search

emCA Integration

hashtag
emCA Integration

hashtag
Overview

The emCA Integration module allows organizations to connect their existing emCA (Enterprise Managed CA) environment with CERTInext for automated certificate issuance, renewal, revocation, and lifecycle management.

CERTInext acts as the orchestration layer, while emCA continues to function as the issuing authority.

hashtag
Navigation Path

To configure emCA integration:

Integrations → CA Connectors → emCA → + Create

This opens the Create emCA Connector screen.

hashtag
Prerequisites

Before creating the connector, ensure:

  • emCA server is operational

  • API access is enabled

  • A service account is created in emCA

  • Issuing CA name and Subscriber ID are available

  • Network connectivity between CERTInext and emCA is allowed

hashtag
Creating the emCA Connector

On the Create emCA Connector page, complete the following fields:

  • emCA Version – Select the deployed emCA version (e.g., V4.0.17, V4.2.3, V4.2.4+).

  • Name – Logical name for this connector (for identification inside CERTInext).

  • Base URL – API endpoint of the emCA server (HTTPS).

  • Username – emCA service account username.

  • Issuing CA – Exact issuing CA name configured in emCA.

  • Subscriber ID – Subscriber identifier from emCA portal.

  • Password – Service account password.

  • Upload File – Upload required certificate file if applicable.

Click Create to save the connector. CERTInext validates the connection before enabling it.

hashtag
Using emCA in Provisioning

Once created:

  • emCA becomes available in the CA dropdown during provisioning configuration.

  • It can be selected under: Certificates → Provisioning → Configure Bot → Certificate Authority

During issuance:

  1. CERTInext submits CSR to emCA

  2. emCA validates and issues certificate

  3. Certificate is returned to CERTInext

  4. Provisioning bot deploys it to the target system

All actions are logged for audit visibility.

hashtag
Operational Notes

  • If the connector is unreachable, requests remain queued.

  • Issuing CA name must exactly match emCA configuration.

  • Ensure API credentials are valid and securely stored.

This integration enables automated certificate lifecycle management while maintaining emCA as the trusted issuing authority.

PreviousIntegrating Private CAsNextSetting up a Private Heirarchy

Last updated