The Sectigo Docker integration provides a seamless way to retrieve SSL/TLS certificates issued by the Sectigo Certificate Manager (SCM). The certificate can be used to secure a Docker container and its communication with other containers.
The Sectigo Docker integration provides an
entrypoint that can be incorporated with any Dockerfile.
It seamlessly generates the key and certificate signing request and returns the certificate issued by SCM. The use of certificates can be configured by Docker users as per their requirements.
entrypoint supports both the generation of new SSL certificates and the use of existing certificates stored in a location accessible to a Dockerfile.
entrypoint also checks the validity of a certificate when an existing certificate is used.
There are various types of SSL certificates that can be requested by supplying the configuration options.
|The types of certificates available to you are based on your account setup.
This integration guide describes how to use
sectigo-ssl-entrypoint.py to provision SSL/TLS certificates from SCM to set up secure Docker containers.
The Sectigo Docker integration package contains the following:
sectigo-ssl-entrypoint.py: A Python script which validates a certificate, generates a private key and CSR, enrolls and collects the SSL certificate, and saves it to the specified location.
sectigo-ssl-config.txt: This file contains the configuration information for
Sample: This folder contains a sample Dockerfile, NGINX configuration file,
index.html, and a Bash script to automate the deployment. For more information, see Understanding the Docker sample folder.
All commands must be run from inside the
Sample folder is comprised of the following parts:
Dockerfile: A sample Dockerfile that is used to spin up the Docker container that calls
ENTRYPOINT. The Dockerfile uses Ubuntu 18.04 as a base image and installs Python version 3.x. Volumes to store the certificates can be configured as per actual usage.
Dockerfile-2x: A sample Dockerfile that is used to spin up the Docker container that calls
ENTRYPOINT. The Dockerfile downloads the Ubuntu 16.04 image and installs Python version 2.x. Volumes to store the certificates can be configured as per actual usage.
server.conf: A pre-configured Nginx configuration file. The SSL configuration is the crucial part which contains the path of the
.crtfiles and port 443 configurations. The certificate and key files are generated as per the
CERT_FILE_NAMEparameter in the
index.html: The home page that gets displayed when you access the URL for which you configured the certificates.
build.sh: This file automates the entire process of building the Dockerfile and getting the running the container. You can run this file from the projects root folder by executing the `bash Sample/build.sh`command.