Automating SSL/TLS Certificate Renewal from AWS to Imperva via Script/API

Question

Hello,

I’m currently working on a project where I need to manage SSL/TLS certificates generated via AWS Certificate Manager (ACM) and deploy them to the Imperva portal to secure a website. So far, I have successfully:

1 : Generated a certificate on AWS ACM. 2 : Manually imported this certificate into Imperva via the UI.

However, I am now looking to automate the entire process, including:

• Monitoring certificate expiration on AWS.
• Downloading the renewed certificate from AWS.
• Automatically importing the renewed certificate into Imperva.

What I’ve Tried:

Manual Process: I created a step-by-step guide for handling this manually, but I want to avoid human intervention. Imperva API: I found that Imperva provides an API endpoint (/customCertificate) for uploading custom certificates. I’ve started writing a Python script for this purpose. Here’s an example in python :

import requests

# Configuration
api_url = "https://api.imperva.com/sites/{extSiteId}/customCertificate"
api_key = "your_api_key"  # Replace with your Imperva API key
extSiteId = "your_extSiteId"  # Replace with your site's external ID

# Load certificate files
with open("certificate.crt", "r") as cert_file:
    certificate = cert_file.read()

with open("intermediate.crt", "r") as interm_file:
    intermediate = interm_file.read()

with open("private.key", "r") as key_file:
    private_key = key_file.read()

# Request payload
data = {
    "certificate": certificate,
    "intermediate": intermediate,
    "privateKey": private_key
}

# Headers
headers = {
    "Authorization": f"Bearer {api_key}",
    "Content-Type": "application/json"
}

# Send the request
response = requests.post(api_url.format(extSiteId=extSiteId), json=data, headers=headers)

# Check the response
if response.status_code == 200:
    print("Certificate successfully uploaded to Imperva.")
else:
    print(f"Error: {response.status_code} - {response.text}")

3. AWS Certificate Manager (ACM): I know AWS can automate certificate renewal internally, but I’m unsure of the best way to extract renewed certificates and push them to Imperva.

Questions:

1. Is there a standard or best-practice approach for automating this entire workflow (generation, renewal, import)?
2. Are there specific tools or frameworks for integrating with Imperva using their APIs?
3. How do other developers handle automating certificate management between AWS and Imperva?
4. Are there any examples of scripts or CI/CD pipelines that can achieve this?

I’m open to any suggestions or solutions to simplify and automate this process.

Thanks in advance for your help!