Integration with Buypass Go SSL21 minutes to read
PAM360 facilitates integration with Buypass Go SSL — the certificate authority (CA) that uses the Automatic Certificate Management Environment (ACME) protocol to provide secure SSL certificates free of cost. This integration with Buypass Go SSL helps you achieve an end-to-end life cycle management of Buypass Go SSL certificates installed on your domains from a single interface. This document discusses the steps you should follow to establish a connection with your Buypass Go SSL account, acquire, deploy, renew and perform all certificate management related operations from PAM360. Before you proceed with the integration, complete the following step as a prerequisite: Prerequisite Add the following base URL and port as an exception in your firewall or proxy to ensure PAM360 is able to connect to Buypass Go SSL's CA Services. Follow the step-by-step procedure below to integrate Buypass Go SSL with PAM360:
1. Create a Buypass Go SSL AccountTo begin the process of requesting SSL certificates from Buypass Go SSL, you must create an account. This is a one-time process and can be done directly from the PAM360 interface.
Once your account is created, you can update the account email address, delete it from PAM360, or deactivate the account entirely. Please note that deleting the account only removes it from PAM360. Even if you delete the account here, it will still be active in the Buypass Go SSL portal. To add the same account back to PAM360, export the key and use the Add Account option with the same details used before. However, if you select the Deactivate option while deleting the account, then the Buypass Go SSL account will be removed completely and you cannot add it back to PAM360 with the same details. Notes: 2. Raise a Certificate RequestOnce your Buypass Go SSL account is registered, you can proceed with raising certificate requests to the CA. To complete a certificate request, you will be presented with a challenge verification to fulfill in order to validate your domain and issue the certificate you have requested.
To configure your DNS account, follow the below steps:
2.1 Azure DNS
2.2 Cloudflare DNS
2.3 AWS Route 53 DNSGenerate and specify the Access Key ID and Secret associated with your AWS account. If you do not have an AWS account, create one and generate the Access Key ID and Secret by following the steps given below:
To grant the required permissions:
2.4 RFC2136 DNS UpdateIf you are using open source DNS servers such as Bind, PowerDNS etc., that support RFC2136 DNS update, follow the steps below to automate DNS-based domain control validation procedure using PAM360.
2.5 GoDaddy DNSIf you are using GoDaddy DNS for DNS validation, follow the steps below to automate DNS-based domain control validation procedure using PAM360: Steps to Obtain GoDaddy API Credentials:
Now, in PAM360 interface, follow the below steps to add GoDaddy DNS to Buypass Go SSL CA:
2.6 ClouDNSIf you are using ClouDNS for DNS validation, follow the steps below to automate the DNS-based domain control validation procedure using PAM360:
Now, in the PAM360 interface, follow the below steps to add ClouDNS to Buypass Go SSL CA:
2.7 DNS Made Easy
Notes:
3. Buypass Go SSL Challenge VerificationPAM360 expedites domain validation through automatic verification of HTTP-01 and DNS-01 challenges (currently Azure, Cloudflare, Amazon Route 53, RFC2136 DNS update, GoDaddy DNS, ClouDNS). For the automation to take effect, you have to initially map the end-server details to PAM360, which is a one-time process. 3.1 Domain validation through HTTP-01 challenge verificationFor domain validation through http-01 challenge,
If the domain server is a Windows machine, download and install the Key Manager Plus agent for Windows server using the steps mentioned below: Downloading Key Manager Plus agent for Windows servers:
Installing Key Manager Plus agents for Windows server:
To stop the agent and uninstall the Windows service,
After configuring agent mapping, click Pending on the pending requests and click Verify. The challenge is verified and certificate request is submitted to Buypass Go SSL CA. 3.2 Domain validation through DNS-01 challenge verificationFor DNS-01 challenge verification from PAM360,
Agent Mapping
Notes: 4. Procure and Save the CertificateOn successful verification, Buypass Go SSL issues the requested certificate.
5. Renew CertificatesCertificates issued by Buypass Go SSL have a life-time of 180 days after which they are not valid. Certificate renewals can be carried out manually or automatically through automatic domain validation. To renew a certificate manually,
Note: The certificate should be saved after renewal in order to be updated in the certificate repository. Else, only the old version of the certificate will continue to remain in repository. Automatic Renewals through Automatic Domain Validation If agent mapping had been configured, the certificate renewal process is done automatically without manual intervention. All the certificates in your organization procured from Buypass Go SSL is automatically renewed 15 days before its expiry and a notification is sent to the account holder's e-mail address. Note: Automatic renewals are applicable only for those certificates saved in PAM360 repository. i.e., after procuring a certificate from Buypass Go SSL, you have to save it in order for the automatic renewal to take effect. 6. Revoke CertificatesRevoking a certificate renders the certificate invalid and immediately removes the HTTPS from the website. To revoke a certificate,
7. Delete CertificatesDeleting a certificate removes the certificate from PAM360 repository, but the certificate still remains valid. To delete a certificate,
| |
[Webinar] Weave privileged access security into your org-wide ITSM workflows. Register now