Certificate Authorities plugins
  • 2 minutes to read
  • Dark
  • PDF

Certificate Authorities plugins

  • Dark
  • PDF

Article summary

Currently, senhasegura integrates with the following authorities listed below. 

This article describes the specific configuration fields for each CA plugin.

For further registration information, refer to the article How to configure Authorities.

External authority

Option to manage certificates from authorities not integrated with senhasegura.


External CA identification.

EnabledIt enables the authority to use. Use the Yes and No options to confirm the activation or deactivation of the authority.


UsernameGlobalSign username.
PasswordGlobalSign password.

Let's Encrypt

Emails (comma separated)E-mails used to register the Let’s Encrypt account.
Private key passwordLet’s Encrypt password.
Use existing accountCheckbox to add the information below.
Private keyPrivate key value.
Public keyPublic key value.
If you don't have a Let’s Encrypt account, you can fill in only the Email field with a valid account and save the record. Once the record is saved, simply click on Edit to view the public and private keys generated by senhasegura.

Site Blindado


Site Blindado username.

PasswordSite Blindado password.
Use testing API?Checkbox to test the integration functionality. Use the Yes and Nooptions to confirm the execution. This action will test the integration but doesn't guarantee the certificate's validity.


UsernameDigiCert username.
Account IDDigiCert ID.
API key

DigiCert API key.



Requirements for Microsoft CA

  • Active Directory Certificate Services (AD CS) should be operational on the Windows Server.
  • WinRM protocol enabled with HTTP or HTTPS. The selected port must match the chosen protocol.
  • Enable NTLM or NTLMv2 authentication on the Windows Server hosting the certificate authority (CA).
  • A Windows user account to use as the access credential with:
    • Administrative privileges on the Windows Server.
    • Enrollment permissions for certificates on others' behalf in the CA security settings.

Microsoft CA

IP for connection with CAIP of the Windows Server used as the Certificate Authority.
CA hostnameCA hostname.
Plugin for connectionWinRM plugin.
PortPort 5985 (HTTP), or 5986 (HTTPS).
Access credentialThe access credential registered in PAM to access the Windows machine.
If a Certificate Template hasn’t been defined, senhasegura will utilize the default Certificate Template created by Windows, which is named 'webserver'.
If you use Network Connector to connect to Microsoft, set the default one in Settings ➞ System Parameters ➞ System Parameters ➞ Application ➞ Network Connector. With this setting, you guarantee that it'll be used for the connection at the signing.

Requirements for Entrust 

  • Integration with PKI Entrust enables the complete management of the certificate lifecycle and operational management across all your Certificate Authorities (CAs).
  • You must obtain API access keys for your existing PKI CA to access the API. Contact our Entrust operations team through your regular channels.

Currently, RSA-type certificates are supported for signing and the following profiles can be used: 

  • Web Server Certificate - CSR
  • SMIME Certificate - CSR
  • PIV 1-Key Pair - PIV Digital Signature - CSR
  • Person Network Authentication Certificate - CSR No Directory
  • ACME Public
  • PIV 1-Key Pair - PIV Authentication - CSR
  • PIV 1-Key Pair - PIV Key Management - CSR
  • PIV 1-Key Pair - Card Authentication  - CSR
  • Network Authentication Certificate - CSR
  • People Network Authentication Certificate - CSR
  • People SMIME Certificate - CSR
  • Devices Network Authentication Certificate - CSR.


NameExternal CA identification.
EnabledIt enables the authority for use. Use the Yes and No options to confirm the activation or deactivation of the authority. By default, this parameter is set as Yes.
Certificate fileThe Choose file button searches for the certificate file and uploads it.
Key passwordCertificate’s password.

Do you still have questions? Reach out to the senhasegura Community.

Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.