ZeroSSL Target


ZeroSSL Target enables you to use ZeroSSL as a Public CA with Akeyless PKI Issuer.

With Public CA, Akeyless cannot access the private key that signs the certificates. Hence, Akeyless will programmatically contact ZeroSSL through the Gatewayusing IMAP user credentials to validate the certificate request. Akeyless will store and manage the issued certificates and notify you of upcoming expiration events.

Create a ZeroSSL target using the CLI

To create a ZeroSSL target from the CLI, run the following command:

akeyless create-zerossl-target \
--name <Target Name> \
--api-key <API Key of the ZeroSSLTarget account> \
--imap-username <Username to access the IMAP service> \
--imap-password <Password to access the IMAP service> \
--imap-fqdn <FQDN of the IMAP service> \
--imap-validation-imap <Email address to send the validation email>


  • --name: A unique name for the target. The name can include a path to the virtual folder where you want to create a new target using the slash /separators. If the folder does not exist, it will be created with the target.

  • --api-key: ZeroSSL API Key, can be found under your ZeroSSL account in the Developer section.

  • --imap-username: An email address of the user registered to the IMAP service.

  • --imap-password: IMAP APP-Password - for example, on Gmail Under Settings-> Security , click on 2-Step Verification, and generate APP-Password (2-Step verification must be enabled).

  • --imap-fqdn: IMAP FQDN, for example:

  • --imap-validation-email: The domain owner email address that certificate validation mail will be sent to, for example:

For a full list of the available CLI command, see the CLI reference

Once the ZeroSSL Target is created, it can be used to generate a public certificate.

What’s Next