Skip to main content

How to Automate Public Trust TLS/SSL certificate issuance and renewal

Summary

A guide for ECS customers interested in automating Public Trust TLS/SSL certificate issuance and renewal


Automating certificate workflows that are performed manually, often on an annual basis, is a challenge for many public trust TLS/SSL certificates customers.  Certificate lifecycle automation can decrease the workload needed to manage these processes and will reduce the risk that these critical workflows will seize up and cause outages.

Many certificate lifecycle automation options are available to customers, including:

  • ACMEv2 client software connecting to our ACMEv2 service

  • Certificate Lifecycle Management

  • Entrust-provided pre-built integrations to our REST API

  • Custom API integrations

Using ACMEv2 to automate TLS/SSL certificate issuance and renewal

Posh-ACME for Windows

Posh-ACME is a popular ACME client to automate certificate issuance and renewal for Microsoft Windows systems.

Using Posh-ACME for Windows to automate TLS/SSL certificate issuance and renewal

.

Using ACME.sh for Linux

ACME.sh is an ACME protocol client written purely in Shell (Unix shell) language.

Using acme.sh to automate TLS/SSL certificate issuance and renewal

Using the ECS REST API to automate TLS/SSL certificate issuance and renewal

Customers that want to script the bulk renewal of certificates can use our example Linux shell script which uses the ECS REST API to replace any number of certificates.

How to renew certificates with a Linux shell script via ECS REST API