# emCA Integration

The emCA Integration module allows organizations to connect their existing emCA (Enterprise Managed CA) environment with CERTInext for automated certificate issuance, renewal, revocation, and lifecycle management.

CERTInext acts as the orchestration layer, while emCA continues to function as the issuing authority.

### Navigation Path

To configure emCA integration:

**Integrations → CA Connectors → emCA → + Create**

This opens the **Create emCA Connector** screen.

### Prerequisites

Before creating the connector, ensure:

* emCA server is operational
* API access is enabled
* A service account is created in emCA
* Issuing CA name and Subscriber ID are available
* Network connectivity between CERTInext and emCA is allowed

### Creating the emCA Connector

On the Create emCA Connector page, complete the following fields:

<figure><img src="/files/rRFwpRfJjpYSBcTlXLti" alt=""><figcaption></figcaption></figure>

* **emCA Version** – Select the deployed emCA version (e.g., V4.0.17, V4.2.3, V4.2.4+).
* **Name** – Logical name for this connector (for identification inside CERTInext).
* **Base URL** – API endpoint of the emCA server (HTTPS).
* **Username** – emCA service account username.
* **Issuing CA** – Exact issuing CA name configured in emCA.
* **Subscriber ID** – Subscriber identifier from emCA portal.
* **Password** – Service account password.
* **Upload File** – Upload required certificate file if applicable.

Click **Create** to save the connector. CERTInext validates the connection before enabling it.

### Using emCA in Provisioning

Once created:

* emCA becomes available in the CA dropdown during provisioning configuration.
* It can be selected under:\
  **Certificates → Provisioning → Configure Bot → Certificate Authority**

During issuance:

1. CERTInext submits CSR to emCA
2. emCA validates and issues certificate
3. Certificate is returned to CERTInext
4. Provisioning bot deploys it to the target system

All actions are logged for audit visibility.

### Operational Notes

* If the connector is unreachable, requests remain queued.
* Issuing CA name must exactly match emCA configuration.
* Ensure API credentials are valid and securely stored.

This integration enables automated certificate lifecycle management while maintaining emCA as the trusted issuing authority.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.certinext.io/documentation/certificate-authorities-and-trust-stores/integrating-private-cas/emca-integration.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.