ZeroSSL Target
Overview
ZeroSSL Target enables you to use ZeroSSL as a Public CA with Akeyless PKI Issuer.
With Public CA, Akeyless cannot access the private key that signs the certificates. Hence, Akeyless will programmatically contact ZeroSSL through the Gateway using IMAP user credentials to validate the certificate request. Akeyless will store and manage the issued certificates and notify you of upcoming expiration events.
Create a ZeroSSL Target in the CLI
To create a ZeroSSL target from the CLI, run the following command:
akeyless target create zerossl \
--name <Target Name> \
--api-key <API Key of the ZeroSSLTarget account> \
--imap-username <Username to access the IMAP service> \
--imap-password <Password to access the IMAP service> \
--imap-fqdn <FQDN of the IMAP service> \
--imap-validation-email <Email address to send the validation email>
Where:
-
name
: A unique name for the target. The name can include a path to the virtual folder where you want to create a new target using the slash/
separators. If the folder does not exist, it will be created with the target. -
api-key
: ZeroSSL API Key, can be found under your ZeroSSL account in the Developer section -
imap-username
: An email address of the user registered to the IMAP service -
imap-password
: IMAP APP-Password - for example, on Gmail Under Settings-> Security , click on 2-Step Verification, and generate APP-Password (2-Step verification must be enabled) -
imap-fqdn
: IMAP FQDN, for example:imap.gmail.com
-
imap-validation-email
: The domain owner's email address that certificate validation mail will be sent, currently available email address -[email protected]
Once the ZeroSSL Target is created, it can be used to generate a public certificate.
You can find the complete list of parameters for this command in the CLI reference section.
Create a ZeroSSL Target in the Console
-
Log in to the Akeyless Console, and go to Targets > New > Certificate Automation (ZeroSSL).
-
Define a Name of the target, and specify the Location as a path to the virtual folder where you want to create the new target, using slash
/
separators. If the folder does not exist, it will be created together with the target. -
Select a Protection key with a Customer Fragment to enable Zero-Knowledge and click Next.
For more information about Zero-Knowledge, see Implement Zero Knowledge. -
Define the remaining parameters as follows:
-
API Key: ZeroSSL API Key, can be found under your ZeroSSL account in the Developer section
-
IMAP Username: An email address of the user registered to the IMAP service
-
IMAP Password: IMAP APP-Password, for example, on Gmail Under Settings -> Security, click on 2-Step Verification and generate APP-Password (2-Step verification must be enabled)
-
IMAP FQDN: A FQDN of an IMAP service, For example,
imap.gmail.com
-
IMAP Port: IMAP service port, default is
993
-
IMAP Validation Email: Email to use when asking ZeoSSL to send a validation email, if left empty it will use username
-
Timeout (seconds): Timeout in seconds waiting for certificate validation (min: 300, max: 3600, default is 300)
- Click Finish.
Updated 4 months ago