Python project that will generate a CSR, request a certificate, verify domain and install CA and signed certificate on a Cisco VOS server.
- ZeroSSL - ZeroSSL API
- Let's Encrypt - Let's Encrypt API
- MXToolBox - MXTOOLBOX API
- Cloudflare - Cloudflare API
- DigitalOcean - DigitalOcean API
- AWS Route53 - AWS Route53 API
- Azure DNS - Azure DNS API
- Google Cloud DNS - Google Cloud DNS API
Note: Currently have only tested Cloudflare and DigitalOcean. The other DNS providers are provided based on documentation, please open an issue if these do not working for you.
- Cisco UC - Cisco UC API
Note: The Certification Management API supports CUCM, IM&P, CUC, and CER products with version 14 and later. Earlier versions will need to use SSH to install certificates.
Need to restart services after install. This can be done via SSH or AXL. 'utils service restart Cisco Tomcat'
Create python environment
python3 -m venv venv
source venv/bin/activate
pip3 install -r requirements.txtCreate ENV file
touch .envAdd variables to ENV file. Only add the variables for the DNS provider you plan to use:
# Required Variables
UC_USER=
UC_PASS=
# SSL Provider Keys (choose one)
# For Let's Encrypt
LETSENCRYPT_EMAIL=
# For ZeroSSL
ZEROSSL_KEY=
MXTOOLBOX_KEY=
# DNS Provider Variables (choose one section)
# For Cloudflare
CF_KEY=
CF_ZONE=
# Optional DNS Servers if using Let's Encrypt
LETSENCRYPT_DNS_1="1.1.1.1"
LETSENCRYPT_DNS_2="1.0.0.1"
# For DigitalOcean
DO_KEY=
# Optional DNS Servers if using Let's Encrypt
LETSENCRYPT_DNS_1="67.207.67.2"
LETSENCRYPT_DNS_2="67.207.67.3"
# For AWS Route53
AWS_ACCESS_KEY=
AWS_SECRET_KEY=
AWS_ZONE_ID=
# Optional DNS Servers if using Let's Encrypt
LETSENCRYPT_DNS_1="8.8.8.8"
LETSENCRYPT_DNS_2="8.8.4.4"
# For Azure DNS
AZURE_SUBSCRIPTION_ID=
AZURE_RESOURCE_GROUP=
AZURE_ZONE_NAME=
# Optional DNS Servers if using Let's Encrypt
LETSENCRYPT_DNS_1="168.63.129.16"
LETSENCRYPT_DNS_2="208.67.220.220"
# For Google Cloud DNS
GOOGLE_PROJECT_ID=
GOOGLE_ZONE_NAME=
# Optional DNS Servers if using Let's Encrypt
LETSENCRYPT_DNS_1="8.8.8.8"
LETSENCRYPT_DNS_2="8.8.4.4"Run python scripts with correct flags
python3 get-cert.py --host cucm --domain cisco.com [-h] [-v] [-ca] [--ssh] [--days DAYS] [--dnsprovider PROVIDER] [--sslprovider PROVIDER]
optional arguments:
-h, --help show this help message and exit
-v, --verbose Enable verbose output
-ca Install Intermediate Certificate
--ssh Install certificate via SSH instead of API.
--days Certificate Validity Days. Defaults to 90 days. Options are 90 or 365. Note: Let's Encrypt only supports 90 days.
--dnsprovider DNS Provider. Defaults to cloudflare. Options are cloudflare, digitalocean, route53, azure, or google.
--sslprovider SSL Provider. Defaults to letsencrypt. Options are zerossl or letsencrypt.Provided is a script to restart services via ssh. This is useful if you are using the API to install the certificate.
python3 helpers/sshRestartCiscoTomcat.py -H cucm.cisco.com -u administrator -p ciscopsdtLike content like this? Check out my Medium blog for more projects.
If you would like to support my work and the time I put in creating the code, you can click the image below to get me a coffee. I would really appreciate it (but is not required).
-Jeremy Worden