GlobalSign MSSL PKI

Prerequisites

  • A technical account should be created.

  • This technical account must have permissions to enroll and revoke SSL certificates on the desired domain.

Limitations

  • Only the following fields are managed: contactEmail and subjectAltName DNS.

  • For multi-valued fields (SAN DNS), if more data items are provided than configured in GlobalSign MSSL for the given "Product", the exceeding items will be ignored.

  • All limitations induced by the use of the GlobalSign MSSL SOAP Connector.

Create the PKI connector

1. Log in to Horizon Administration Interface.

2. Access PKI from the drawer or card: PKI  PKI Connectors.

3. Click on Add icon.

4. Select the correct PKI type.

5. Click on the next button

General tab

6. Fill in the common mandatory fields:

  • Connector Name* (string input):
    Choose a meaningful connector name allowing to identify the mapping between the PKI and the Certificate Profile. It must be unique and must not contain spaces.

  • Proxy (string select):
    If the PKI is not directly reachable from Horizon, you can set up an HTTP/HTTPS proxy to properly forward the traffic.

  • PKI Queue (string select):
    The PKI Queue used to manage the PKI Requests (enrollment, revocation).

  • Timeout (finite duration):
    Represents a predefined interval of time without a PKI response, when the time has passed "Horizon" will cease trying to establish the communication. Must be a valid finite duration.

7. Click on the next button

Details tab

8. Fill in all mandatory fields:

  • GlobalSign endpoint* (string select):
    Select from the drop-down list: the value must be "prod" for GlobalSign Production endpoint or "test" for the test environment.

  • GlobalSign profile ID* (string input):
    To be retrieved from the URL in the GlobalSign MSSL console.

  • GlobalSign domain ID* (string input):
    The ID of the domain to manage. Displayed in the GlobalSign MSSL console.

  • Certificate validity (int input):
    Certificate validity in months.

  • Default email address (string input):
    Choose a default email address.

  • Default phone number (string input):
    Choose a default phone number.

  • Interval before retrying to retrieve certificate (finite duration):
    The default value is set to 9 seconds.

9. Click on the next button.

Authentication tab

10. Fill in the PKI-authentication fields:

  • Technical account username* (string input):
    Username of the technical account created in GlobalSign MSSL.

  • Technical account password* (string input):
    Password of the technical account created in GlobalSign MSSL.

11. Click on the save button.

You can edit Edit PKI, duplicate Duplicate PKI or delete Delete PKI the GlobalSign MSSL PKI connector.