Sectigo.com
Shop Enterprise Partners Resources

Configuration

This page describes the necessary configuration details for the SDK.

Go SDK

The SDK configuration details include the SCM credentials and certificate profile.

SCM credentials

When you create a Sectigo client, you need to provide your SCM credentials. If you initialize the SDK without assigning any credentials, the SDK looks for the credentials file in the current working directory, user home directory, and system config directory.

The SCM credentials can be assigned using one of the following:

Credentials file

The supported file formats are JSON, YAML, and TOML. The default filenames for the credentials file are ./sectigorc.json, ./sectigorc.yaml, and ./sectigorc.toml.

  • ACME

  • Enrollment API

  • Admin API

credentials := sdk.acme.Config.FromFile("<path/credentials.yaml>")
credentials := sdk.enrollment.Config.FromFile("<path/credentials.yaml>")
credentials := sdk.admin.Config.FromFile("<path/credentials.yaml>")

A sample credentials file sectigo_credentials.yaml is located in the ./config directory.

Sample credentials file
ENROLLMENT_API_1:
  client_id: b8923830-11f5-4c34-951b-fc1235634972
  client_secret: Ti]hXzuxj.!T,zg!S0rZ0StbwyDlhCP4
  scm_url: https://murray.enroll.sectigo.com/api/v1
ADMIN_API_1:
  scm_url: https://cert-manager.com/
  scm_user: john_doe
  scm_password: 23CkiMJkUc5N
  scm_uri: doe
  scm_org_id: 460
  scm_ssl_cert_type: 1670
ACME_CERTBOT_1:
  acme_endpoint: https://acme.sectigo.com
  eab_key: 2a82af7331a11fc8b9ec2793d924b0aa
  eab_hmac_key: AqlqlXB9mQoQzrGHmFzLSdbhENiea9RibwyCZoNfXrp7o7A1Yb9pvPwCPFpl7ZBMztc752le8VhCDXyTg5ms68U6
  certbot_path: "~/csr_dir"

The following table describes the parameters in the file.

Parameter Description

Enrollment API

<ENROLLMENT_API_1>

An arbitrary credentials label. This label deliniates the Enrollment API credentials from other credentials.

client_id

The client ID of the SCM user

client_secret

The client secret of the SCM user

scm_url

The URL of the SCM account

Admin API

<ADMIN_API_1>

An arbitrary credentials label. This label deliniates the Admin API credentials from other credentials.

scm_url

The base URL of SCM

scm_user

The MRAO or RAO administrator username

scm_password

The MRAO or RAO administrator password

scm_uri

The URI of the SCM account

scm_org_id

The ID of the organization

scm_ssl_cert_type

The ID of the SSL certificate type

ACME

<ACME_CERTBOT_1>

An arbitrary credentials label. This label deliniates the ACME credentials from other credentials.

acme_endpoint

The URL of the ACME service

eab_key

The key ID for external account binding

eab_hmac_key

The HMAC key for external account binding

certbot_path

(ACME) The directory that will store the private key, CSR, and certificate chain.

Credentials struct

  • ACME

  • Enrollment API

  • Admin API

credentials := sdk.acme.Config.Credentials{"acme_endpoint" : "<your_acme_endoint>", "eab_key" : "<your_key_id", "eab_hmac_key" : "<your_hmac_key", "certbot_path" : "your_csr_dir"}
credentials := sdk.enrollment.Config.Credentials{"client_id" : "<your_client_id>", "client_secret" : "<your_client_secret>", "scm_url" : "<your_scm_url"}
credentials := sdk.admin.Config.Credentials{"scm_url" : "<your_scm_url>", "scm_user" : "<your_scm_user>", "scm_password" : "<your_scm_password>", "scm_uri" : "<your_scm_uri>", "scm_org_id" : "<your_org_id>", "scm_ssl_cert_type" : "<your_cert_id>"}

Certificate profile

Configure a sample cert_profile_1.yaml file in the ./config directory. You can create multiple copies of the sample certificate profile file. All filenames must start with cert_.

Alternatively, you pass the parameters from the sample file as a struct.

  • Certificate profile file

  • Certificate profile struct

certProfile := sdk.lifecycle.CertProfile.FromFile("<path/cert_profile.yaml>")
certProfile := sdk.lifecycle.CertProfile{"scm_credentials_label": "<your_creds_label>", "ssl_cert_type": "<your_ssl_cert_type>", "ssl_cert_comments": "<your_comments>", "<other_param>": "<your_other_value>"}
Sample certificate profile file
scm_credentials_label: SCMDV
ssl_cert_custom_fields: {"Server IP":"192.168.220.130","Dept":"Ecommerce"}
ssl_cert_type: DV
ssl_cert_comments: Certificate for load balancer
ssl_cert_subject_alt_names: example.com, www.example.com
ssl_cert_validity: '365'
csr_domain: example.com
csr_country: CA
csr_state: ON
csr_location: Ottawa
csr_organization: JohnDoe
csr_email_address: [email protected]
csr_key_type: RSA
csr_key_size: 4096
force_renewal: false
expiry_window: 30
auto_renew: true

The following table describes the parameters in the file.

Parameter Description

scm_credentials_label

The credentials ID (label) from the sectigo_credentials file

ssl_cert_custom_fields

(Optional) Custom fields to be applied to the requested certificate. The expected format for custom fields is the following:

[{"name":"custom_field_1","value":"value_1"},{"name":"custom_field_2","value":"value_2"}].

If you’re providing this input in a JSON string, make sure that the internal double quotes are escaped properly using \.

ssl_cert_type

The type of the SSL certificate. The possible values are DV, OV, and EV.

ssl_cert_comments

(Optional) Comments for certificate enrollment

ssl_cert_subject_alt_names

A comma-separated list of subject alternative names (SAN) included in the certificate subjectAltName field

ssl_cert_validity

(Admin API) The certificate validity period in days. The value must be at least 1.

csr_domain

The domain name included in the certificate Common Name (CN) field

csr_country

The country name included in the certificate Country (C) field

csr_state

The state or province name included in the certificate State (ST) field

csr_location

The locality name included in the certificate Locality (L) field

csr_organization

The organization name included in the certificate Organization (O) field

csr_email_address

The email address included in the certificate emailAddress field

csr_key_type

The key algorithm to use for certificate enrollment. The possible values are RSA and EC.

csr_key_size

The key size to use for certificate enrollment. The possible values are:

  • RSA: 2048, 3072, 4096

  • EC: 256, 384

force_renewal

Specifies whether to force renewal of a certificate, even if it’s not yet due for renewal. The possible values are true and false. The default value is false.

expiry_window

The number of days prior to expiration that a certificate renewal process is initiated. The default expiry window is 30 days.

auto_renew

Specifies whether to renew a certificate automatically. The possible values are true and false. The default value is true.

Python SDK

The SDK configuration details include the SCM credentials and certificate profile.

SCM credentials

When you create a Sectigo client, you need to provide your SCM credentials. If you initialize the SDK without assigning any credentials, the SDK looks for the credentials file in the current working directory, user home directory, and system config directory.

The SCM credentials can be assigned using one of the following:

Credentials file

The supported file formats are JSON, YAML, and TOML. The default filenames for the credentials file are ./sectigorc.json, ./sectigorc.yaml, and ./sectigorc.toml.

----
scm_object = SCMProvider.from_file("<path/credentials.yaml>",cert_profile.scm_credentials_label)

A sample credentials file sectigo_credentials.yaml is located in the ./config directory.

Sample credentials file
ENROLLMENT_API_1:
  client_id: b8923830-11f5-4c34-951b-fc1235634972
  client_secret: Ti]hXzuxj.!T,zg!S0rZ0StbwyDlhCP4
  scm_url: https://murray.enroll.sectigo.com/api/v1
ADMIN_API_1:
  scm_url: https://cert-manager.com/
  scm_user: john_doe
  scm_password: 23CkiMJkUc5N
  scm_uri: doe
  scm_org_id: 460
  scm_ssl_cert_type: 1670
ACME_CERTBOT_1:
  acme_endpoint: https://acme.sectigo.com
  eab_key: 2a82af7331a11fc8b9ec2793d924b0aa
  eab_hmac_key: AqlqlXB9mQoQzrGHmFzLSdbhENiea9RibwyCZoNfXrp7o7A1Yb9pvPwCPFpl7ZBMztc752le8VhCDXyTg5ms68U6
  certbot_path: "~/csr_dir"

The following table describes the parameters in the file.

Parameter Description

Enrollment API

<ENROLLMENT_API_1>

An arbitrary credentials label. This label deliniates the Enrollment API credentials from other credentials.

client_id

The client ID of the SCM user

client_secret

The client secret of the SCM user

scm_url

The URL of the SCM account

Admin API

<ADMIN_API_1>

An arbitrary credentials label. This label deliniates the Admin API credentials from other credentials.

scm_url

The base URL of SCM

scm_user

The MRAO or RAO administrator username

scm_password

The MRAO or RAO administrator password

scm_uri

The URI of the SCM account

scm_org_id

The ID of the organization

scm_ssl_cert_type

The ID of the SSL certificate type

ACME

<ACME_CERTBOT_1>

An arbitrary credentials label. This label deliniates the ACME credentials from other credentials.

acme_endpoint

The URL of the ACME service

eab_key

The key ID for external account binding

eab_hmac_key

The HMAC key for external account binding

certbot_path

(ACME) The directory that will store the private key, CSR, and certificate chain.

Dictionary

  • ACME

  • Enrollment API

  • Admin API

scm_dict = {
    "acme_endpoint" : "<your_acme_endoint>",
    "eab_hmac_key" : "<your_hmac_key",
    "certbot_path" : "your_csr_dir"
}
scm = SCMProvider(scm_dict, cert_profile.scm_credentials_label)
scm_dict = {
    "client_id": "<your_client_id>",
    "client_secret": "<your_client_secret>",
    "scm_url": "<your_scm_url",
}
scm = SCMProvider(scm_dict, cert_profile.scm_credentials_label)
scm_dict = {
    "scm_url": "<your_scm_url",
    "scm_user": "<your_scm_user>",
    "scm_password": "<your_scm_password>",
    "scm_uri" : "<your_scm_uri>",
    "scm_org_id" : "<your_org_id>",
    "scm_ssl_cert_type" : "<your_cert_id>"}
}
scm = SCMProvider(scm_dict, cert_profile.scm_credentials_label)

Certificate profile

Configure a sample cert_profile_1.yaml file in the ./config directory. You can create multiple copies of the sample certificate profile file. All filenames must start with cert_.

cert_profile = CertificateProfile.from_file("<path/cert_profile.yaml>")
Sample certificate profile file
scm_credentials_label: SCMDV
ssl_cert_custom_fields: {"Server IP":"192.168.220.130","Dept":"Ecommerce"}
ssl_cert_type: DV
ssl_cert_comments: Certificate for load balancer
ssl_cert_subject_alt_names: example.com, www.example.com
ssl_cert_validity: '365'
csr_domain: example.com
csr_country: CA
csr_state: ON
csr_location: Ottawa
csr_organization: JohnDoe
csr_email_address: [email protected]
csr_key_type: RSA
csr_key_size: 4096
force_renewal: false
expiry_window: 30
auto_renew: true

The following table describes the parameters in the file.

Parameter Description

scm_credentials_label

The credentials ID (label) from the sectigo_credentials file

ssl_cert_custom_fields

(Optional) Custom fields to be applied to the requested certificate. The expected format for custom fields is the following:

[{"name":"custom_field_1","value":"value_1"},{"name":"custom_field_2","value":"value_2"}].

If you’re providing this input in a JSON string, make sure that the internal double quotes are escaped properly using \.

ssl_cert_type

The type of the SSL certificate. The possible values are DV, OV, and EV.

ssl_cert_comments

(Optional) Comments for certificate enrollment

ssl_cert_subject_alt_names

A comma-separated list of subject alternative names (SAN) included in the certificate subjectAltName field

ssl_cert_validity

(Admin API) The certificate validity period in days. The value must be at least 1.

csr_domain

The domain name included in the certificate Common Name (CN) field

csr_country

The country name included in the certificate Country (C) field

csr_state

The state or province name included in the certificate State (ST) field

csr_location

The locality name included in the certificate Locality (L) field

csr_organization

The organization name included in the certificate Organization (O) field

csr_email_address

The email address included in the certificate emailAddress field

csr_key_type

The key algorithm to use for certificate enrollment. The possible values are RSA and EC.

csr_key_size

The key size to use for certificate enrollment. The possible values are:

  • RSA: 2048, 3072, 4096

  • EC: 256, 384

force_renewal

Specifies whether to force renewal of a certificate, even if it’s not yet due for renewal. The possible values are true and false. The default value is false.

expiry_window

The number of days prior to expiration that a certificate renewal process is initiated. The default expiry window is 30 days.

auto_renew

Specifies whether to renew a certificate automatically. The possible values are true and false. The default value is true.