This document provides information about the Certificate authorities report screen, which displays information about all certificate authorities (CA) added on Certificate Manager.
For information on how to configure certificate authorities, see How to configure certificate authorities.
Path to access
- On Segura, in the navigation bar, hover over the Products menu and select Certificate Manager.
- In the side menu, select Management > Authorities > Certificate authorities.
Actions menu
Item |
Type |
Description |
Add |
Button |
Directs to the Certificate authorities screen. |
Actions |
Dropdown menu |
Displays the options: Print report, Export CSV, and Schedule report. |
Search fields
Item |
Type |
Description |
ID |
Text field |
Filters the certificate authority by the ID. |
Plugin |
Dropdown menu |
Filters the certificate authority by the plugin’s name. The options are: External authority, DigiCert, Entrust, GlobalSign, GoDaddy, Let’s Encrypt, Microsoft CA, e Site Blindado. |
Created by |
Text field |
Filters the certificate authority by the user that added the CA. |
Creation date |
Date picker |
Filters the certificate authority by the creation date of the CA. |
Changed by |
Text field |
Filters the certificate authority by the user that modified the CA. |
Change date |
Date picker |
Filters the certificate authority by the modification date of the CA. |
Status |
Dropdown menu |
Filters the certificate authority by the status. The options are: Enabled or Disabled. |
Report fields
- ID.
- Name: name of the certificate authority.
- Plugin.
- Creation date.
- Created by.
- Change date.
- Status.
- Actions:
- Edit: opens the certificate authority screen with its fields.
Info
By default, the report displays 30 records per screen. To go to the next screen, click the forward buttons at the end of the report.
Certificate authorities
This section provides information about the certificate authorities available to be added.
Item |
Type |
Description |
External authority |
Button |
Add a certificate authority not integrated with Segura. For more information on how to issue an external CA, see How to issue an External CA. |
DigiCert |
Button |
Add a DigiCert certificate authority. For more information on how to issue a DigiCert CA, see How to issue a DigiCert CA. |
Entrust |
Button |
Add an Entrust certificate authority. For more information on how to issue an Entrust CA, see How to issue an Entrust CA. |
GlobalSign |
Button |
Add a GlobalSign certificate authority. For more information on how to issue a GlobalSign CA, see How to issue a GlobalSign CA. |
GoDaddy |
Button |
Add a GoDaddy certificate authority. For more information on how to issue a GoDaddy CA, see How to issue a GoDaddy CA. |
Let’s Encrypt |
Button |
Add a Let’s Encrypt certificate authority. For more information on how to issue a Let's Encrypt CA, see How to issue a Let's Encrypt CA. |
Microsoft CA |
Button |
Add a Microsoft CA certificate authority. |
Site Blindado |
Button |
Add a Site Blindado certificate authority. For more information on how to issue a Site Blindado CA, see How to issue a Site Blindado CA. |
External authority
Item |
Type |
Required |
Description |
Name * |
Text field |
Yes |
External CA identification. |
Status |
Toggle button |
No |
It enables the authority to use. Toggle to confirm the activation or deactivation of the authority. |
DigiCert
Item |
Type |
Required |
Description |
Name * |
Text field |
Yes |
CA identification. |
Status |
Toggle button |
No |
It enables the CA to use. Toggle to confirm the activation or deactivation of the CA. |
Use Network Connector? |
Radio button |
No |
Indicates whether or not you want to use the Network Connector. |
Network Connector |
Dropdown menu |
No |
Indicates the specific Network Connector, if applicable. |
User name |
Text field |
No |
DigiCert username. |
Account ID * |
Text field |
Yes |
DigiCert ID. |
API key |
Text field |
No |
DigiCert API key. |
Entrust
Item |
Type |
Required |
Description |
Name * |
Text field |
Yes |
CA identification. |
Status |
Toggle button |
No |
It enables the CA to use. Toggle to confirm the activation or deactivation of the CA. |
Certificate file * |
Upload field |
Yes |
The Choose file button searches for the certificate file and uploads it. |
Use testing API? * |
Radio button |
Yes |
Checkbox to test the integration functionality. The options are: Yes or No. This action will test the integration but doesn't guarantee the certificate's validity. |
Key password |
Text field |
No |
Certificate’s password. |
Currently, RSA-type certificates are supported for signing and the following profiles can be used:
- Web Server Certificate - CSR.
- SMIME Certificate - CSR.
- PIV 1-Key Pair - PIV Digital Signature - CSR.
- Person Network Authentication Certificate - CSR No Directory.
- ACME Public.
- PIV 1-Key Pair - PIV Authentication - CSR.
- PIV 1-Key Pair - PIV Key Management - CSR.
- PIV 1-Key Pair - Card Authentication - CSR.
- Network Authentication Certificate - CSR.
- People Network Authentication Certificate - CSR.
- People SMIME Certificate - CSR.
- Devices Network Authentication Certificate - CSR.
GlobalSign
Item |
Type |
Required |
Description |
Name * |
Text field |
Yes |
CA identification. |
Status |
Toggle button |
No |
It enables the CA to use. Toggle to confirm the activation or deactivation of the CA. |
Use Network Connector? |
Radio button |
No |
Indicates whether or not you want to use the Network Connector. |
Network Connector |
Dropdown menu |
No |
Indicates the specific Network Connector, if applicable. |
User name * |
Text field |
Yes |
GlobalSign username. |
Password |
Text field |
No |
GlobalSign password. |
GoDaddy
Item |
Type |
Required |
Description |
Name * |
Text field |
Yes |
CA identification. |
Status |
Toggle button |
No |
It enables the CA to use. Toggle to confirm the activation or deactivation of the CA. |
Key |
Text field |
No |
GoDaddy’s API key. |
Secret |
Text field |
No |
GoDaddy’s API secret. |
Let’s Encrypt
Item |
Type |
Required |
Description |
Name * |
Text field |
Yes |
CA identification. |
Status |
Toggle button |
No |
It enables the CA to use. Toggle to confirm the activation or deactivation of the CA. |
Emails (comma separated) * |
Text field |
Yes |
E-mails used to register the Let’s Encrypt account. |
Private key password |
Text field |
No |
Let’s Encrypt password. |
Use existing account |
Checkbox |
No |
Checkbox to add the information below. |
Private key |
Text field |
No |
Private key value. |
Public key |
Text field |
No |
Public key value. |
Info
If you don't have a Let’s Encrypt account, you can fill in only the Emails field with a valid account and save the record. Once the record is saved, simply click on Edit to view the public and private keys generated by Segura.
Microsoft CA
Item |
Type |
Required |
Description |
Name * |
Text field |
Yes |
CA identification. |
Status |
Toggle button |
No |
It enables the CA to use. Toggle to confirm the activation or deactivation of the CA. |
IP for connection with CA * |
Text field |
Yes |
IP of the Windows Server used as the CA. |
CA host name * |
Text field |
Yes |
CA hostname. |
Plugin for connection * |
Dropdown menu |
Yes |
WinRM plugin. |
Port |
Text field |
No |
Port 5985 (HTTP) or 5986 (HTTPS). |
Access credential * |
Dropdown menu |
Yes |
The access credential registered in PAM to access the windows machine. |
Info
- If a certificate template hasn’t been defined, Segura will utilize the default certificate template created by Windows, which is named webserver.
- If you use Network Connector to connect to Microsoft, set the default one in Settings > System Parameters > Global > Application > Network Connector. With this setting, you guarantee that it'll be used for the connection at the signing.
Site Blindado
Item |
Type |
Required |
Description |
Name * |
Text field |
Yes |
CA identification. |
Status |
Toggle button |
No |
It enables the CA to use. Toggle to confirm the activation or deactivation of the CA. |
Username * |
Text field |
Yes |
Site Blindado username. |
Password |
Text field |
No |
Site Blindado password. |
Use testing API * |
Radio button |
Yes |
Checkbox to test the integration functionality. The options are: Yes or No. This action will test the integration but doesn't guarantee the certificate's validity. |