Difference between revisions of "Installing ACME Responder in PKI CA"

From Dogtag
Jump to: navigation, search
m (Deploying ACME Responder)
m (Deploying ACME Responder)
Line 27: Line 27:
 
The ACME responder should start automatically in a few seconds. It is not necessary to restart PKI server.
 
The ACME responder should start automatically in a few seconds. It is not necessary to restart PKI server.
  
To verify, open the ACME responder in a browser, for example:
+
To verify, retrieve the ACME responder's metadata with the following command:
  
* https://server.example.com:8443/acme/directory
+
<pre>
 +
# curl -s -k https://$HOSTNAME:8443/acme/directory | python -m json.tool
 +
{
 +
    "meta": {
 +
        "caaIdentities": [
 +
            "dogtagpki.org"
 +
        ],
 +
        "externalAccountRequired": false,
 +
        "termsOfService": "https://www.dogtagpki.org/wiki/PKI_ACME_Responder",
 +
        "website": "https://www.dogtagpki.org"
 +
    },
 +
    "newAccount": "https://localhost.localdomain:8443/acme/new-account",
 +
    "newNonce": "https://localhost.localdomain:8443/acme/new-nonce",
 +
    "newOrder": "https://localhost.localdomain:8443/acme/new-order"
 +
}
 +
</pre>
  
 
= Undeploying ACME Responder =
 
= Undeploying ACME Responder =

Revision as of 03:51, 11 February 2020

Installing PKI CA

See Installing CA.

Creating ACME Responder

To create ACME responder:

$ pki-server acme-create

It will store the initial configuration files in /etc/pki/pki-tomcat/acme folder.

To customize the configuration, see Configuring ACME Responder.

Deploying ACME Responder

To deploy ACME responder:

$ pki-server acme-deploy

It will create a deployment descriptor at /etc/pki/pki-tomcat/Catalina/localhost/acme.xml.

The ACME responder should start automatically in a few seconds. It is not necessary to restart PKI server.

To verify, retrieve the ACME responder's metadata with the following command:

# curl -s -k https://$HOSTNAME:8443/acme/directory | python -m json.tool
{
    "meta": {
        "caaIdentities": [
            "dogtagpki.org"
        ],
        "externalAccountRequired": false,
        "termsOfService": "https://www.dogtagpki.org/wiki/PKI_ACME_Responder",
        "website": "https://www.dogtagpki.org"
    },
    "newAccount": "https://localhost.localdomain:8443/acme/new-account",
    "newNonce": "https://localhost.localdomain:8443/acme/new-nonce",
    "newOrder": "https://localhost.localdomain:8443/acme/new-order"
}

Undeploying ACME Responder

To undeploy ACME responder:

$ pki-server acme-undeploy

Removing ACME Responder

To remove ACME responder:

$ pki-server acme-remove

See Also