To integrate a Sectigo Certificate Authority, select this connector and configure the following settings.
Sectigo settings
Configure the following mandatory Sectigo settings.
Setting | Value |
|---|---|
Customer URI | The customer identifier provided by Sectigo |
Organization ID | The organization identifier provided by Sectigo |
URL | The URL of the Sectigo API |
Authentication settings
To authenticate in Sectigo with a password, enter the following values.
Setting | Value |
|---|---|
Login Userid | A Sectigo login name for a user with the privileges described in Setting Sectigo permissions for API login |
Login Password | The password of the selected Sectigo login name |
To authenticate with the client store created in Creating a Sectigo client key store, click + Sectigo CA Properties and manually enter the following key-value pairs.
Key | Value |
|---|---|
client-cert-key-store | The path of the client trust store described in Creating a Sectigo client key store |
client-cert-key-alias | The alias of the client key in the client trust store |
client-cert-key-store-password | The password of the client trust store |
client-cert-key-store-type | The type of client trust store. Supported values are |
SSL settings
Configure the following mandatory SSL settings to connect with the Sectigo API.
Setting | Value |
|---|---|
SSL Truststore File | The path of the trust store described in Creating the Sectigo SSL credentials trust store |
ssl-trust-store-password | The password of the trust store |
SSL Truststore Type | The type of CA Gateway trust store. Supported values are |
Enrollment settings
The following settings control the enrollment requests.
Key | Value | Default |
|---|---|---|
enroll-back-off-timer | The starting back-off period for certificate retrieval | 2 sec |
enroll-max-back-off-timer | The maximum back-off period before the next certificate retrieval attempt | 32 sec |
enroll-max-attempts | The maximum number of certificate retrieval attempts | 5 |
After submitting an enrollment, CA Gateway waits for the following period.
min(enroll-back-off-timer^attempt, enroll-max-back-off-timer)Where the attempt value:
- Starts at 1 on the first enrollment attempt.
- Is increased by 1 after each retrieval attempt, until reaching the
enroll-max-attemptsvalue.
CA Gateway responds with the following HTTP codes to the client enrollment requests.
Code | Description |
|---|---|
HTTP 200 | The certificate has been retrieved on time |
HTTP 202 | The request has been processed, but CA Gateway has exceeded the |
HTTP 404 | Any other failure |
When receiving a HTTP 202 response, you can:
- Look up the certificate using the
{caId}Certificate Authority identifier and the{dn}Distinguished Name./v1/certificate-authorities/{caId}/subjects/{dn} - Ascertain the serial number from the response.
- Look up the certificate using the
{sn}serial number./v1/certificate-authorities/{caId}/certificates/{sn}
Proxy settings
Configure the following settings if traffic to the CA server passes through a proxy.
The proxy configured using these settings is part of your corporate infrastructure; it is not an Entrust product.
setting | Value |
|---|---|
proxy-host-name | The hostname of the proxy for accessing the CA server. |
proxy-port | The port for accessing the proxy |
proxy-username | The username for authenticating in the proxy (if required) |
proxy-password | The password for authenticating in the proxy (if required) |