Supported CAs

A Certification Authority (CA) is an organization responsible for issuing, registering, revoking, and managing Digital Certificates. These entities can be public or private. 

Currently, senhasegura integrates with the authorities listed below. To add a CA:

1. Navigate to Certificate Manager➞Settings➞Authorities.
2. Click the ⋮ icon to open the action options.
3. Click +New.
4. Complete the information according to the chosen CA.
5. Save.

External authority

Use this option to manage certificates from authorities not integrated with senhasegura.

• Name: identify an external CA.
• Enabled: the authority can be used if the Yes option is selected.

GlobalSign

• Name: identify the CA.
• Enabled: the authority can be used if the Yes option is selected.

Plugin settings GlobalSign

• Username: enter the GlobalSign username.
• Password: enter the GlobalSign password.

URL API: https://system.globalsign.com/

Let's Encrypt

• Name: identify the CA.
• Enabled: the authority can be used if the Yes option is selected.

Plugin settings Lets Encrypt

• Emails: the email used to register the Lets Encrypt account.
• Private key password: the Lets Encrypt password.
• Use existing account: select the checkbox to add the information below.
• Private key: enter the value of the private key.
• Public key: enter the value of the public key.

URL API: https://acme-v02.api.letsencrypt.org/

Site Blindado

• Name: identify the CA.
• Enabled: the authority can be used if the Yes option is selected.

Plugin settings Site Blindado

• Username: enter the Site Blindado user.
• Password: enter the Site Blindado password.
• Use testing API?: select the checkbox to test the integration. This action tests the functionality of the integration but does not guarantee the validity of the certificate.

URL API: https://ssl.siteblindado.com.br/v1/

DigiCert

• Name: identify the CA.
• Enabled: the authority can be used if the Yes option is selected.

Plugin settings DigiCert

• Username: enter the DigiCert user.
• Account ID: enter the DigiCert ID.
• API key: enter the DigiCert API key.

URL API: https://www.digicert.com/services/v2

GoDaddy

• Name: identify the CA.
• Enabled: the authority can be used if the Yes option is selected.

Plugin settings Godaddy

• Key: enter the GoDaddy key.
• Secret: enter the GoDaddy secret.

URL API: https://api.godaddy.com/

Microsoft Certificate Authority

• Name: identify the CA.
• Enabled: the authority can be used if the Yes option is selected.

Plugin settings Microsoft CA

• IP for connection with CA: enter the machine's IP that needs to be certified.
• CA hostname: enter the CA hostname.
• Plugin for connection: select the WinRM plugin.
• Port: enter port 5985 (HTTP) or 5986 (HTTPS).
• Access credential: inform the access credential registered in PAM to access the Windows machine.

Requirements to set up the Microsoft CA:

• A Windows Server machine running the Active Directory Certificate Services (AD CS).
• WinRM protocol enabled with either HTTP or HTTPS. The selected port must match the chosen protocol:
  • HTTP: port 5985 (default).
  • HTTPS: port 5986 (default).
• Authentication through NTLM or NTLMv2. Either of these services must be enabled on the Windows Server hosting the certificate authority (CA).
• A Windows user account is to be used as the access credential. This account must have the following permissions:
  • Administrative privileges on the Windows Server machine.
  • Permission to enroll for certificates on behalf of other users or computers in the CA security options.