Certificate Authorities

Certificate Authorities

The Certificate Authorities module manages external and internal CAs used for certificate issuance, renewal, and inventory synchronization.

---

Overview

Each configured CA includes:

• Name
• Type (e.g., Microsoft CA, Smallstep)
• Status (available, healthy)
• Connector configuration
• Refresh interval
• Last synchronization time

This module acts as the trust anchor configuration layer of the platform.

---

Add / Edit Certificate Authority

When creating or editing a CA:

• Name – Display name
• Type – CA provider type
• Unique ID – Internal identifier
• Connector Config – Linked connector configuration
• Refresh Interval (hours) – Inventory sync frequency

The refresh interval determines how often the platform pulls certificate data from the CA.

---

Connector Configuration

Each CA uses a connector configuration that defines:

• Vendor / integration type
• Communication mode (CA API, Agent Gateway)
• Connection JSON configuration
• Secure secrets (stored in vault)

Secrets are stored securely and are not retrievable after submission.

---

Available Templates

For template-based CAs (e.g., Microsoft CA), the platform automatically discovers available certificate templates.

Template information includes:

• Template code
• Template name
• Description
• Validity (if exposed by CA)

Templates are used in Enrollment workflows for controlled certificate issuance.

---

Synchronization

The platform periodically:

• Refreshes certificate inventory
• Syncs template metadata
• Validates CA connectivity
• Updates CA health status

Manual refresh is also supported from the actions menu.

---

Status Indicators

• available – CA reachable and operational
• healthy – Connector functioning correctly
• error (if applicable) – Connectivity or authentication issue

---

This module centralizes CA integrations and ensures controlled, auditable certificate issuance across the platform.