Sectigo REST API example

enroll-template.jq

{
  "orgId": 12345,
  "externalRequester": $email,
  "csr": $csr,
  "certType": 423,
  "comments": "enroll via API",
  "term": 365
}

headers

Accept: application/json
Content-Type: application/json;charset=utf-8
customerUri: youruri
login: youraccountname
password: yourpasswordorapikey

Makefile

[email protected]
CN=www.example.edu

ssl-types.json:
	curl -s https://cert-manager.com/api/ssl/v1/types -H @headers > ssl-types.json

key.pem:
	openssl genrsa -out key.pem 2048

csr.pem: key.pem
	openssl req -new -key key.pem -out csr.pem -subj "/CN=${CN}"

enroll.json: csr.pem enroll-template.jq
	jq -n --rawfile csr csr.pem --arg email "${EMAIL}" -f enroll-template.jq > enroll.json 

test: enroll.json
	jq -r .csr enroll.json | openssl req -noout -subject

enroll: orderNumber.json

orderNumber.json: enroll.json
	curl -sH @headers https://cert-manager.com/api/ssl/v1/enroll -X POST -d @enroll.json > orderNumber.json

cert.pem: orderNumber.json
	jq -r .sslId orderNumber.json | xargs -IN curl -sH @headers https://cert-manager.com/api/ssl/v1/collect/N/pem > cert.pem

export.p12: cert.pem key.pem
	openssl pkcs12 -export -inkey key.pem -out export.p12 -in cert.pem

clean:
	-rm ssl-types.json csr.pem enroll.json cert.pem orderNumber.json
realclean: clean
	-rm key.pem export.p12

The script requires jq for handling JSON, see https://github.com/stedolan/jq/wiki/Installation