Integrating PAM360 with The SSL Store™ Certificate Authority22 minutes to read
PAM360 facilitates end-to-end life cycle management of certificates obtained from trusted certificate authorities (CAs) by enabling users to acquire, consolidate, deploy, renew, and track certificates issued by commercial CAs from a single interface. Before you proceed with the integration, complete the following step as a prerequisite: Prerequisite Add the following base URL and port as an exception in your firewall or proxy to ensure PAM360 is able to connect to the SSL Store's CA Services. Follow the steps below to place certificate orders, acquire, consolidate, deploy and manage trusted third-party CA certificates from PAM360.
1. Configuring API Authentication Credentials in PAM360The first step to request and manage third-party CA certificates from PAM360 is to sign up for an exclusive enterprise account at The SSL Store™ portal and configure the API credentials generated subsequently in PAM360's interface. To set up an Enterprise account with The SSL Store™,
2. Placing a Certificate OrderOnce you have configured your API authentication credentials, you can leverage The SSL Store™'s API to generate certificate signing requests (CSRs), place orders, procure, and manage certificates from any of the following certificate authorities directly from PAM360: Sectigo, Symantec, and Digicert. To generate a CSR and place a certificate order,
2.1 Configuring your DNS accountIf you are opting for DNS-based domain validation in the certificate order, you should configure the DNS account in PAM360 and specify it in the DNS field in the order to automate the challenge verification procedure. To configure your DNS account,
2.1.1 For Azure DNS
Follow the below steps to create the Azure application and key from the Azure console:
To give the application access to DNS zones:
2.1.2 For Cloudflare DNSNote: For DNS based domain validation type, if you are going to specify an already configured DNS account in the certificate order for domain control validation, make sure its status is marked Enabled under Manage >> DNS. 2.1.3 For AWS Route 53 DNS
To grant the required permissions,
2.1.4 RFC2136 DNS UpdateIf you are using open source DNS servers such as Bind, PowerDNS etc., that support RFC2136 DNS update, follow the steps below to automate DNS-based domain control validation procedure using PAM360.
2.1.5 GoDaddy DNSIf you are using GoDaddy DNS for DNS validation, follow the steps below to automate DNS-based domain control validation procedure using PAM360. Steps to Obtain GoDaddy API Credentials:
Now, in the PAM360 interface, follow the below steps to add GoDaddy DNS to The SSL Store certificate repository:
2.1.6 ClouDNSIf you are using ClouDNS for DNS validation, follow the steps below to automate the DNS-based domain control validation procedure using PAM360: Steps to Obtain ClouDNS API Credentials:
Click here to learn more about ClouDNS API Auth IDs. Now, in the PAM360 interface, follow the below steps to add ClouDNS to SSL Store CA:
2.1.7 DNS Made Easy
3. Domain Validation, Certificate Issue, and DeploymentPrerequisiteIf the end server in which you're deploying the challenge file is a Windows machine, follow the below steps to install the Windows agent:
Installing PAM360 agent for Windows server:To install PAM360 agent as a Windows service, To stop the agent and uninstall the Windows service, Once the certificate authority receives your order, you will have to go through a process called Domain control validation (DCV) and prove your ownership over the domain upon the completion of which you will receive the certificate. PAM360 supports all the three DCV methods:
3.1 Email-based Domain Control Validation
Click here for more details on certificate deployment. 3.2 File/HTTP-based Domain Control Validation
This entire process of deploying the challenge file in the end-point server can be automated from PAM360. This can be achieved by configuring the server details in the Deploy tab under Manage. To automate domain control validation,
3.3 DNS-based Domain Control Validation
Similar to the HTTP challenge, the entire challenge verification process can be automated from PAM360. This can be achieved by configuring the server details in the Deploy tab under Manage. To automate domain control validation,
Notes: 4. Renewing, Reissuing & Deleting Certificate OrdersYou can renew, request reissue or delete certificate orders placed to third-party certificate authorities from PAM360. To renew a certificate,
Note: You can request a reissue only for those certificates requested from PAM360 and not for the imported orders. To delete a certificate request, follow the below steps
Note: When a certificate request is deleted, it is removed only from PAM360. You can find the order in The SSL Store™ website for your account and import it into PAM360 if needed using The SSL Store™ >> More >> Import option.
| |
[Webinar] Weave privileged access security into your org-wide ITSM workflows. Register now