Sectigo.com
Shop Enterprise Partners Resources

Using the connector

To list all possible options for the connector, run it with the --help option.

./sectigo-java-agent --help

Enroll a certificate

./sectigo-java-agent run

Don’t remove the cache.csv file after enrolling a certificate. The connector uses the information herein to check the certificate’s expiration date and renew the certificate.

If you remove a JKS file manually from the remote machine, delete the corresponding entry in the cache.csv file.

Renew a certificate

Set the renewal period in the expiry_window parameter of the certificates.yaml file and run the connector.

./sectigo-java-agent run

The expiry_window parameter doesn’t affect the renewal process for revoked certificates—​if the connector identifies a revoked certificate, it enrolls a new certificate using the information from the certificate configuration file.

Enable auto-renewal

You can create a cronjob that will invoke the connector on a schedule (see crontab for cron schedule expressions) to check whether the certificate is eligible for renewal:

  1. Run crontab -e on the terminal.

  2. Select an editor.

  3. Add a cronjob that will trigger the connector.

    The following example triggers the connector every week.

    0 0 * * 7  cd /home/sectigo/ && ./sectigo-java-agent run

  4. Save the crontab file.

Revoke and replace a certificate

Certificate revocation is done manually in SCM. If a certificate is revoked in SCM, then during the next connector execution, the Sectigo CA server issues a new certificate, unless the certificate profile file has been removed.

View the logs

The log files are stored in the ./logs directory.

View the partial sample log file 
time="2024-04-28T02:35:28+04:00" level=debug
time="2024-04-28T02:35:28+04:00" level=debug msg="processing directory ./domains"
time="2024-04-28T02:35:28+04:00" level=debug msg="reading certificates config domains/certificates.yaml..."
time="2024-04-28T02:35:28+04:00" level=debug msg="configuration from domains/certificates.yaml file loaded!"
time="2024-04-28T02:35:28+04:00" level=trace msg="domains/certificates.yaml file content: [{{tomcat1 0 0 []   map[] tomcat1.john-doe.com CA Ontario Ottawa DoePrivateCA [email protected] false 15 true <nil> } [tomcat1_serv]} {{tomcat2 0 0 []   map[] tomcat2.john-doe.com CA Ontario Ottawa DoePrivateCA [email protected] false 15 true <nil> } [tomcat2_serv]}]"
time="2024-04-28T02:35:28+04:00" level=debug msg="certificate count to be processed: 2"
time="2024-04-28T02:35:28+04:00" level=info msg="cacheFilePath : domains/cache.csv"
time="2024-04-28T02:35:28+04:00" level=debug msg="processing certificate: 0"
time="2024-04-28T02:35:28+04:00" level=debug msg="certificate: {{tomcat1 0 0 []   map[] tomcat1.john-doe.com CA Ontario Ottawa DoePrivateCA [email protected] false 15 true <nil> } [tomcat1_serv]}"
time="2024-04-28T02:35:28+04:00" level=debug msg="enrolling new certificate..."
time="2024-04-28T02:35:32+04:00" level=trace msg="new certificate id: eyJpZCI6NDQwMTcsInR5cGUiOiJTU0wifQ=="
time="2024-04-28T02:35:32+04:00" level=debug msg="getting certificate content..."
time="2024-04-28T02:35:32+04:00" level=trace msg="certificate content:
-----BEGIN CERTIFICATE-----
{redacted}
-----END CERTIFICATE-----\n"
time="2024-04-28T02:35:32+04:00" level=debug msg="writing crt file: domains/tomcat1.crt"
time="2024-04-28T02:35:32+04:00" level=debug msg="saving cache {eyJpZCI6NDQwMTcsInR5cGUiOiJTU0wifQ== tomcat1} to cache domains/cache.csv..."
time="2024-04-28T02:35:32+04:00" level=debug msg="importing certificate tomcat1 to keystore..."
time="2024-04-28T02:35:33+04:00" level=debug msg="transfering file domains/tomcat1.jks to server tomcat1_serv..."
time="2024-04-28T02:35:33+04:00" level=trace msg="deleting related files..."