PKI ACME Responder
From Dogtag
Overview
PKI provides an ACME responder which implements ACME v2 protocol as defined in RFC 8555.
Availability:
- PKI 10.9 (tech preview)
- PKI 10.10 or later (fully supported)
Installation
- Installing Standalone ACME Responder
- Installing ACME Responder in PKI CA
- Configuring PKI ACME Responder
- Deploying PKI ACME Responder on Podman
- Deploying PKI ACME Responder on OpenShift
Usage
- Using PKI ACME Responder
- Using PKI ACME Responder with Certbot
- Managing PKI ACME Responder
- PKI ACME CLI
- PKI ACME REST API
Demo
A demo ACME responder is available at https://pki.demo.dogtagpki.org/acme.
PKI CLI
To access the demo with PKI CLI, install the p11-kit-trust module in the NSS database:
$ pki client-init $ modutil -dbdir ~/.dogtag/nssdb -add p11-kit-trust -libfile /usr/lib64/pkcs11/p11-kit-trust.so $ pki -U https://pki.demo.dogtagpki.org acme-info $ pki -U https://pki.demo.dogtagpki.org -u admin -w Secret.123 acme-disable $ pki -U https://pki.demo.dogtagpki.org -u admin -w Secret.123 acme-enable
Web UI
To access the demo with a Web browser, open https://pki.demo.dogtagpki.org/acme.
Log in with the following credentials:
- Username: admin
- Password: Secret.123
ACME Client
To access the demo with an ACME client, use the following endpoint: https://pki.demo.dogtagpki.org/acme/directory. For example:
$ certbot certonly \ --server https://pki.demo.dogtagpki.org/acme/directory \ --standalone \ --preferred-challenges http \ -d server.example.com