Setting up Sync with your public CA
Now that we have configured the gateway to communicate with your CA, we need to set it to synchronize the certificate data. This is done by setting up two separate stages of data synchronization. Once configured, you will begin to see certificates populate in the dashboard and collections area of Command.
Configure Sync on the Gateway
First, we will access the Gateway from the Gateway tab within the SaaS Portal. Click on Go to AnyCA Gateway.
The Gateway portal will open in a new tab and you should see your CA listed. Highlight your CA and click on Edit. In the Edit CA window, select the scan interval that best fits your situation.
Note: A daily scan is sufficient for most deployments. This may require that you wait until the scan completes to view certificates in the certificate stores in Command.You may also edit the additional configuration options as desired based on the AnyCA Gateway Documentation.
In this example, we have configured the Gateway to perform a full scan of all the certificate data with DigiCert daily at 3:25PM and incrementally scan every two hours. The gateway will skip an error 5 times before stopping the sync and reporting a failure. Additionally, we have set up Certificate Pruning to scan the certificate data on the Gateway every 12 hours and remove certificates (only from the Gateway reports) that are expired by more than 120 days.Once configured as desired, click save. Continue to Command.
Configure Sync in Command
Access your Command instance from the SaaS Portal:
Click on the Certificate Authorities option in the top menu.
Highlight your Certificate Authority from the list and click on the Edit button. In the Edit CA window that opens, configure Command to sync with your Gateway. In this example, we have configured a full sync daily at noon and an incremental sync every 12 hours.
Click on Save and Test to save the configuration.
Now we will wait until both synchronization jobs have completed.
This will import the certificates from the CA to the Gateway, the Gateway will filter them based on our settings and then Command will sync the filtered results into its collections.Review your Collections and Certificates in Command.
Note: When using the Certificate Search, you may need to select the “Include Revoked” and/or the “Include Expired” options.