Configuring the plugin

The Sectigo Jenkins plugin requires that certain variables are provided. The variables required are dependent on the specific use case. These values need to be provided in the configuration file that can be either in YAML or JSON format. Some values can also be provided in the Jenkins pipeline or Jenkinsfile as parameters when a certificate operation is requested.

The following tables list the parameters that can be used with the available configurations.

Customer-specific parameters

The following parameters are required to establish connection with SCM.

Parameter Description

Parameter	Description
`sectigo_cm_user`	User ID to access your URL
`sectigo_cm_password`	Password to access your URL
`sectigo_cm_uri`	Your Sectigo URI
`sectigo_cm_org_id`	Your Organization ID (numeric)
`sectigo_cm_base_url`	The base URL of the Sectigo Certificate Authority. If provided, the host name will be extracted and used. Required if `sectigo_cm_host_name` is not provided.
`sectigo_cm_host_name`	The host name of the Sectigo Certificate Authority. Required if `sectigo_cm_base_url` is not provided.

sectigo_cm_user

User ID to access your URL

sectigo_cm_password

Password to access your URL

sectigo_cm_uri

Your Sectigo URI

sectigo_cm_org_id

Your Organization ID (numeric)

sectigo_cm_base_url

The base URL of the Sectigo Certificate Authority. If provided, the host name will be extracted and used.

Required if sectigo_cm_host_name is not provided.

sectigo_cm_host_name

The host name of the Sectigo Certificate Authority.

Required if sectigo_cm_base_url is not provided.

CSR parameters

The following parameters are required during the generation of the certificate signing request (CSR).

Parameter Type Description

Parameter	Type	Description
`sectigo_csr_domain`	Conditional	A single value for a domain which is included in the certificate Common Name (CN) field. Required if `sectigo_csr_subject` or `sectigo_csr` is not provided.
`sectigo_csr_subject`	Conditional	This parameter can be provided instead of specifying each CSR parameter individually. If specified, the default values will be used for `sectigo_csr_key_algo` and `sectigo_csr_key_size`. When using `sectigo_csr_subject`, you can specify specific values in the `sectigo_csr_key_algo` and `sectigo_csr_key_size` parameters if you don’t want to use the default values. Required if `sectigo_csr_subject` or the individual CSR parameters have not been provided. Parameters specified within `sectigo_csr_subject` take priority over any parameters specified individually (excluding `sectigo_csr_key_algo` and `sectigo_csr_key_size`).
`sectigo_csr_country`	Conditional	The country name which is included in the certificate Country (C) field. Required if `sectigo_csr_subject` or `sectigo_csr` is not provided.
`sectigo_csr_state`	Conditional	The state/province name which is included in the certificate State (ST) field. Required if `sectigo_csr_subject` or `sectigo_csr` is not provided.
`sectigo_csr_location`	Conditional	The location name included in the certificate Location (L) field. Required if `sectigo_csr_subject` or `sectigo_csr` is not provided.
`sectigo_csr_organization`	Conditional	The organization name included in the certificate Organization (O) field. Required if `sectigo_csr_subject` or `sectigo_csr` is not provided.
`sectigo_csr_organization_unit`	Conditional	The organization unit included in the certificate Organization Unit (OU) field. Required if `sectigo_csr_subject` or `sectigo_csr` is not provided.
`sectigo_csr_email_address`	Conditional	The email address which is included in the certificate emailAddress field. Required if `sectigo_csr_subject` or `sectigo_csr` is not provided.
`sectigo_csr`	Conditional	The full path to the CSR file. If this is provided, the subject parameters are ignored.
`sectigo_csr_key_algo`	Optional	The private key algorithm used to generate the private key. The default value is `RSA`.
`sectigo_csr_key_size`	Optional	The size of the TLS/SSL keys to generate. The possible values are: 2048: for 2048-bit (default) 3072: for 3072-bit 4096: for 4096-bit

sectigo_csr_domain

Conditional

A single value for a domain which is included in the certificate Common Name (CN) field.

Required if sectigo_csr_subject or sectigo_csr is not provided.

sectigo_csr_subject

Conditional

This parameter can be provided instead of specifying each CSR parameter individually. If specified, the default values will be used for sectigo_csr_key_algo and sectigo_csr_key_size. When using sectigo_csr_subject, you can specify specific values in the sectigo_csr_key_algo and sectigo_csr_key_size parameters if you don’t want to use the default values.

Required if sectigo_csr_subject or the individual CSR parameters have not been provided. Parameters specified within sectigo_csr_subject take priority over any parameters specified individually (excluding sectigo_csr_key_algo and sectigo_csr_key_size).

sectigo_csr_country

Conditional

The country name which is included in the certificate Country (C) field.

Required if sectigo_csr_subject or sectigo_csr is not provided.

sectigo_csr_state

Conditional

The state/province name which is included in the certificate State (ST) field.

Required if sectigo_csr_subject or sectigo_csr is not provided.

sectigo_csr_location

Conditional

The location name included in the certificate Location (L) field.

Required if sectigo_csr_subject or sectigo_csr is not provided.

sectigo_csr_organization

Conditional

The organization name included in the certificate Organization (O) field.

Required if sectigo_csr_subject or sectigo_csr is not provided.

sectigo_csr_organization_unit

Conditional

The organization unit included in the certificate Organization Unit (OU) field.

Required if sectigo_csr_subject or sectigo_csr is not provided.

sectigo_csr_email_address

Conditional

The email address which is included in the certificate emailAddress field.

Required if sectigo_csr_subject or sectigo_csr is not provided.

sectigo_csr

Conditional

The full path to the CSR file. If this is provided, the subject parameters are ignored.

sectigo_csr_key_algo

Optional

The private key algorithm used to generate the private key. The default value is RSA.

sectigo_csr_key_size

Optional

The size of the TLS/SSL keys to generate. The possible values are:

2048: for 2048-bit (default)
3072: for 3072-bit
4096: for 4096-bit

Certificate issuance parameters

The following parameters are used for certificate issuance. This operation supports different scenarios that require different parameters.

Parameter Type Description

Parameter	Type	Description
Certificate issuance
`sectigo_ssl_cert_file_path`	Optional	The location where the certificate is to be stored. The same location is used to store the CSR, private key, and enrollment IDs. The default is the config file’s path.
`sectigo_ssl_cert_file_name`	Mandatory	The name of the certificate file. The same name is used for the CSR, private key, and enrollment IDs. The default value is `SSl_Certificate`.
`sectigo_ssl_cert_type`	Mandatory	The type of SSl certificate (numeric). This is the ID of the SSL certificate type.
`sectigo_ssl_cert_validity`	Mandatory	The certificate validity period in days (numeric). The values are dependent on the selected `sectigo_ssl_cert_type`.
`sectigo_ssl_cert_num_servers`	Conditional	The number of server licenses (numeric)
`sectigo_ssl_cert_subject_alt_names`	Optional	A comma-separated list of subject alternative names (SAN)
`sectigo_ssl_cert_external_requester`	Optional	A comma-separated list of emails
`sectigo_ssl_cert_format_type`	Optional	The format type for the SSL certificate. The supported values are: x509: X509, Base64 ended (default) x509CO: X509 Certificate only, Base64 encoded x509IO: X509 Intermediates/Root only, Base64 encoded base64: PKCS#7 Base64 encoded bin: PKCS#7 Bin encoded x509IOR: X509 Intermediates/Root only Reverse, Base64 encoded
`sectigo_ssl_cert_comments`	Optional	Comments for certificate enrollment
`sectigo_ssl_cert_custom_fields`	Optional	The custom fields to be applied to requested certificate. The expected format for custom fields is the following. `[{"name":"custom_field_1", "value":"value_1"}, {"name":"custom_field_2", "value":"value_2"}]`. If you are providing this input in a JSON string, make sure that the internal double quotes are escaped properly using `\`.
`sectigo_ssl_cert_server_type`	Optional	The server type ID (numeric).
Auto-renewal
`sectigo_auto_renew`	Optional	`true` if auto-renewal option is enabled. The default value is `true`. If you do not want to automatically renew certificates, you must specify `false` for this parameter.
`sectigo_expiry_window`	Conditional	The period of days prior to expiration that a new SSL certificate enrollment process will be initiated if an issue operation is started. The default expiry window is `7` days.

Certificate issuance

sectigo_ssl_cert_file_path

Optional

The location where the certificate is to be stored.

The same location is used to store the CSR, private key, and enrollment IDs. The default is the config file’s path.

sectigo_ssl_cert_file_name

Mandatory

The name of the certificate file.

The same name is used for the CSR, private key, and enrollment IDs. The default value is SSl_Certificate.

sectigo_ssl_cert_type

Mandatory

The type of SSl certificate (numeric). This is the ID of the SSL certificate type.

sectigo_ssl_cert_validity

Mandatory

The certificate validity period in days (numeric). The values are dependent on the selected sectigo_ssl_cert_type.

sectigo_ssl_cert_num_servers

Conditional

The number of server licenses (numeric)

sectigo_ssl_cert_subject_alt_names

Optional

A comma-separated list of subject alternative names (SAN)

sectigo_ssl_cert_external_requester

Optional

A comma-separated list of emails

sectigo_ssl_cert_format_type

Optional

The format type for the SSL certificate. The supported values are:

x509: X509, Base64 ended (default)
x509CO: X509 Certificate only, Base64 encoded
x509IO: X509 Intermediates/Root only, Base64 encoded
base64: PKCS#7 Base64 encoded
bin: PKCS#7 Bin encoded
x509IOR: X509 Intermediates/Root only Reverse, Base64 encoded

sectigo_ssl_cert_comments

Optional

Comments for certificate enrollment

sectigo_ssl_cert_custom_fields

Optional

The custom fields to be applied to requested certificate. The expected format for custom fields is the following.

[{"name":"custom_field_1", "value":"value_1"}, {"name":"custom_field_2", "value":"value_2"}].

If you are providing this input in a JSON string, make sure that the internal double quotes are escaped properly using \.

sectigo_ssl_cert_server_type

Optional

The server type ID (numeric).

Auto-renewal

sectigo_auto_renew

Optional

true if auto-renewal option is enabled. The default value is true.

If you do not want to automatically renew certificates, you must specify false for this parameter.

sectigo_expiry_window

Conditional

The period of days prior to expiration that a new SSL certificate enrollment process will be initiated if an issue operation is started.

The default expiry window is 7 days.

Certificate collection parameters

The collection operation may fail if the certificate is still being processed. In such cases, the Sectigo Jenkins integration will try several times before returning a failure. The following parameters are used to configure the frequency and maximum time for additional attempts at certificate collection.

Parameter Type Description

Parameter	Type	Description
`sectigo_loop_period`	Optional	The interval (in seconds) between repeated attempts to collect a certificate. The default value is `30`.
`sectigo_max_timeout`	Optional	The maximum time (in seconds) during which repeated attempts to collect a certificate will be made. The default value is `600`.

sectigo_loop_period

Optional

The interval (in seconds) between repeated attempts to collect a certificate. The default value is 30.

sectigo_max_timeout

Optional

The maximum time (in seconds) during which repeated attempts to collect a certificate will be made. The default value is 600.

Certificate renewal and revocation parameters

Certificates can be manually renewed or revoked. In such cases the following parameters are needed.

Parameter Type Description

Parameter	Type	Description
`sectigo_ssl_id`	Mandatory	The ID of the SSL certificate to be renewed or revoked.
`sectigo_reason`	Mandatory	The reason why a certificate is to be revoked. This parameter is required for the revoke operation.

sectigo_ssl_id

Mandatory

The ID of the SSL certificate to be renewed or revoked.

sectigo_reason

Mandatory

The reason why a certificate is to be revoked. This parameter is required for the revoke operation.

Other parameters

The following parameters are used to modify the behavior of the issuance operation.

Parameter Type Description

Parameter	Type	Description
`sectigo_force_issue`	Optional	Used to issue a new certificate even if there is already a certificate on the target server. The default value is `false`. If `true`, the existing certificate will be backed up and any related information (Key, CSR, ID) will be deleted. This option is required if the certificate information (such as domain) has changed and a new certificate is required. It is suggested that you set `sectigo_force_Issue` back to `false` following the collection of a new certificate. This will help prevent costs associated with unintended certificate replacements.
`sectigo_force_collect`	Optional	Used to collect the certificate even if a valid certificate is already available. The default value is `false`. If `true`, the existing certificate will be backed up. This operation is required if a different certificate format is needed.

sectigo_force_issue

Optional

Used to issue a new certificate even if there is already a certificate on the target server. The default value is false.

If true, the existing certificate will be backed up and any related information (Key, CSR, ID) will be deleted. This option is required if the certificate information (such as domain) has changed and a new certificate is required. It is suggested that you set sectigo_force_Issue back to false following the collection of a new certificate. This will help prevent costs associated with unintended certificate replacements.

sectigo_force_collect

Optional

Used to collect the certificate even if a valid certificate is already available. The default value is false.

If true, the existing certificate will be backed up. This operation is required if a different certificate format is needed.

Jenkins pipeline parameters

The following parameters are used for the call in Jenkins. Some of these parameters can be provided from the configuration file.

Parameter Description

Parameter	Description
`operation`	The operation to be performed. The supported values are: `issue` `revoke` `renew` Must be provided in the Jenkinsfile/Jenkins pipeline when the plugin is called.
`cfgFile`	The configuration file’s name and location. Must be provided in the Jenkinsfile/Jenkins pipeline when the plugin is called.
`format`	The format of the configuration file. The supported formats are JSON and YAML. Must be provided in the Jenkinsfile/Jenkins pipeline when the plugin is called.
`certID`	The `sslId` of the certificate. Alternatively, this parameter can be provided in the configuration file through the `sectigo_ssl_id`. For more information on `certId`, see Operation: renew or Certificate revocation.
`cmHostname`	The host name of the Sectigo Certificate Authority. Alternatively, this parameter can be provided in the configuration file through the `sectigo_cm_host_name` parameter.
`cmUri`	Your specific SCM URI. Alternatively, this parameter can be provided in the configuration file through the `sectigo_cm_user` parameter.
`cmUser`	User ID to access your SCM URI. Alternatively, this parameter can be provided in the configuration file through the `sectigo_cm_user` parameter.
`cmPassword`	Password to access your SCM URI. Alternatively, this parameter can be provided in the configuration file through the `sectigo_cm_password` parameter.

operation

The operation to be performed. The supported values are:

issue
revoke
renew

Must be provided in the Jenkinsfile/Jenkins pipeline when the plugin is called.

cfgFile

The configuration file’s name and location.

Must be provided in the Jenkinsfile/Jenkins pipeline when the plugin is called.

format

The format of the configuration file. The supported formats are JSON and YAML.

Must be provided in the Jenkinsfile/Jenkins pipeline when the plugin is called.

certID

The sslId of the certificate. Alternatively, this parameter can be provided in the configuration file through the sectigo_ssl_id.

For more information on certId, see Operation: renew or Certificate revocation.

cmHostname

The host name of the Sectigo Certificate Authority.

Alternatively, this parameter can be provided in the configuration file through the sectigo_cm_host_name parameter.

cmUri

Your specific SCM URI.

Alternatively, this parameter can be provided in the configuration file through the sectigo_cm_user parameter.

cmUser

User ID to access your SCM URI.

Alternatively, this parameter can be provided in the configuration file through the sectigo_cm_user parameter.

cmPassword

Password to access your SCM URI.

Alternatively, this parameter can be provided in the configuration file through the sectigo_cm_password parameter.