PKI ACME Responder

From Dogtag
Jump to: navigation, search

Overview

PKI provides an ACME responder which implements ACME v2 protocol as defined in RFC 8555.

Availability:

  • PKI 10.9 (tech preview)
  • PKI 10.10 or later (fully supported)

Installation

Usage

Demo

A demo ACME responder is available at https://pki.demo.dogtagpki.org/acme.

PKI CLI

To access the demo with PKI CLI, install the p11-kit-trust module in the NSS database:

$ pki client-init
$ modutil -dbdir ~/.dogtag/nssdb -add p11-kit-trust -libfile /usr/lib64/pkcs11/p11-kit-trust.so
$ pki -U https://pki.demo.dogtagpki.org acme-info
$ pki -U https://pki.demo.dogtagpki.org -u admin -w Secret.123 acme-disable
$ pki -U https://pki.demo.dogtagpki.org -u admin -w Secret.123 acme-enable

Web UI

To access the demo with a Web browser, open https://pki.demo.dogtagpki.org/acme.

Log in with the following credentials:

  • Username: admin
  • Password: Secret.123

ACME Client

To access the demo with an ACME client, use the following endpoint: https://pki.demo.dogtagpki.org/acme/directory. For example:

$ certbot certonly \
    --server https://pki.demo.dogtagpki.org/acme/directory \
    --standalone \
    --preferred-challenges http \
    -d server.example.com

See Also