Skip to main content

CA Connectors

CA connectors allow you to issue certificates from external CA services while still using DigiCert® Device Trust Manager as your central platform for certificate requests and management.

What's a CA Connector?

A CA Connector acts as a translation layer (or shim) between Device Trust Manager and an external CA service. When a certificate is requested, the CA Connector gathers the request data, formats it appropriately, and relays it to the external CA. Once the certificate is issued, it is returned to Device Trust Manager for further management.

This ensures that Device Trust Manager can act as a unified interface for requesting, monitoring, and managing certificates, regardless of the underlying CA platform.

Why use a CA Connector?

Device Trust Manager uses DigiCert® Private CA in DigiCert® ONE as its default certificate authority (CA) service. However, many organizations already issue certificates from other CA services and need to continue doing so for compliance, integration, or operational reasons.

The CA Connector enables Device Trust Manager to work seamlessly with these external CA services, giving customers a consistent interface and full access to the Device Trust Manager feature set—even when certificates are issued from outside DigiCert ONE.

Why is this useful?

CA Connectors are helpful in several key scenarios:

  • External CA alignment: Continue using existing issuing CAs while modernizing certificate lifecycle workflows in Device Trust Manager.

  • Public trust certificate issuance: Device Trust Manager does not directly issue publicly-trusted certificates. With a CA Connector configured to the DigiCert Certificate Issuance Service API (CIS API), users can request public trust certificates through Device Trust ManagerDevice Trust Manager and have them issued from DigiCert’s public trust infrastructure.

How does it fit into the Device Trust Manager workflow?

When using CA Connectors, the certificate template step is replaced. Instead, the flow begins with the creation of a CA Connector.

Standard workflow:

Certificate Template → Certificate Profile → Certificate Management Policy

CA Connector workflow:

CA Connector → Certificate Profile → Certificate Management Policy

Once the CA Connector is created, you build a certificate profile to define the certificate request format and behavior, then link it to a certificate management policy to control how devices or users can request those certificates.

What’s required to set up a CA Connector?

To configure a CA Connector, you need:

  • The URL of the external CA service.

  • Valid credentials (such as an API key or a client certificate) with permissions to:

    • Look up certificate profiles.

    • Request, download, and revoke certificates.

Each CA Connector type includes custom configuration fields appropriate to that specific service.

: