I am a big fan of DigiCert for TLS Certificates and CA/WebPKI services. While they have amazing customer support and are an amazing company to work with, there are not a lot of automation scripts to interact with their API available. So over the weekend and with a lot of help from Clint Wilson I built a shell script that:
- Creates a CSR/Key pair using OpenSSL.
- Uses the Digicert API to:
- Request a TLS certificate.
- Approve the certificate.
- Download the certificate in:
- pem (with no root)
Here is the script in action:
Here is the code:
I have tested it on OSX, Ubuntu and CentOS7 and it is fairly cross platform friendly. Extending this script to install it should be easy but we already had the automation built to do that so it was not necessary.
Let me know on twitter if you have questions.