Sectigo Target
The Sectigo Target enables you to use Sectigo as a Public Certificate Authority (CA) with Akeyless PKI Issuer.
With a public CA, Akeyless cannot access the private key that signs certificates. Akeyless will programmatically validate the certificate signing request by contacting Sectigo through the Akeyless Gateway using the domain owner's account details
Akeyless will store the issued certificates, manage them, and notify you of upcoming expiration events.
Create a Sectigo Target in the Console
-
Log in to the Akeyless Console, and go to Targets > New > Certificate Automation (Sectigo).
-
Define the Name of the target, and specify the Location as a path to the virtual folder where you want to create the new target, using slash
/
separators. If the folder does not exist, it will be created together with the target. -
Select a Protection key with a Customer Fragment to enable Zero-Knowledge and click Next. Read more about Zero-Knowledge Encryption.
-
Define the remaining parameters as follows:
-
Customer URI: The Customer URI of the Sectigo account.
-
Username: Username used to log in to Sectigo.
-
Password: Password of the Sectigo account
-
Organization ID: Sectigo Organization ID.
-
Certificate Profile ID: Sectigo Certificate Profile ID.
-
External Requester: Sectigo External Requester username.
-
Timeout (seconds): Timeout in seconds waiting for certificate validation (min: 300, max: 3600, default is 300)
- Click Finish.
Create a Sectigo Target in the CLI
To create a Sectigo target from the CLI, run the following command:
akeyless target create globalsign \
--name <Target Name> \
--username <Username> \
--password <Password> \
--customer-uri <Sectigo Account CustomerUri> \
--organization-id <Sectigo Organization ID > \
--certificate-profile-id <Sectigo Certificate Profile ID>
--external-requester <username of the requester>
For a complete list of parameters and their descriptions, visit the CLI Reference.
Once the Sectigo Target is created, it can be used to generate a public certificate.
The Akeyless PKI Issuer does not support Sectigo approval workflows, make sure your Sectigo certificate profile does not require a second approval.
Updated 1 day ago