Integrate with SaltStack to get certificates from Trust Lifecycle Manager into your Salt nodes, using the ACMEv2 protocol to generate the request and download the resulting certificate files to the Salt master or minions.
Before you begin
In Trust Lifecycle Manager, you need a certificate profile with the 3rd-party ACME client enrollment method. The profile defines the general certificate properties and provides the required ACME URL and external account binding (EAB) credentials.
Steps
-
Download the SaltStack integration package and extract the contents of the ZIP archive to get the sample files.
-
Configure the Salt pillar:
-
Copy the certificate_issuance_params.sls and top.sls files into the /srv/pillar directory.
-
Update the certificate_issuance_params.sls file to provide values for the certificate common name (
domain) to issue, and the ACME URL and EAB credentials for the certificate profile.
-
-
Request a certificate:
-
Copy the request_certificate.sls script into the /srv/salt directory.
-
Run the script:
-
From a Salt master:
salt 'salt-master-id' state.apply request_certificate -
From a Salt minion:
salt 'salt-minion-id' state.apply request_certificate
-
-