Integrating PAM360 with GoDaddy SSL Certificate Authority
PAM360 facilitates integration with GoDaddy SSL certificate authority (CA) and helps you achieve an end-to-end life cycle management of GoDaddy certificates installed on your domains from a single interface. This document discusses the steps you should follow to establish connection with your GoDaddy account, acquire, deploy, renew and perform all certificate management-related operations from PAM360.
Before you proceed with the integration, complete the following step as a prerequisite:
Prerequisite
Add the following base URL and port as an exception in your firewall or proxy to ensure PAM360 is able to connect to GoDaddy's CA Services.
URL: https://api.godaddy.com/
Port: 443
Follow the step-by-step procedure below to integrate GoDaddy with PAM360:
- Configure GoDaddy API credentials in PAM360
- Place a certificate order
- Domain validation through challenge verification
- Certificate issue
- Renew, revoke and delete certificates
- Import existing certificates
1. Configure GoDaddy API Credentials in PAM360
To begin managing the lifecycles of certificates issued by GoDaddy CA from PAM360, you have to initially set up a connection with your GoDaddy account by providing your API key details generated from the website. To generate your API key,
- Go to the GoDaddy developer portal and switch to the API keys tab.
- Login to your GoDaddy account if you aren't logged in already.
- Once you log in, you'll be redirected to the API keys page where you can create and manage API keys. Click Create New API key.
- Provide your application name, choose the environment type as Production, and click Next.
- The API key and its secret is generated. Copy and save the secret in a secure location, for it will not be displayed again.
- Now, navigate to PAM360 and switch to Certificates >> GoDaddy tab. Click on Account on the top-right corner.
- Provide the API key and secret in the pop up that appears and click Save.
- The key details are stored in PAM360. The account configuration is a one-time process so you needn't provide your API details every time you place a certificate order.
2. Place a Certificate Order
After setting up the account, you need to acquire SSL certificates from GoDaddy before placing a certificate order from PAM360.
- To buy SSL from GoDaddy, go to the GoDaddy web security portal and buy the certificates of your choice from SSL Certificates. This will just add the desired SSL product to your GoDaddy account as a credit; the SSL certificates won't be available for use.
- After purchasing the SSL certificates, you can set up the certificates in PAM360 by creating a certificate request, and importing the certificates into PAM360.
- To do so, navigate to Certificates >> GoDaddy, and click on Certificate Order.
- Fill in the required details and click Create.
Note: When raising certificate requests from PAM360, you can only raise as many requests as the number of set-up certificates purchased from GoDaddy.
3. Domain Validation through Challenge Verification
Once you have placed the certificate order, you need to validate your ownership of the domain by fulfilling certain challenges put forth by GoDaddy CA. The challenge IDs are mailed to requester's as well as the domain administrator's email IDs. To prove your ownership of the domain and acquire the SSL certificate,
- Open the email from GoDaddy consisting of domain verification challenge details.
- GoDaddy offers two methods to prove your domain ownership, out of which you've to choose one based on the type of your certificate request and your environment.
- HTML page- Upload an HTML page with the challenge ID provided in your domain server, to a distinct directory of the website for the common name in your request.
- DNS record - Create a TXT record with the challenge ID in your domain name's zone (DNS) file.
- After making the above updates, click on the verification link sent to your email ID. On successful validation of your domain, GoDaddy certificate authority issues the certificate.
- For domain validation through DNS-based challenge verification, you can configure your DNS details (supported for Azure DNS, Cloudflare DNS, Amazon Route 53, RFC2136 Update, ClouDNS, DNS Made Easy, and GoDaddy DNS) and deploy the challenge ID directly from PAM360 using the Deploy DNS Challenge option. Click here for a more detailed explanation of the instructions for domain control challenge verification.
Note: This validation method is not available for Wildcard SSL certificate requests.
4. Certificate Issue
After performing the operations on your domain server and submitting the domain validation, navigate to Certificates and click Check Certificate Availability icon beside the corresponding certificate request. If your domain verification is successful, GoDaddy issues the certificate which is fetched by PAM360 and is added to the centralized certificate repository.
Note: The certificate is automatically added to PAM360 repository only if you have the required license count. If not, renew your PAM360 license and then attempt to add the issued certificate to the repository.
5. Renew, Revoke and Delete Certificates
You can renew, revoke, or request reissue for certificates, and cancel certificate orders from PAM360.
To renew a certificate,
- Navigate to Certificates >> GoDaddy tab.
- Select the required certificate and click Renew Certificate from the top menu.
- You have to prove your ownership of the domain before every renewal by fulfilling the challenges put forth by GoDaddy CA. The challenges are mailed to the requester's and domain administrator's email IDs.
- On successful validation, certificate is issued and is automatically added to PAM360's certificate repository.
To request for a certificate reissue,
- Navigate to Certificates >> GoDaddy tab.
- Select the required certificate and click Reissue Certificate from the top menu.
- Here again, you have to prove your ownership of the domain before fulfilling the challenges put forth by GoDaddy CA. The challenges are mailed to the requester's and domain administrator's email IDs.
- On successful validation, the certificate is reissued and is automatically added to PAM360 certificate repository.
To revoke a certificate,
- Navigate to Certificates >> GoDaddy tab.
- Select the required certificate and click Revoke Certificate from the More drop-down menu.
- Confirm the action by clicking Revoke after choosing a valid reason from the drop down. Switch to the Certificates tab and delete the certificate to permanently remove it from PAM360's repository.
Note: Revoking a certificate will remove the certificate as well as the corresponding SSL bought from GoDaddy website, and you won't be able to request another certificate for the same SSL. So, it's advised to use 'Reissue' instead of 'Revoke'.
To delete a certificate request from PAM360,
- Navigate to Certificates >> GoDaddy tab.
- Select the required certificate and click Delete from the More drop-down menu.
To cancel a certificate order from PAM360,
- Navigate to Certificates >> GoDaddy tab.
- Select the required certificate and click Cancel Order from the More drop-down menu.
6. Import Existing Certificates
PAM360 allows you to import existing certificates from GoDaddy which you may have ordered before integrating with PAM360. Using this option, you can import previous GoDaddy certificates into the Certificates >> Certificates tab and manage them from PAM360.
Follow the below steps:
- Navigate to Certificates >> GoDaddy tab.
- Click More >> Import Existing Certificates. In the pop up, you can choose to exclude the expired and revoked certificates.
- Click Import.
The imported certificates will be added to the Certificates >> Certificates tab. Please note that the these certificates will not be present under the GoDaddy certificates tab.