Integrate with External Certificate Authorities (CAs) to use existing PKI infrastructure or connect to public CAs for certificate issuance.Documentation Index
Fetch the complete documentation index at: https://infisical.com/docs/llms.txt
Use this file to discover all available pages before exploring further.
This page is for product admins setting up PKI infrastructure. Teams issuing certificates should see Applications.
Types of External CAs
| Type | Examples | Use Case |
|---|---|---|
| External Public CAs | Let’s Encrypt, DigiCert, Sectigo | Public-facing services with browser trust |
| External Private CAs | AWS Private CA, Venafi, Azure ADCS | Internal services, cloud-hosted or on-prem |
Supported External CAs
Public CAs
ACME CA (Generic)
Connect to any ACME-compatible CA (Let’s Encrypt, ZeroSSL, Buypass, etc.)
Let's Encrypt
Free, automated certificates for public domains.
AWS ACM Public CA
Publicly trusted certificates via AWS Certificate Manager.
DigiCert
Enterprise certificates via DigiCert CertCentral.
DigiCert Direct
Direct integration with DigiCert infrastructure.
Sectigo
Enterprise certificates via Sectigo Certificate Manager.
Private CAs
AWS Private CA
Cloud-native private certificate management via AWS PCA.
Azure ADCS
Microsoft Active Directory Certificate Services integration.
Venafi TLS Protect Cloud
Venafi’s cloud-based certificate management platform.
Venafi TPP
Venafi Trust Protection Platform (on-premises).
Don’t see your CA? Contact sales@infisical.com and we’ll help you set up the integration.
FAQ
Can I use both Internal CAs and External CAs together?
Can I use both Internal CAs and External CAs together?
Yes. You can have both Internal and External CAs in the same Certificate Manager.
What’s Next?
Internal CA
Create your own private CA hierarchy.
Certificate Policies
Define constraints for certificates.
Certificate Profiles
Create profiles that link CAs with policies.
Applications
Issue certificates through Applications.