Sectigo for Enterprise
Sectigo (formerly Comodo CA) is one of the world's largest commercial Certificate Authorities, offering a comprehensive range of SSL/TLS certificates. Enterprise customers can automate certificate management through Sectigo Certificate Manager (SCM) and the ACME protocol.
Sectigo Management Options
Sectigo Certificate Manager (SCM)
SCM is Sectigo's enterprise certificate management platform:
- Centralized Dashboard: Manage all certificates in one place
- REST API: Full automation capabilities
- Multi-CA Support: Manage Sectigo and third-party certificates
- Approval Workflows: Enterprise governance features
ACME Protocol
Sectigo provides ACME endpoints for automated certificate issuance:
- Standard ACME v2: Compatible with existing tools
- External Account Binding: Required for authentication
- Multiple Products: DV, OV certificates via ACME
SCM API Integration
Authentication
SCM API uses username/password authentication with customer URI to obtain access tokens.
Certificate Ordering
Submit certificate enrollment requests with organization ID, certificate type, CSR, term, and server type.
Renewal Workflow
Configure renewal automation with check interval, auto-renewal settings, and notification webhooks.
ACME Integration
Sectigo ACME Setup
Configure Sectigo ACME with directory URL, email, and EAB credentials (kid and hmac_key).
Challenge Types
DNS-01 Challenge: For wildcards and multi-domain certificates with DNS provider integration.
HTTP-01 Challenge: For single domain certificates with file-based validation.
Product Types
Domain Validated (DV):
- PositiveSSL
- PositiveSSL Wildcard
- PositiveSSL Multi-Domain
Organization Validated (OV):
- InstantSSL
- InstantSSL Pro
- InstantSSL Premium Wildcard
Extended Validation (EV):
- EV SSL
- EV Multi-Domain
Domain Validation
Pre-Validation
Pre-validate domains to speed up issuance with domain name, DCV type (DNS, HTTP, or Email), and organization ID.
Validation Methods
| Method | Use Case | Automation Level |
|---|---|---|
| DNS CNAME | Wildcard, multi-domain | High |
| HTTP | Single domain | High |
| Manual approval | Low |
Enterprise Features
Multi-Organization
Configure multiple organizations with separate auto-approval settings and product catalogs.
Approval Workflows
Configure EV certificates with required approval, approver lists, and timeout settings.
Monitoring and Reporting
Certificate Inventory
Query all certificates via SCM API for inventory management.
Expiration Alerts
Configure check intervals and alert thresholds at 30 days (info), 14 days (warning), and 7 days (critical).
Best Practices
- Pre-validate all domains - Reduce issuance time
- Use ACME for DV certificates - Faster automation
- Use SCM API for OV/EV - Required for validation workflow
- Implement centralized monitoring - Track all certificates
- Automate renewals - Prevent expiration outages
Conclusion
Sectigo provides flexible options for enterprise certificate management through SCM and ACME. By combining API automation with proper monitoring, organizations can achieve reliable, scalable SSL certificate lifecycle management.