The Sectigo SaltStack integration provides a seamless solution for the enrollment, collection, renewal, replacement, and revocation of SSL/TLS and client (S/MIME) certificates issued by the Sectigo Certificate Manager (SCM). This integration is distributed as a SaltStack module. It provides the following features:

  • RSA 2048, 3072, and 4096-bit private key generation

  • Certificate signing request (CSR)

  • Enrollment, collection, renewal, replacement, and revocation of certificates issued by SCM

The Sectigo SaltStack integration supports both the generation of new SSL/client certificates and the detection of existing certificates stored in a location accessible to the module at runtime. The integration also checks the validity of existing certificates and allows the issuance of replacement certificates as required. There are various types of SSL and client certificates that can be requested by supplying the appropriate configuration options.

The types of SSL/TLS and client certificates available to you are based on your account setup.
SaltStack Sectigo integration

Package contents

The Sectigo SaltStack integration package contains the following:

  • pillar:

    • sectigo_ssl_certificate.sls: The configuration data for the SSL certificate

    • sectigo_client_certificate.sls: The configuration data for the client certificate

    • top.sls: A mandatory file which reads the configuration file(s)

    • env_vars.sls: This file is only used if you are running Execution modules, as outlined in Generating certificates on minion nodes by using execution modules. This file contains Sectigo account credentials that you must configure for execution modules.

  • salt:

    • _runners:

      • sectigo_pycert.py: The utility library for the module

      • sectigo_saltstack_module.py: The Sectigo SaltStack module

    • _states:

      • apache_centos_ssl.sls: A sample State file for CentOS configurations for SSL

      • apache_debian_ssl.sls: A sample State file for Debian configurations for SSL

      • apache_windows_ssl.sls: A sample State file for Windows configurations for SSL

      • sectigo_configuration.sls: A sample Sectigo configuration that is included in all other state files. This file contains a specification that allows you to copy SSL certificates from a master node to minion nodes. You may modify it as per your needs.

    • files:

      • apache.conf: A sample Apache configuration file

      • httpd.conf: A sample httpd configuration file

      • index.html: A sample homepage

      • run.sh: A shell script that can be used in a cronjob to automate the execution of the module

      • windows_apache.conf: A sample Apache configuration file for Windows

Sectigo SaltStack integration components