Configuring the connector

This page describes how to configure the connector to automate the certificate lifecycle management for Akamai.

Extract the contents

The following steps must be performed before running the script:

Extract the contents of the sectigo-akamai-cm-<version>.zip archive to the current path.
Navigate to the root directory containing the solution files.
Give execute permission to the certificate.sh file.
```
chmod +x certificate.sh
```

Install the Akamai CLI

When you enroll a certificate, the certificate.sh script checks whether the Akamai CLI and needed tools are installed, and installs them automatically if not found.

If you decide to install the Akamai CLI and related tools manually, run the following commands.

wget https://github.com/akamai/cli/releases/download/v1.4.2/akamai-v1.4.2-linuxamd64 --quiet
chmod +x akamai-v1.4.2-linuxamd64
sudo mv akamai-v1.4.2-linuxamd64 /usr/local/bin/akamai
sudo apt update
sudo apt install python3-pip -y
sudo apt install python3-venv -y
akamai install cps
akamai cps setup --section default

For more information about CPS CLI installation and usage, see cli-cps.

Authenticate with Akamai

After installing the Akamai CPS CLI and before executing the script, you must authenticate your requests using a valid .edgerc file that needs to be created in your home directory (~/.edgerc). This file contains the secret, access_token, host, and client_token information for authentication through EdgeGrid.

To generate the credentials:

Log in to the Control Center.
Select your profile at top right, then select User settings on the Users tab.
Click Create API client, then click Quick or Advanced.
Copy and paste the values to the .edgerc file into your home directory.

For more details, see Create authentication credentials in Akamai documentation.

Set the Akamai contract ID

Set your Akamai contract ID as an environment variable.

export CONTRACT_ID='<contract_id>'
source ~/.bash_profile

Set up the config file

Configure the config.yaml file.

Sample config file

client_id: "e9a4a344-eafd-471d-a9cb-496835ffcb76"
client_secret: "e9a4a344-eafd-471d-a9cb-496835ffcb76"
scm_url: https://scmqa.enroll.demo.sectigo.com/api/v1
expiry_window: 30
renew_revoked_certificate: true

The following table describes parameters in the file.

Parameter Description

Parameter	Description
`client_id`	Your SCM client ID.
`client_secret`	The client secret of the SCM user
`scm_url`	The URL of your SCM account.
`expiry_window`	The number of days prior to expiration that a certificate renewal process is initiated. The default expiry window is `30` days.
`renew_revoked_certificate`	Specifies whether to renew revoked certificates. The possible values are `true` or `false`. The default value is `true`.

client_id

Your SCM client ID.

client_secret

The client secret of the SCM user

scm_url

The URL of your SCM account.

expiry_window

The number of days prior to expiration that a certificate renewal process is initiated. The default expiry window is 30 days.

renew_revoked_certificate

Specifies whether to renew revoked certificates. The possible values are true or false. The default value is true.

Set up the certificate profile file

Configure the example.com file in the ./domains/options directory. You can create copies of the sample file for different certificate profiles.

Sample certificate profile file

domain_name: "example.com"
cert_type: ecc
secureNetwork: standard-tls
geography: core
techContact_email: [email protected]
techContact_firstName: John
techContact_lastName: Doe
techContact_phone: "+994515373029"
adminContact_email: [email protected]
adminContact_firstName: John
adminContact_lastName: Doe
adminContact_phone: "+12505550199"
org_addressLineOne: 401 COUNTY ROAD 2
org_city: Ottawa
org_country: CA
org_name: JohnDoe
org_phone: "+12505550199"
org_postalCode: K1A 0C4
org_region: ON
csr_c: CA
csr_o: DoePrivateCA
csr_st: Ontario
csr_sans:
 - blog.example.com
 - mail.example.com

The following table describes the parameters in the file.

Parameter Description

Parameter	Description
`domain_name`	The domain name included in the certificate Common Name (CN) field
`secureNetwork`	The type of secure network where you want to deploy the certificate. The possible values are `standard-tls` (a standard secure network) and `enhanced-tls` (an enhanced security network). The default value is `standard-tls`.
`cert_type`	The key algorithm to use for certificate enrollment. The possible values are `rsa`(RSA 2048-bit) and `ecc` (ECDSA P-256). The default value is `ecc`.
`geography`	Specifies the region where you want to deploy the certificate. You can include China and Russia if your Akamai contract specifies your ability to do so and you have approval from the Chinese and Russian government. The default value is `core`. The possible values are: core: Deploy the certificate worldwide (includes China and Russia). china+core: Deploy the certificate worldwide and for China, but not for Russia. russia+core: Deploy the certificate worldwide and for Russia, but not for China.
`techContact_email`	The email address of the Akamai administrator who you want to use as a contact at your company
`techContact_firstName`	The first name of the Akamai administrator who you want to use within Akamai
`techContact_lastName`	The last name of the Akamai administrator who you want to use within Akamai
`adminContact_email`	The email or a comma-separated list of emails of the certificate requester
`adminContact_firstName`	The first name of the certificate administrator who you want to use as a contact at your company
`adminContact_lastName`	The last name of the certificate administrator who you want to use as a contact at your company
`adminContact_phone`	The phone number of the certificate requester
`org_addressLineOne`	The address of your organization
`org_city`	The locality name included in the certificate Locality (L) field
`org_country`	The country where your organization resides
`org_name`	The name of your organization
`org_phone`	The phone number of your organization
`org_postalCode`	The postal code of your organization
`org_region`	The region of your organization, typically a state or province
`csr_c`	The country name included in the certificate Country (C) field
`csr_o`	The organization name included in the certificate Organization (O) field
`csr_st`	The state or province name included in the certificate State (ST) field
`csr_sans`	A comma-separated list of subject alternative names (SAN) included in the certificate subjectAltName field

domain_name

The domain name included in the certificate Common Name (CN) field

secureNetwork

The type of secure network where you want to deploy the certificate. The possible values are standard-tls (a standard secure network) and enhanced-tls (an enhanced security network). The default value is standard-tls.

cert_type

The key algorithm to use for certificate enrollment. The possible values are rsa(RSA 2048-bit) and ecc (ECDSA P-256). The default value is ecc.

geography

Specifies the region where you want to deploy the certificate. You can include China and Russia if your Akamai contract specifies your ability to do so and you have approval from the Chinese and Russian government. The default value is core.

The possible values are:

core: Deploy the certificate worldwide (includes China and Russia).
china+core: Deploy the certificate worldwide and for China, but not for Russia.
russia+core: Deploy the certificate worldwide and for Russia, but not for China.

techContact_email

The email address of the Akamai administrator who you want to use as a contact at your company

techContact_firstName

The first name of the Akamai administrator who you want to use within Akamai

techContact_lastName

The last name of the Akamai administrator who you want to use within Akamai

adminContact_email

The email or a comma-separated list of emails of the certificate requester

adminContact_firstName

The first name of the certificate administrator who you want to use as a contact at your company

adminContact_lastName

The last name of the certificate administrator who you want to use as a contact at your company

adminContact_phone

The phone number of the certificate requester

org_addressLineOne

The address of your organization

org_city

The locality name included in the certificate Locality (L) field

org_country

The country where your organization resides

org_name

The name of your organization

org_phone

The phone number of your organization

org_postalCode

The postal code of your organization

org_region

The region of your organization, typically a state or province

csr_c

The country name included in the certificate Country (C) field

csr_o

The organization name included in the certificate Organization (O) field

csr_st

The state or province name included in the certificate State (ST) field

csr_sans

A comma-separated list of subject alternative names (SAN) included in the certificate subjectAltName field