Overview
Sectigo Connector for A10 ("the connector") is a secure automation solution for enrolling and managing Sectigo SSL/TLS certificates to support encrypted communication between clients and vThunder software appliances. Certificates are automatically attached to the virtual servers. You can also use the vThunder native ACME integration to request and attach certificates to the virtual servers.
The provisioned certificates are uploaded to the certificate area of vThunder using the aXAPI REST API 3.0.
The connector can provision Domain Validation (DV), Organization Validation (OV), and Extended Validation (EV) SSL/TLS certificates, including SAN and wildcard certificates. It supports both public and private CAs. The following key types are supported: RSA (2048-bit and 4096-bit) and ECDSA (256-bit and 384-bit).
Audience
This guide is intended for security administrators who manage vThunder software appliances for an organization and are responsible for automating the certificate lifecycle to enable secure communication between clients and vThunder ADC.
Scope
This guide covers instructions for enrolling Sectigo server certificates and enabling SSL on vThunder virtual servers.
Architecture
Execution workflow
During execution, the script does the following:
-
Reads the certificate enrollment information from the certificate profile file.
-
Sends a request to vThunder to generate a key pair and create a certificate signing request (CSR).
The private key is securely stored inside the appliance and isn’t exposed outside. -
Retrieves the CSR from vThunder.
-
Sends the CSR with an enrollment request to SCM.
-
Retrieves the certificate chain in PEM format from SCM.
-
Uploads the certificate chain to the vThunder certificate area using the aXAPI REST API 3.0.
-
Creates a client SSL template.
-
Associates the client SSL template with the virtual server.
Package contents
The package contains the following components:
-
config: This directory contains configuration files.
-
a10_profile_1.yaml: The A10 profile file
-
cert_profile_1.yaml: The certificate profile file
-
config.yaml: The config file
-
sectigo_credentials.yaml: The SCM credentials file
-
-
main.py: The connector as an executable file
-
.py: Python source files in their respective directories
-
requirements.txt: This file contains a list of Python dependencies
-
SCM Client EULA v1.0.1.txt: The EULA agreement