Installing ACME Responder in PKI CA
From Dogtag
Contents
Installing PKI CA
See Installing CA.
Creating ACME Responder
To create ACME responder:
$ pki-server acme-create
It will store the initial configuration files in /etc/pki/pki-tomcat/acme folder.
To customize the configuration, see Configuring PKI ACME Responder.
Deploying ACME Responder
To deploy ACME responder:
$ pki-server acme-deploy
It will create a deployment descriptor at /etc/pki/pki-tomcat/Catalina/localhost/acme.xml.
The ACME responder should start automatically in a few seconds. It is not necessary to restart PKI server.
To verify, retrieve the ACME responder's metadata with the following command:
$ curl -s -k https://$HOSTNAME:8443/acme/directory | python -m json.tool { "meta": { "caaIdentities": [ "dogtagpki.org" ], "externalAccountRequired": false, "termsOfService": "https://www.dogtagpki.org/wiki/PKI_ACME_Responder", "website": "https://www.dogtagpki.org" }, "newAccount": "https://localhost.localdomain:8443/acme/new-account", "newNonce": "https://localhost.localdomain:8443/acme/new-nonce", "newOrder": "https://localhost.localdomain:8443/acme/new-order" }
Undeploying ACME Responder
To undeploy ACME responder:
$ pki-server acme-undeploy
Removing ACME Responder
To remove ACME responder:
$ pki-server acme-remove