Manual Chapter : Integrating CyberArk Certificate Management with BIG-IQ

Applies To:

  • BIG-IQ Centralized Management

    8.4.2

back-action Integrating Third Party Certificate Management with BIG-IQ

Updated Date: 05/27/2026

Integrating CyberArk Certificate Management with BIG-IQ

The BIG-IQ Centralized Management system supports integration with CyberArk as an external certificate authority (CA) provider for certificate lifecycle management.

You can use CyberArk integration to:

  • Configure CyberArk as an external CA provider
  • Retrieve and manage API authentication keys
  • Retrieve and use certificate templates from CyberArk
  • Generate and submit certificate signing requests (CSRs)
  • Import and synchronize certificates from CyberArk

BIG-IQ communicates with CyberArk using REST APIs to authenticate, retrieve templates, request certificates, and synchronize certificates, and keys.

Before integrating CyberArk with BIG-IQ, ensure that:

  • You have network connectivity between BIG-IQ and the CyberArk endpoint.
  • You have valid CyberArk credentials or API key access.
  • You have the required permissions to access applications and templates in CyberArk.
  • Your BIG-IQ system is licensed and operational.

  1. On the BIG-IQ menu, go to Configuration > LOCAL TRAFFIC > Certificate Management > Third Party CA Management.

  2. Click Add.

  3. From the Provider list, select CyberArk.

  4. Type a unique provider name.

  5. Select an API endpoint.

    The API endpoint list displays the available CyberArk regional endpoints.

  6. Specify authentication details using one of these methods:

    • Manually enter the API key.
    • Retrieve the API key using a CyberArk username and password.

  7. Optional: Modify the automatically generated login URL if required.

  8. Click Get API Key to retrieve the API key automatically.

  9. In the Key Passphrase field, type the passphrase associated with the key.

  10. Click Test Connection to validate connectivity and authentication with the CyberArk external CA.

  11. Click Save.

BIG-IQ saves the CyberArk CA provider configuration and establishes connectivity with external CA.

You can configure application templates associated with the CyberArk CA provider.

  1. Go to Configuration > LOCAL TRAFFIC > Certificate Management > Third Party CA Management.

  2. Select the configured CyberArk provider.

  3. Click Edit Template.

  4. From the Application ID list, select an application.

    BIG-IQ retrieves the list of application IDs associated with the selected CyberArk provider.

  5. Select a template and associated nickname.

  6. Click Save.

BIG-IQ saves the selected CyberArk template configuration.

  1. Go to Configuration > LOCAL TRAFFIC > Certificate Management > Certificates & Keys.

  2. Click Create.

  3. From the Issuer list, select the configured CyberArk issuer.

    BIG-IQ automatically retrieves all templates associated with the selected issuer.

  4. Select a template.

    BIG-IQ retrieves the following template details:

    • CSR upload support status
    • Supported key types
    • Supported key curves

  5. Configure the certificate request settings.

  6. Generate or upload the CSR as required.

  7. Click Save.

BIG-IQ submits the CSR request to CyberArk and creates the certificate request.

You can import certificates directly from CyberArk into BIG-IQ.

  1. Go to Configuration > LOCAL TRAFFIC > Certificate Management > Certificates & Keys.
  2. Click Import.
  3. Select Import from CA Providers.
  4. Select the configured CyberArk provider.
  5. Click Import.

BIG-IQ retrieves and synchronizes certificates from CyberArk.