Sectigo Target
Sectigo Target enables you to use Sectigo as a Public CA with Akeyless PKI Issuer .
With Public CA, Akeyless cannot access the private key that signs the certificates. Hence, Akeyless will programmatically contact Sectigo through the Gateway using the domain owner's account details to validate the certificate signing request.
Akeyless will store and manage the issued certificates and notify you of upcoming expiration events.
Create a Sectigo Target in the CLI
To create a Sectigo target from the CLI, run the following command:
akeyless target create globalsign \
--name <Target Name> \
--username <Username> \
--password <Password> \
--customer-uri <Sectigo Account CustomerUri> \
--organization-id <Sectigo Organization ID > \
--certificate-profile-id <Sectigo Certificate Profile ID>
--external-requester <username of the requester>
Where:
-
name
: A unique name for the target. The name can include a path to the virtual folder where you want to create a new target using the slash /separators. The folder will be created with the target if it does not exist. -
username
: The username used to log in to Sectigo. -
password
: the password used to log in to Sectigo. -
customer-uri
: The Customer URI of the Sectigo account. -
organization-id
: Sectigo Orgnaiztion ID. -
certificate-profile-id
: Sectigo Certificate Profile ID. -
external-requester
: Sectigo external requester username.
Sectigo Approval Workflow
Akeyless PKI Issuer does not support approval workflow, make sure your sectigo certificate profile is not require 2nd approval.
Once the Sectig Target is created, it can be used to generate a Public certificate.
You can find the complete list of parameters for this command in the CLI reference section.
Create a Sectigo Target in the Console
-
Log in to the Akeyless Console, and go to Targets > New > Certificate Automation (Sectigo).
-
Define the Name of the target, and specify the Location as a path to the virtual folder where you want to create the new target, using slash
/
separators. If the folder does not exist, it will be created together with the target. -
Select a Protection key with a Customer Fragment to enable Zero-Knowledge and click Next.
For more information about Zero-Knowledge, see Implement Zero Knowledge. -
Define the remaining parameters as follows:
-
Customer URI: The Customer URI of the Sectigo account.
-
Username: Username used to log in to Sectigo.
-
Password: Password of the Sectigo account
-
Organization ID: Sectigo Orgnaiztion ID.
-
Certificate Profile ID: Sectigo Certificate Profile ID.
-
External Requester: Sectigo External Requester username.
-
Timeout (seconds): Timeout in seconds waiting for certificate validation (min: 300, max: 3600, default is 300)
- Click Finish.
Updated 4 months ago