Sectigo.com
Shop Enterprise Partners Resources

Overview

The Sectigo Docker integration provides a seamless way to retrieve SSL/TLS certificates issued by the Sectigo Certificate Manager (SCM). The certificate can be used to secure a Docker container and its communication with other containers.

The Sectigo Docker integration provides an entrypoint that can be incorporated with any Dockerfile. It seamlessly generates the key and certificate signing request and returns the certificate issued by SCM. The use of certificates can be configured by Docker users as per their requirements. The entrypoint supports both the generation of new SSL certificates and the use of existing certificates stored in a location accessible to a Dockerfile. The entrypoint also checks the validity of a certificate when an existing certificate is used. There are various types of SSL certificates that can be requested by supplying the configuration options.

The types of certificates available to you are based on your account setup.

This integration guide describes how to use sectigo-ssl-entrypoint.py to provision SSL/TLS certificates from SCM to set up secure Docker containers.

Docker Sectigo integration

Package contents

The Sectigo Docker integration package contains the following:

  • sectigo-ssl-entrypoint.py: A Python script which validates a certificate, generates a private key and CSR, enrolls and collects the SSL certificate, and saves it to the specified location.

  • sectigo-ssl-config.txt: This file contains the configuration information for sectigo-ssl-entrypoint.py.

  • Sample: This folder contains a sample Dockerfile, NGINX configuration file, index.html, and a Bash script to automate the deployment. For more information, see Understanding the Docker sample folder.

All commands must be run from inside the Sectigo-Docker-Integration directory.
Sectigo Docker integration package

Understanding the Docker sample folder

The Sample folder is comprised of the following parts:

  • Dockerfile: A sample Dockerfile that is used to spin up the Docker container that calls sectigo-ssl-entrypoint.py as an ENTRYPOINT. The Dockerfile uses Ubuntu 18.04 as a base image and installs Python version 3.x. Volumes to store the certificates can be configured as per actual usage.

  • Dockerfile-2x: A sample Dockerfile that is used to spin up the Docker container that calls sectigo-ssl-entrypoint.py as an ENTRYPOINT. The Dockerfile downloads the Ubuntu 16.04 image and installs Python version 2.x. Volumes to store the certificates can be configured as per actual usage.

  • server.conf: A pre-configured Nginx configuration file. The SSL configuration is the crucial part which contains the path of the .key and .crt files and port 443 configurations. The certificate and key files are generated as per the CERT_FILE_NAME parameter in the sectigo-ssl-config.txt file.

  • index.html: The home page that gets displayed when you access the URL for which you configured the certificates.

  • build.sh: This file automates the entire process of building the Dockerfile and getting the running the container. You can run this file from the projects root folder by executing the `bash Sample/build.sh`command.