Third-Party CA

Overview #

A third-party certificate authority (CA) is a CA that is issued by a provider outside of StrongDM. If the Enterprise plan is enabled for your organization, you may use an existing third-party CA, instead of the default Strong CA, to issue certificates for authentication to your certificate-based RDP and certificate-based SSH resources.

Third-party CA integration requires you to have a preexisting CA. StrongDM does not configure, issue, manage, or rotate third-party CAs in any way. Such CAs are configured and typically stored with a third-party service. When the CA is integrated with StrongDM, StrongDM only uses the CA configuration to specify what service to use to sign certificate requests.

You may add third-party CAs to StrongDM on the Admin UI > Network > Certificate Authorities page, as well as from the CLI, SDKs, or Terraform using secret store commands, domain objects, and resources.

Supported CA Integrations #

StrongDM supports the following third-party CA integrations:

• Active Directory Certificate Services CA Integration for RDP
• AWS CA Integration for RDP
• GCP Certificate Authority Service Integration for RDP
• HashiCorp Vault CA Integration for RDP
• HashiCorp Vault CA Integration for SSH
• Keyfactor EJBCA CA Integration for RDP
• Keyfactor EJBCA CA Integration for SSH