APPLIES TO: Versions 19.1 and later
SUMMARY:
This article describes the steps required to import certificates from Sectigo. With the feature release of the Adaptable CA driver in version 19.1, the Trust Protection Platform is able to integrate with a multitude of Certificate Authorities and perform various functions utilizing API/SDK endpoints and custom PowerShell scripts.
PREREQUISITES:
This article assumes the successful completion of downloading a certificates report from Sectigo Certificate Manager ("SCM"). For more information, follow the link https://support.venafi.com/hc/en-us/articles/360031076591-Bulk-Export-Import-Certificates-from-Sectigo
The output file containing the certificates id's must be placed on the TPP server.
OVERVIEW:
The Sectigo import process follows these high-level steps. Details for each step are documented below.
- Applying the Sectigo Certificate Import Script
- Configuring Aperture for Certificate Import Job
APPLYING THE SECTIGO CERTIFICATE IMPORT SCRIPT
1. Download the attached "Sectigo Certificate Import.ps1" file and save to the following folder of the TPP server:
<VenafiInstallationPath>\Scripts\AdaptableCA\
2. Open the Sectigo Certificate Import file for editing.
3. The following variables must be modified:
Variable | New Value | Description |
$global:cert_id_file | Path to Sectigo certificate CSV report | This value requires the absolute path to the certificate CSV report. (i.e. - C:\cert_ids.csv) |
$global:sectigo_api_url | The base Sectigo API URL | This value requires the base URL for API calls. (i.e. - https://cert-manager.com/api/ssl/v1 |
$global:customer_url | The customer URI of the SCM account |
The customer URI is the suffix of the URL used to access SCM. SCM URLs use the following format: https://cert-manager.com/customer/[customer URI] |
4. Save and close the script.
CONFIGURING APERTURE FOR CERTIFICATE IMPORT JOB
1. Login to the Aperture web portal as a Master Administrator.
2. Navigate to the "Jobs" page.
3. Click "+ Create New Job" to begin the create new job wizard.
4. Select "Certificate Import" option and click "Start".
5. Enter the job details:
i. Name (mandatory): The name of the job.
ii. Description (optional): Brief description for the purpose of the job.
iii. Import Type (mandatory): Select "Adaptable" option from list.
iv. Contacts (optional): The assigned owner of the certificate. If not supplied, policy will govern the owner.
v. Click "Next".
6. Configure the job settings:
i. PowerShell Script (mandatory): Select the "Sectigo Certificate Import" script.
ii. Username Credential (mandatory): This script requires as username credential. If one has not been created, click "Create New Credential" to create a new username credential.
iii. Platform Engine (mandatory): Select the engine where the "Sectigo Certificate Import" script is located.
iv. Include Expired Certificates: Not supported.
v. Include Revoked Certificates: Not supported.
vi. Assign Contact value to Issued To: Not Supported
vii. Certificate Origin (version 19.2): Not Supported
viii. Click "Next".
7. Configure the certificate import placement settings:
i. Select the specific policy folder where certificates will be placed during the import.
ii. Click "Next".
8. Configure the occurrence settings of the import job. It is recommended that import jobs follow a cadence to continue importing certificates which are created manually outside of TPP. Click "Create Job" when finished.
9. From the "Job" dashboard, you may choose to run the import job at anytime by clicking "Run Now".
Comments