Sectigo Connector for Java ("the connector") is a certificate management solution developed as an executable file to automate the enrollment and management of SSL/TLS certificates for Java servers. The connector can enroll certificates with both ACME and REST API servers.
The current version of the connector is designed as a standalone solution to enroll and manage certificates that should be manually imported to the Java KeyStore and CACert store on the Java server.
The connector can obtain the following types of SSL/TLS certificates:
Domain Validation (DV)
Organization Validation (OV)
Extended Validation (EV) certificates
The following key types are supported: RSA-2048, RSA-3072, RSA-4096, and ECDSA-256.
This guide is intended for IT administrators and system administrators who have knowledge of IT security, cloud security, and are also familiar with SCM.
This guide covers instructions on connecting to the Sectigo ACME or REST API servers and enrolling or renewing certificates. Importing the enrolled certificates to a keystore is outside the scope of this guide.
During execution, the connector does the following:
certificates.ymlfile(s) in the
domainsdirectory and its subdirectories (if any) to get the CSR filename(s) and other certificate enrollment information. If you have multiple CSR files and an error occurs while reading one of them (for example, the file is not found), the tool ignores that file and proceeds to the next.
Sends the CSR with an enrollment request to Sectigo Certificate Manager (SCM).
Downloads the public certificate (
.crt) and certificate ID (
.ids) files to the directory that hosts
certificates.yml. The entire certificate chain is downloaded from SCM: a common file (which includes the root CA, issuing CA, and server (leaf) certificates), and the same certificates presented as three separate files. Additionally, the server certificate and its chain are converted to a
The configuration information can be stored in plaintext or encrypted form.
The package contains the following components:
domains: This folder contains the
certificate.ymlfile, CSRs, and provisioned certificates. You can change the folder name or location for these files using the
directoryparameter in the
certificates.yml: This file contains information for enrolling certificates, such CSR filenames, renewal window, and more. The
certificates.ymlfile and your CSR can reside in the
domainsroot folder or you can place them in subfolders for specific domains.
config.yml: This files stores the secrets and configuration
SCM Client EULA v1.0.1.txt: The EULA agreement. You need to accept it when running
sectigo-java-agentfor the first time.
sectigo-java-agent: The connector as an executable file