Installing ACME Responder in PKI CA

From Dogtag
Jump to: navigation, search

Installing PKI CA

See Installing CA.

Creating ACME Responder

To create ACME responder:

$ pki-server acme-create

It will store the initial configuration files in /etc/pki/pki-tomcat/acme folder.

To customize the configuration, see Configuring ACME Responder.

Deploying ACME Responder

To deploy ACME responder:

$ pki-server acme-deploy

It will create a deployment descriptor at /etc/pki/pki-tomcat/Catalina/localhost/acme.xml.

The ACME responder should start automatically in a few seconds. It is not necessary to restart PKI server.

To verify, retrieve the ACME responder's metadata with the following command:

# curl -s -k https://$HOSTNAME:8443/acme/directory | python -m json.tool
{
    "meta": {
        "caaIdentities": [
            "dogtagpki.org"
        ],
        "externalAccountRequired": false,
        "termsOfService": "https://www.dogtagpki.org/wiki/PKI_ACME_Responder",
        "website": "https://www.dogtagpki.org"
    },
    "newAccount": "https://localhost.localdomain:8443/acme/new-account",
    "newNonce": "https://localhost.localdomain:8443/acme/new-nonce",
    "newOrder": "https://localhost.localdomain:8443/acme/new-order"
}

Undeploying ACME Responder

To undeploy ACME responder:

$ pki-server acme-undeploy

Removing ACME Responder

To remove ACME responder:

$ pki-server acme-remove

See Also