Hanzo
PlatformHanzo KMSPlatformPKICertificate Authorities

Overview

Before issuing and managing certificates with Hanzo KMS, you'll need to configure a Certificate Authority (CA).

This is the trusted entity that signs and validates the X.509 certificates used to secure your end-entities.

Hanzo KMS supports two categories of CAs:

  • Internal CA: Internally operated root and intermediate CAs managed within Hanzo KMS. This is useful if you need complete control over your PKI and are issuing certificates for private networks, internal services, or managed devices.
  • External CA: Third-party public (e.g. Let's Encrypt, DigiCert) or private (e.g. AWS Private CA, HashiCorp Vault PKI, etc.) CAs that can be integrated with Hanzo KMS. This is useful if you want to leverage existing PKI infrastructure or issue publicly trusted certificates.

How is this guide?

Last updated on

Certificate Components

Learn the main components for managing certificates with Hanzo KMS.

Internal CA

Learn how to create a Private CA hierarchy with Hanzo KMS.