Managing CA Accounts

The Managing CA Accounts section allows administrators to view, monitor, update, and control Certificate Authority (CA) connectors configured within CERTInext. These CA accounts represent active integrations with Public or Private CAs such as emSign, emCA, AD CS (Microsoft CA), DigiCert, or other supported authorities.

This section ensures that all issuing authorities remain operational, secure, and properly aligned with provisioning workflows.

Navigation

Integrations → CA Connectors → Select CA Type

Each CA type (emSign, emCA, AD CS, DigiCert, etc.) maintains its own connector listing page.

CA Accounts Listing

The CA Accounts listing page displays all configured connectors for the selected CA type in a centralized table view.

Common columns include:

• Name – Logical name assigned to the CA connector

• Base URL – API or Web Enrollment endpoint configured for the CA

• Status – Operational state (Active / Inactive)

• Actions – Operational controls available via Select Action menu

This dashboard provides immediate visibility into connectivity and configuration status.

Creating a New CA Account

To add a new CA connector:

1. Navigate to the required CA type under CA Connectors

2. Click +Create

3. Enter the required configuration fields (varies by CA type)

4. Click Create

After creation, the connector becomes available in:

• Certificate issuance workflows

• Provisioning bot configuration

• Certificate ordering screens

Managing Existing CA Accounts

Each connector row includes a Select Action dropdown. Available actions typically include:

• Edit – Modify configuration details such as endpoint URL or credentials

• Deactivate / Activate – Temporarily disable or re-enable the connector

• Delete – Permanently remove the connector (only if not actively used)

Editing a connector allows updating:

• API endpoints

• Authentication credentials

• CA setup type (where applicable)

• Issuing CA references

• Subscriber IDs or account mappings

Changes take effect immediately for new issuance requests.

Status Management

The Status column reflects whether the CA connector is operational.

• Active – Connector is available for certificate issuance

• Inactive – Connector is disabled and cannot be used for new requests

If a connector becomes unreachable or authentication fails, provisioning requests may remain queued until connectivity is restored.

Operational Considerations

• Deactivating a connector does not revoke previously issued certificates.

• Certificates already issued remain valid unless explicitly revoked.

• Deleting a connector removes future issuance capability but does not delete historical audit records.

• Multiple connectors can be configured for the same CA to support high availability or regional segregation.

Security Best Practices

• Use dedicated service accounts for each connector.

• Rotate credentials periodically.

• Restrict API endpoints using IP whitelisting where supported.

• Enable audit logging within both CERTInext and the issuing CA.

• Avoid sharing connector credentials across environments (Dev / QA / Production).

Monitoring and Troubleshooting

If certificate issuance fails:

• Verify the connector Base URL is reachable.

• Confirm authentication credentials are valid.

• Check template or policy permissions at the CA.

• Review provisioning bot logs if deployment fails post-issuance.

Regular review of CA Accounts ensures uninterrupted certificate automation and prevents lifecycle disruptions across enterprise environments.

The Managing CA Accounts section provides centralized control over all issuing authority integrations, ensuring secure, reliable, and policy-aligned certificate lifecycle operations within CERTInext.