Third-Party CA
Last modified on March 14, 2024
On this page
This feature is part of the Enterprise bundle. If it is not enabled for your organization, please contact StrongDM at the StrongDM Help Center.
Overview
A third-party certificate authority (CA) is a CA that is issued by a provider outside of StrongDM. If the Enterprise bundle is enabled for your organization, you may use an existing third-party CA, instead of the default Strong CA, to issue certificates for authentication to your certificate-based RDP and certificate-based SSH resources.
Third-party CA integration requires you to have a preexisting CA. StrongDM does not configure, issue, manage, or rotate third-party CAs in any way. Such CAs are configured and typically stored with a third-party service. When the CA is integrated with StrongDM, StrongDM only uses the CA configuration to specify what service to use to sign certificate requests.
You may add third-party CAs to StrongDM on the Admin UI > Network > Certificate Authorities page, as well as from the CLI, SDKs, or Terraform using secret store commands, domain objects, and resources.
API Account example-terraform-key (cc1e23eb-e456-7891-23c4-edf5678c9123) created a secret store named example-tf-ssh-ca
.Supported CA Integrations
StrongDM supports the following third-party CA integrations: