ContextQMD
Back to Infisical

Sectigo

docs/documentation/platform/pki/ca/sectigo.mdx

0.160.12.9 KB
Original Source

Concept

Infisical can connect to Sectigo using the ACME-compatible CA integration to issue certificates back to your end-entities.

Sectigo Certificate Manager (SCM) supports the ACME protocol and requires External Account Binding (EAB) for all ACME registrations. You will need to obtain the ACME Directory URL, a Key Identifier (KID), and an HMAC Key from your Sectigo account before registering the ACME CA in Infisical.

Guide to Connecting Infisical to Sectigo

<Steps> <Step title="Retrieve ACME credentials from Sectigo"> Log in to your Sectigo Certificate Manager (SCM) portal and navigate to **Manage > ACME Accounts** in the left sidebar. Click **Manage** on the ACME account you want to use. 
![Sectigo ACME Accounts](/images/platform/pki/sectigo/sectigo-acme-accounts.png)

On the account details page, copy the following values:
- **Server**: This is your ACME Directory URL (e.g., `https://acme.sectigo.com/v2/DV`).
- **Key ID**: Found under the **External Account Binding** section.
- **HMAC Key**: Found under the **External Account Binding** section.

![Sectigo ACME Account Details](/images/platform/pki/sectigo/sectigo-acme-account-details.png)
</Step> <Step title="Create an External CA in Infisical"> Follow the steps in the [ACME-compatible CA integration](/documentation/platform/pki/ca/acme-ca) guide to create an External CA in Infisical with the **ACME** CA type. When filling out the form, use the values from Sectigo: 
- **Directory URL**: Paste the **Server** URL from Sectigo (e.g., `https://acme.sectigo.com/v2/DV`).
- **EAB Key Identifier (KID)**: Paste the **Key ID** from Sectigo.
- **EAB HMAC Key**: Paste the **HMAC Key** from Sectigo.
</Step> </Steps> <Note> Sectigo ACME accounts are tied to specific domains configured in SCM. Ensure the domains you want to issue certificates for are added to your ACME account in Sectigo before requesting certificates through Infisical. </Note>

What's Next

Now that your Sectigo CA is configured, set up the infrastructure to issue certificates:

<CardGroup cols={2}> <Card title="Certificate Profiles" icon="file-certificate" href="/documentation/platform/pki/settings/profiles"> Create a profile that references your Sectigo CA. </Card> <Card title="Applications" icon="grid-2" href="/documentation/platform/pki/applications/overview"> Create an Application, attach a profile, and configure enrollment. </Card> <Card title="Enrollment Methods" icon="arrow-right-to-arc" href="/documentation/platform/pki/applications/enrollment-methods/overview"> Choose how certificates are requested — API, ACME, EST, or SCEP. </Card> <Card title="Quick Start" icon="rocket" href="/documentation/platform/pki/quick-starts/issue-first-certificate"> Issue your first certificate end-to-end. </Card> </CardGroup>