Installing ACME Responder in PKI CA

From Dogtag
Jump to: navigation, search

Installing PKI CA

See Installing CA.

Creating ACME Responder

To create ACME responder: 

$ pki-server acme-create

It will store the initial configuration files in /etc/pki/pki-tomcat/acme folder.

To customize the configuration, see Configuring PKI ACME Responder.

Deploying ACME Responder

To deploy ACME responder: 

$ pki-server acme-deploy

It will create a deployment descriptor at /etc/pki/pki-tomcat/Catalina/localhost/acme.xml.

The ACME responder should start automatically in a few seconds. It is not necessary to restart PKI server.

To verify, retrieve the ACME responder's metadata with the following command: 

# curl -s -k https://$HOSTNAME:8443/acme/directory | python -m json.tool
{
    "meta": {
        "caaIdentities": [
            "dogtagpki.org"
        ],
        "externalAccountRequired": false,
        "termsOfService": "https://www.dogtagpki.org/wiki/PKI_ACME_Responder",
        "website": "https://www.dogtagpki.org"
    },
    "newAccount": "https://localhost.localdomain:8443/acme/new-account",
    "newNonce": "https://localhost.localdomain:8443/acme/new-nonce",
    "newOrder": "https://localhost.localdomain:8443/acme/new-order"
}

Undeploying ACME Responder

To undeploy ACME responder: 

$ pki-server acme-undeploy

Removing ACME Responder

To remove ACME responder: 

$ pki-server acme-remove

See Also

Retrieved from "http://www.dogtagpki.org/index.php?title=Installing_ACME_Responder_in_PKI_CA&oldid=38487"