Skip to main content
Skip table of contents

Configuring the AnyCA Gateway

The Keyfactor AnyCA Gateway REST helps link your Command instance to a third-party issuing CA, making communication smooth and seamless. The Gateway REST acts as a bridge between Command and the CA.

Depending on how you set it up, the Gateway offers various handy certificate management features, including:

  • Certificate enrollment and revocation: Easily request or invalidate certificates

  • Certificate chain retrieval: Quickly fetch full certificate chains for hassle-free installation

  • Certificate inventory view: Get a comprehensive overview and search through existing certificate information

  • Certificate renewal: Renew certificates as they near expiration to maintain smooth operations

In Command Lite, the Gateway specific to your third-party CA has been deployed, however the configuration must be completed in order to utilize that CA.

  1. Authenticate and verify a your external CA connection: DigiCert

  2. Setting up Sync with your public CA

  3. Create a Certificate Profile and a Certificate Template

Pre-configuration notes

  • Before you start configuration, make sure you have your API key ready.
    Note: For DigiCert, your CertCentral API key can be created, once logged in, here.

  • Configuration is completed from within the AnyCA Gateway Portal. The portal is accessed using the URL shown on the Gateways tab.

To access your AnyCA Gateway, click the Go to AnyCA Gateway link.


The Certificate Authorities screen appears in a new tab, and shows the list of CAs configured through the Gateway. The browser tab name will show “AnyCA Gateway” as a shortened name of the AnyCA Gateway REST.


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.