LTM machine
- Create a Microsoft Azure Private Key Vault machine
- Create a Microsoft IIS machine
- Create a Microsoft Windows (PowerShell) machine
- Create a Microsoft SQL Server machine
- Create a Common KeyStore machine
- Create a Citrix ADC machine
- Create an Imperva WAF machine
- Create a VMware NSX Advanced Load Balancer (AVI) machine
- Create an A10 Thunder ADC machine
- Create a Cloudflare machine
- Create Kemp Virtual LoadMaster machine
- Create a Palo Alto Panorama machine
-
- Provision to an F5 BIG-IP LTM
- Provision to a Microsoft Azure Private Key Vault
- Provision to Microsoft IIS
- Provision to Microsoft Windows (PowerShell)
- Provision to Microsoft SQL Server
- Provision to a Common KeyStore
- Provision to a Citrix ADC
- Provision to an Imperva WAF
- Provision to VMware NSX Advanced Load Balancer (AVI)
- Provision to an A10 Thunder ADC
- Provision to Cloudflare
- Provision to a Kemp Virtual LoadMaster
- Provision to Palo Alto Panorama
-
-
- 47-Day Validity Readiness TLS Certificates dashboard
- About the Certificate Inventory
- Managing certificate lifecycle settings
- Reissuing certificates in Next-Gen Trust Security
- Downloading certificates, certificate chains, and keystores
- Retiring, recovering, and deleting certificates
- Finding certificates in the certificate inventory
- Importing certificates from a CA using EJBCA
- Notification Center overview
- Domain-based validation for external emails
- Managing user accounts
- Troubleshooting
Cloud Providers Overview
Next-Gen Trust Security integrates with supported cloud providers to provision, discover, and manage certificates stored in cloud-based keystores. These integrations allow you to extend centralized certificate governance into your cloud environments while continuing to use native cloud services.
By configuring a cloud provider connection, you enable Next-Gen Trust Security:
- Provision new certificates into cloud certificate stores
- Discover existing certificates created outside the platform
- Monitor certificate status and expiration
- Apply governance policies consistently across environments
Cloud provider integrations require initial configuration, including identity and access permissions within the cloud platform. Once configured, you can add cloud keystores, run discovery, provision certificates, and configure scheduled synchronization.
Supported Cloud Providers
The following cloud platforms are supported:
- Amazon Web Services (AWS) – Integrates with AWS Certificate Manager (ACM)
- Microsoft Azure – Integrates with Azure Key Vault
- Google Cloud Platform (GCP) – Integrates with Google Certificate Manager
Each provider requires its own connection configuration and authentication setup before certificates can be provisioned or discovered.
How Cloud Integrations Work
At a high level, cloud integration follows this sequence:
- Create a cloud provider connection in Next-Gen Trust Security.
- Configure identity and access permissions within the cloud platform.
- Validate the connection.
- Add one or more cloud keystores.
- Provision certificates or configure scheduled discovery.
The specific steps vary by cloud provider and authentication method.
Next Steps
Choose your cloud provider to begin configuration:
Each topic provides detailed, step-by-step instructions for configuring identity, permissions, and connectivity.