digEv2secOV
This tool tries to help with the migration of valid EV certificates in Digicert, to be revoked on 11/07/2020, to OV certificates from Sectigo.
Quick set-up instructions
The download link below points to a .zip file with these files:
- config.php
General configuration file. Needs configuring these 3 variables:
- sectigoUser and sectigoPass to provide credentials to access Sectigo API.
- digicertKey is the Digicert API key, and can be obtained from CertCentral: https://www.digicert.com/secure/automation/api-keys/
- array_certs.php
List the IDs of certificates. The distributed file is provided as an example, it contains Spanish IDs.
- digicert2sectigo_all_certs.php
PHP script that will request to Sectigo all certificates from the organization obtained using Digicert API and found in the affected certs array.
- digicert2sectigo_some_certs.php
PHP script that will request to Sectigo only the desired certificates. For configuring which certificates to request, it's neccesary to configure their IDs in the
$orders
array in this file.To easily obtain these IDs, use the show_my_affected_ids.php script, or find them at CertCentral.
- show_my_affected_ids.php
PHP script to obtain a list of affected certificates from my organization. It shows the fields ID, CN, Email and Type of certificate.
Notes
- Before executing any of these files, either on a webserver, or from CLI, it's necessary to configure the above mentioned parameters.
-
The Spanish TCS website contains a guide (not translate to English) on how to activate the "Web aPI" at SECTIGO's SCM, in the "SSL Crtificate" section.
-
Please bear in mind that, if users has the "Allow SSL auto approve" permission disabled, it will need to enter SCM and manually approve the requested certificates. With the permission enabled, all certificates will be automatically approved.
-
A new key pair is not generated. These scripts will use the original CSRs from Digicert to create the request at Sectigo. So, also important, the new signed certificate will be for the same original private key.