Sectigo.com
Shop Enterprise Partners Resources

Using the connector

This page provides commands for enrolling and managing certificates using the Akamai Terraform Provider.

Enroll a certificate

To enroll a certificate for a domain, navigate to the directory that contains the main.tf file for your domain (for example, ./example/main.tf) and run these Terraform commands.

terraform init
terraform plan
terraform apply

The connector performs the following actions:

  1. Collects information from the Terraform variables.

  2. Sends an enrollment request to Akamai CPS. Akamai accepts this request and creates a certificate record in CPS.

  3. Downloads the CSR file from Akamai CPS.

  4. Sends the CSR to SCM. SCM signs the CSR and generates a certificate and trust chain.

  5. Downloads the certificate and trust chain files from SCM.

  6. Uploads the certificate and trust chain files to Akamai CPS.

  7. Deploys the certificate to the production environment on Akamai. The certificate cannot be used in production without this step.

    Deploying a certificate on Akamai may take 10-15 minutes.

Possible errors include:

  • Invalid or empty values in the variables.tf or ./example/main.tf files

  • Authentication or authorization issues with the Sectigo API request

  • Akamai may take a long time to respond.

The following image shows provisioned certificates in Akamai CPS.

Provisioned certificates in Akamai CPS

Renew a certificate

  1. Navigate to the directory which was used for certificate enrollment.

  2. Run terraform apply.

This will enroll a new certificate with the same attributes and values as in the existing certificate. The old certificate remains valid if you don’t revoke it manually in SCM.

Deploying a certificate on Akamai may take 10-15 minutes.

Replace a certificate

The replace action updates an existing certificate with new attributes or values. The validity period remains the same.

  1. Navigate to the directory that contains the main.tf file for the existing certificate.

  2. Update the value of the sans or any other variable and change the value of the key_type variable to replace.

  3. Run these Terraform commands.

terraform init
terraform plan
terraform apply
Deploying a certificate on Akamai may take 10-15 minutes.

Delete a certificate

To delete a certificate from Akamai CPS, navigate to the ./example directory and run terraform destroy.

Deleting a certificate from Akamai CPS may take a few hours. The old certificate remains valid in SCM if you don’t revoke it manually.

View the logs

The SCM logs are stored in the ./example/scm.log file.

To enable Terraform log generation, set the TF_LOG_PATH environment variable.

export TF_LOG_PATH=./terraform.log

We recommend that you keep the logs throughout the certificate lifecycle.