Creating a third-party Sectigo authority

A third-party Sectigo authority connects PKIaaS to a Sectigo Certificate Manager (SCM) instance for SSL certificate issuance. This CA type:

• Delegates certificate issuance requests to Sectigo Certificate Manager.
• Supports metadata-driven fields such as organization, certificate profile, and certificate term.

See below for how to add a Sectigo authority to PKIaaS.

To create a third-party Sectigo authority:

1. Follow the steps described in Accessing your partitions to log into the PKIaaS interface as a user with any of these roles:

   • Owners
   • CA Administrators

2. Click Certificate Authorities in the sidebar.

   

3. Click Add and select Certificate Authority.

4. Select Third Party Sectigo Authority.

   

5. Click Add and complete the following values.

   • API Client ID
   • Sectigo API Secret
   • Sectigo Customer URI Identifier
   • Agent Configuration
   • Agent Link Secret
   • Enable External Synchronization

6. Click Add.

CA Identifier

Enter a unique identifier for the new CA in your PKI hierarchy. This identifier:

• Must contain 2-18 characters
• Can only include lowercase letters, numbers, hyphens (’-’), and underscores (’_')

ℹ After deleting a CA, wait 24 hours before creating a CA with the same identifier.

Friendly Name

Write a descriptive name for the CA in your PKIaaS partition.

API Client ID

The API Client ID provided by Sectigo for authenticating API requests.

Sectigo API Secret

The API Secret provided by Sectigo for authenticating API requests.

Sectigo Customer URI Identifier

The Sectigo Customer URI for your Sectigo Certificate Manager instance.

Agent Configuration

The local agent that will connect on your behalf with the Sectigo API.

ℹ See [PENDING] for how to install and configure agents.

Agent Link Secret

PENDING

Enable External Synchronization

Enable this toggle to synchronize the issued SSL certificates with the Sectigo CA.