Certificate authorities
A certificate authority (CA) is the trusted entity responsible for managing the digital certificates that serve as the strong identities for all devices and routers in the network. Organizations often maintain their own CAs to manage strong identities for their devices, and the NetFoundry platform provides flexibility to support this existing infrastructure.
- Purpose: The CA issues and signs the X.509 certificates that are the basis of every identity. When a device attempts to connect, the controller uses the CA to verify the certificate's validity and trustworthiness.
- Controller CA: The controller typically uses its own built-in, pre-configured CA for the standard one-time token (OTT) enrollment process, creating and signing the certificates required by the overlay.
- Third-party CAs: You can integrate external, third-party CAs (like those managed by your organization's IT department) to allow the NetFoundry platform to validate certificates issued by your existing infrastructure, giving you full control over your device identities.
Console reference
Certificate authorities table
The Certificate Authorities tab lists the external CAs imported into the network to facilitate 3rd-party PKI integration and automated enrollment.
| Column | Description |
|---|---|
| Name | The unique, user-defined name for the CA. |
| Verified | Indicates if the CA's certificate has been validated by the controller through a verification process. |
| Auto Enrollment | Shows if automated identity enrollment is enabled for this specific CA. |
| OTT Auto | Indicates if One-Time Token (OTT) based automated enrollment is enabled for the CA. |
| Auth Enabled | Indicates if this CA is currently enabled to authenticate identities. |
| JWT | Provides access to the JSON Web Token associated with the CA's enrollment or configuration. |
| Created At | The date and time the CA was added to the network. |
| ID | The unique, system-assigned ID (UUID) assigned to the CA by the controller. |