Certificate authorities

  • 6 minute(s) read
Prev Next

This document provides information about the Certificate authorities report screen, which displays information about all certificate authorities (CA) added on Certificate Manager.
For information on how to configure certificate authorities, see How to configure certificate authorities.

Path to access

  1. On Segura, in the navigation bar, hover over the Products menu and select Certificate Manager.
  2. In the side menu, select Management > Authorities > Certificate authorities.

Actions menu

Item Type Description
Add Button Directs to the Certificate authorities screen.
Actions Dropdown menu Displays the options: Print report, Export CSV, and Schedule report.

Search fields

Item Type Description
ID Text field Filters the certificate authority by the ID.
Plugin Dropdown menu Filters the certificate authority by the plugin’s name. The options are: External authority, DigiCert, Entrust, GlobalSign, GoDaddy, Let’s Encrypt, Microsoft CA, e Site Blindado.
Created by Text field Filters the certificate authority by the user that added the CA.
Creation date Date picker Filters the certificate authority by the creation date of the CA.
Changed by Text field Filters the certificate authority by the user that modified the CA.
Change date Date picker Filters the certificate authority by the modification date of the CA.
Status Dropdown menu Filters the certificate authority by the status. The options are: Enabled or Disabled.

Report fields

  • ID.
  • Name: name of the certificate authority.
  • Plugin.
  • Creation date.
  • Created by.
  • Change date.
  • Status.
  • Actions:
    • Edit: opens the certificate authority screen with its fields.
Info

By default, the report displays 30 records per screen. To go to the next screen, click the forward buttons at the end of the report.

Certificate authorities

This section provides information about the certificate authorities available to be added.

Item Type Description
External authority Button Add a certificate authority not integrated with Segura. For more information on how to issue an external CA, see How to issue an External CA.
DigiCert Button Add a DigiCert certificate authority. For more information on how to issue a DigiCert CA, see How to issue a DigiCert CA.
Entrust Button Add an Entrust certificate authority. For more information on how to issue an Entrust CA, see How to issue an Entrust CA.
GlobalSign Button Add a GlobalSign certificate authority. For more information on how to issue a GlobalSign CA, see How to issue a GlobalSign CA.
GoDaddy Button Add a GoDaddy certificate authority. For more information on how to issue a GoDaddy CA, see How to issue a GoDaddy CA.
Let’s Encrypt Button Add a Let’s Encrypt certificate authority. For more information on how to issue a Let's Encrypt CA, see How to issue a Let's Encrypt CA.
Microsoft CA Button Add a Microsoft CA certificate authority.
Site Blindado Button Add a Site Blindado certificate authority. For more information on how to issue a Site Blindado CA, see How to issue a Site Blindado CA.

External authority

Item Type Required Description
Name * Text field Yes External CA identification.
Status Toggle button No It enables the authority to use. Toggle to confirm the activation or deactivation of the authority.

DigiCert

Item Type Required Description
Name * Text field Yes CA identification.
Status Toggle button No It enables the CA to use. Toggle to confirm the activation or deactivation of the CA.
Use Network Connector? Radio button No Indicates whether or not you want to use the Network Connector.
Network Connector Dropdown menu No Indicates the specific Network Connector, if applicable.
User name Text field No DigiCert username.
Account ID * Text field Yes DigiCert ID.
API key Text field No DigiCert API key.

Entrust

Item Type Required Description
Name * Text field Yes CA identification.
Status Toggle button No It enables the CA to use. Toggle to confirm the activation or deactivation of the CA.
Certificate file * Upload field Yes The Choose file button searches for the certificate file and uploads it.
Use testing API? * Radio button Yes Checkbox to test the integration functionality. The options are: Yes or No. This action will test the integration but doesn't guarantee the certificate's validity.
Key password Text field No Certificate’s password.

Currently, RSA-type certificates are supported for signing and the following profiles can be used:

  • Web Server Certificate - CSR.
  • SMIME Certificate - CSR.
  • PIV 1-Key Pair - PIV Digital Signature - CSR.
  • Person Network Authentication Certificate - CSR No Directory.
  • ACME Public.
  • PIV 1-Key Pair - PIV Authentication - CSR.
  • PIV 1-Key Pair - PIV Key Management - CSR.
  • PIV 1-Key Pair - Card Authentication - CSR.
  • Network Authentication Certificate - CSR.
  • People Network Authentication Certificate - CSR.
  • People SMIME Certificate - CSR.
  • Devices Network Authentication Certificate - CSR.

GlobalSign

Item Type Required Description
Name * Text field Yes CA identification.
Status Toggle button No It enables the CA to use. Toggle to confirm the activation or deactivation of the CA.
Use Network Connector? Radio button No Indicates whether or not you want to use the Network Connector.
Network Connector Dropdown menu No Indicates the specific Network Connector, if applicable.
User name * Text field Yes GlobalSign username.
Password Text field No GlobalSign password.

GoDaddy

Item Type Required Description
Name * Text field Yes CA identification.
Status Toggle button No It enables the CA to use. Toggle to confirm the activation or deactivation of the CA.
Key Text field No GoDaddy’s API key.
Secret Text field No GoDaddy’s API secret.

Let’s Encrypt

Item Type Required Description
Name * Text field Yes CA identification.
Status Toggle button No It enables the CA to use. Toggle to confirm the activation or deactivation of the CA.
Emails (comma separated) * Text field Yes E-mails used to register the Let’s Encrypt account.
Private key password Text field No Let’s Encrypt password.
Use existing account Checkbox No Checkbox to add the information below.
Private key Text field No Private key value.
Public key Text field No Public key value.
Info

If you don't have a Let’s Encrypt account, you can fill in only the Emails field with a valid account and save the record. Once the record is saved, simply click on Edit to view the public and private keys generated by Segura.

Microsoft CA

Item Type Required Description
Name * Text field Yes CA identification.
Status Toggle button No It enables the CA to use. Toggle to confirm the activation or deactivation of the CA.
IP for connection with CA * Text field Yes IP of the Windows Server used as the CA.
CA host name * Text field Yes CA hostname.
Plugin for connection * Dropdown menu Yes WinRM plugin.
Port Text field No Port 5985 (HTTP) or 5986 (HTTPS).
Access credential * Dropdown menu Yes The access credential registered in PAM to access the windows machine.
Info
  • If a certificate template hasn’t been defined, Segura will utilize the default certificate template created by Windows, which is named webserver.
  • If you use Network Connector to connect to Microsoft, set the default one in Settings > System Parameters > Global > Application > Network Connector. With this setting, you guarantee that it'll be used for the connection at the signing.

Site Blindado

Item Type Required Description
Name * Text field Yes CA identification.
Status Toggle button No It enables the CA to use. Toggle to confirm the activation or deactivation of the CA.
Username * Text field Yes Site Blindado username.
Password Text field No Site Blindado password.
Use testing API * Radio button Yes Checkbox to test the integration functionality. The options are: Yes or No. This action will test the integration but doesn't guarantee the certificate's validity.