Overview
The Sectigo Docker integration provides a seamless way to retrieve SSL/TLS certificates issued by the Sectigo Certificate Manager (SCM). The certificate can be used to secure a Docker container and its communication with other containers.
The Sectigo Docker integration provides an entrypoint
that can be incorporated with any Dockerfile.
It seamlessly generates the key and certificate signing request and returns the certificate issued by SCM. The use of certificates can be configured by Docker users as per their requirements.
The entrypoint
supports both the generation of new SSL certificates and the use of existing certificates stored in a location accessible to a Dockerfile.
The entrypoint
also checks the validity of a certificate when an existing certificate is used.
There are various types of SSL certificates that can be requested by supplying the configuration options.
The types of certificates available to you are based on your account setup. |
This integration guide describes how to use sectigo-ssl-entrypoint.py
to provision SSL/TLS certificates from SCM to set up secure Docker containers.
Package contents
The Sectigo Docker integration package contains the following:
-
sectigo-ssl-entrypoint.py: A Python script which validates a certificate, generates a private key and CSR, enrolls and collects the SSL certificate, and saves it to the specified location.
-
sectigo-ssl-config.txt: This file contains the configuration information for
sectigo-ssl-entrypoint.py
. -
Sample: This folder contains a sample Dockerfile, NGINX configuration file,
index.html
, and a Bash script to automate the deployment. For more information, see Understanding the Docker sample folder.
All commands must be run from inside the |
Understanding the Docker sample folder
The Sample
folder is comprised of the following parts:
-
Dockerfile: A sample Dockerfile that is used to spin up the Docker container that calls
sectigo-ssl-entrypoint.py
as anENTRYPOINT
. The Dockerfile uses Ubuntu 18.04 as a base image and installs Python version 3.x. Volumes to store the certificates can be configured as per actual usage. -
Dockerfile-2x: A sample Dockerfile that is used to spin up the Docker container that calls
sectigo-ssl-entrypoint.py
as anENTRYPOINT
. The Dockerfile downloads the Ubuntu 16.04 image and installs Python version 2.x. Volumes to store the certificates can be configured as per actual usage. -
server.conf: A pre-configured Nginx configuration file. The SSL configuration is the crucial part which contains the path of the
.key
and.crt
files and port 443 configurations. The certificate and key files are generated as per theCERT_FILE_NAME
parameter in thesectigo-ssl-config.txt
file. -
index.html: The home page that gets displayed when you access the URL for which you configured the certificates.
-
build.sh: This file automates the entire process of building the Dockerfile and getting the running the container. You can run this file from the projects root folder by executing the `bash Sample/build.sh`command.