Overview

The Sectigo Chef integration provides a solution for the enrollment, collection, renewal, replacement, and revocation of SSL/TLS and client (S/MIME) certificates issued by Sectigo Certificate Manager (SCM).

The integration is distributed as a Chef cookbook. It provides the following features:

  • RSA 2048, 3072, and 4096-bit private key generation

  • Certificate signing request (CSR)

  • Enrollment, collection, renewal, replacement, and revocation of certificates issued by SCM

The integration supports the generation of new SSL and client certificates and detection of existing certificates stored in a location accessible to the cookbook at runtime. The integration also checks the validity of existing certificates and allows the issuance of replacement certificates as required. There are various types of SSL and client certificates that can be requested by supplying the appropriate configuration options.

The types of SSL/TLS and client certificates available to you are based on your account setup.
Chef Sectigo integration

Package contents

The Sectigo Chef integration package contains the following:

  • attributes:

    • default.rb: The configuration data for the SSL or client certificate

  • libraries:

    • constants.rb: The constants file for the SCM API library

    • sectigo_rbcert.rb: The Ruby library for connecting with the SCM API by chef recipes

    • sectigo_certificate_helper.rb: The common function used by chef recipes

  • recipes:

    • collect_certificate.rb: The recipe to collect the certificate

    • copy_certificate.rb: The recipe that copies certificate-related files from the cookbook file to the node

    • issue_certificate.rb: The recipe that issues the certificate

    • replace_certificate.rb: The recipe that replaces the certificate and collects the updated certificate

    • revoke_certificate.rb: The recipe that revokes the certificate

  • samples: Contains the following sample parameter JSON files:

    • sectigo_chef_node.sh: The shell executable file. Used only to execute the cookbook on the chef node.

    • sectigo_chef_workstation.sh: The chef executable file. Used only to execute the cookbook on the chef workstation.

    • *.json: Sample JSON parameter files that may be used for different recipes.

Sectigo Chef integration package