Skip to main content

How to renew certificates with a Linux shell script via ECS REST API

Summary


  1. Login to your Entrust Certificate Services (ECS) portal

  1. Click Administration > Advanced Settings. On the Settings navigation pane, select API.

  1. Click Generate credentials to create the API keys.

  1. Create a Friendly Name for the API Key, then click Generate.

  1. Record the User Name, API Key values in a safe location. These will be required to configure the API later. Note that the API Key cannot be viewed again once this window is closed.

  1. It is possible to examine the current certificate on the web sever by using any web browser.

  1. Log onto the Apache Webserver, PuTTY or equivalent software can be used

  1. The following API is leveraging a bash script that can be customized by end users and this is only an example of how the API can be called.

  1. Run the bash script with the command: ./ecs_renew_api.sh

  1. Enter the API User Name and the API Key that was generated earlier from the ECS portal

  1. Enter the number of days you would like the certificate to valid for, maximum is 396 days.

  1. Enter the certificate type you would like to use “STANDARD_SSL” or “ADVANCED_SSL”.  Note the script can be customized to support all ECS templates.

  1. Certificate was returned successfully!  Now enter the user’s password to confirm the restart of Apache.  Note the script can be customized to automatically restart Apache.

  1. Confirm that the new certificate is the expected Serial Number.  The certificate can also be examined in a web browser that has connected to the Apache hosted website using HTTPS. Renew Certificates with 396 day validity with REST API