Contents x
    Certificate Authorities plugins
    • 3 minutes to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Certificate Authorities plugins

    • 3 minutes to read
    • Print
    • Dark
      Light
    • PDF
    Article summary

    This article describes the specific configuration fields for each CA plugin. Currently, senhasegura integrates with the following authorities listed below.

    Info

    For further registration information, refer to the article How to set up the Authorities.

    External authority

    Option to manage certificates from authorities not integrated with senhasegura.

    ItemDescription
    NameExternal CA identification.
    EnabledIt enables the authority to use. Use the Yes and No options to confirm the activation or deactivation of the authority.

    GlobalSign

    ItemDescription
    UsernameGlobalSign username.
    PasswordGlobalSign password.

    Let’s encrypt

    ItemDescription
    Emails (comma separated)E-mails used to register the Let’s Encrypt account.
    Private key passwordLet’s Encrypt password.
    Use existing accountCheckbox to add the information below.
    Private keyPrivate key value.
    Public keyPublic key value.
    Info

    If you don't have a Let’s Encrypt account, you can fill in only the Email field with a valid account and save the record. Once the record is saved, simply click on Edit to view the public and private keys generated by senhasegura.

    Site blindado

    ItemDescription
    UsernameSite Blindado username.
    PasswordSite Blindado password.
    Use testing API?Checkbox to test the integration functionality. Use the Yes and No options to confirm the execution. This action will test the integration but doesn't guarantee the certificate's validity.

    Digicert

    ItemDescription
    UsernameDigiCert username.
    Account IDDigiCert ID.
    API keyDigiCert API key.

    GoDaddy

    ItemDescription
    KeyGoDaddy key.
    SecretGoDaddy secret.

    Requirements for Microsoft CA

    • Active Directory Certificate Services (AD CS) should be operational on the Windows Server.
    • WinRM protocol enabled with HTTP or HTTPS. The selected port must match the chosen protocol.
    • Enable NTLM or NTLMv2 authentication on the Windows Server hosting the certificate authority (CA).
    • A Windows user account to use as the access credential with:
      • Administrative privileges on the Windows Server.
      • Enrollment permissions for certificates on others' behalf in the CA security settings.

    Microsoft CA

    ItemDescription
    IP for connection with CAIP of the Windows Server used as the Certificate Authority.
    CA hostnameCA hostname.
    Plugin for connectionWinRM plugin.
    PortPort 5985 (HTTP), or 5986 (HTTPS).
    Access credentialThe access credential registered in PAM to access the Windows machine.
    Info
    • If a Certificate Template hasn’t been defined, senhasegura will utilize the default Certificate Template created by Windows, which is named webserver.
    • If you use Network Connector to connect to Microsoft, set the default one in Settings > System Parameters > System Parameters > Application > Network Connector. With this setting, you guarantee that it'll be used for the connection at the signing.

    Requirements for Entrust

    Integration with PKI Entrust enables the complete management of the certificate lifecycle and operational management across all your Certificate Authorities (CAs). You must obtain API access keys for your existing PKI CA to access the API. Contact our Entrust operations team through your regular channels.

    Currently, RSA-type certificates are supported for signing and the following profiles can be used:

    • Web Server Certificate - CSR
    • SMIME Certificate - CSR
    • PIV 1-Key Pair - PIV Digital Signature - CSR
    • Person Network Authentication Certificate - CSR No Directory
    • ACME Public
    • PIV 1-Key Pair - PIV Authentication - CSR
    • PIV 1-Key Pair - PIV Key Management - CSR
    • PIV 1-Key Pair - Card Authentication - CSR
    • Network Authentication Certificate - CSR
    • People Network Authentication Certificate - CSR
    • People SMIME Certificate - CSR
    • Devices Network Authentication Certificate - CSR

    Entrust

    ItemDescription
    NameExternal CA identification.
    EnabledIt enables the authority for use. Use the Yes and No options to confirm the activation or deactivation of the authority. By default, this parameter is set as Yes.
    Certificate fileThe Choose file button searches for the certificate file and uploads it.
    Key passwordCertificate’s password.
    Was this article helpful?
    What's Next
    Digital sovereignty is a fundamental right for citizens, institutions, and society. That’s why we work every day.
    Connect With Us
    SENHASEGURA
    LEARN
    EXPLORE
    Copyright © senhasegura. All Rights Reserved