PKI ACME Responder with Mongo Database

From Dogtag
Jump to: navigation, search

Configuration

To create PKI ACME responder with Mongo database:

$ pki-server acme-create --database mongo

The configuration will be stored in /etc/pki/pki-tomcat/acme/database.json, for example:

{
    "class": "org.dogtagpki.acme.database.MongoDatabase",
    "parameters": {
        "hostname": "localhost",
        "database": "acme"
    }
}

or

{
    "class": "org.dogtagpki.acme.database.MongoDatabase",
    "parameters": {
        "url": "mongodb+srv://<username>:<password>@<hostname>/<database>?retryWrites=true&w=majority"
    }
}

SSL Certificate

If necessary, import the CA certificate that issued the SSL certificate for the Mongo database:

$ certutil -A -d /etc/pki/pki-tomcat/alias -n "DigiCert Global Root CA" -i DigiCertGlobalRootCA.crt -t CT,C,C -a

Accounts

> db.accounts.find().pretty()
{
	"_id" : ObjectId("5d7ba920e21dc51727e2a408"),
	"accountID" : "c0sx41gDgwfZe_e8u6hCP54o2mzE2VfglHdNhwTN_R0",
	"status" : null,
	"contact" : null,
	"termsOfServiceAgreed" : true,
	"onlyReturnExisting" : null,
	"orders" : null
}

Auhtorizations

> db.authorizations.find().pretty()
{
	"_id" : ObjectId("5d7c1581e21dc520a08e51f8"),
	"status" : "valid",
	"expires" : "2016-01-05T14:09:07.99Z",
	"identifier" : {
		"type" : "dns",
		"value" : "localhost.localdomain"
	},
	"challenges" : [
		{
			"type" : "http-01",
			"url" : "http://localhost.localdomain:8080/acme/chall/NMVX3qMJKJ",
			"token" : "Tbh_TB7SshUB5czmTjmwbQ"
		},
		{
			"type" : "dns-01",
			"url" : "http://localhost.localdomain:8080/acme/chall/r8jjzmRSCn",
			"token" : "Tbh_TB7SshUB5czmTjmwbQ"
		}
	],
	"authzID" : "IRR2o7dOPH"
}

Challenges

> db.challenges.find().pretty()
{
	"_id" : ObjectId("5d7c1583e21dc520a08e520c"),
	"type" : "http-01",
	"url" : "http://localhost.localdomain:8080/acme/chall/NMVX3qMJKJ",
	"token" : "Tbh_TB7SshUB5czmTjmwbQ",
	"challengeID" : "NMVX3qMJKJ",
	"authzID" : "IRR2o7dOPH"
}
{
	"_id" : ObjectId("5d7c1583e21dc520a08e520e"),
	"type" : "dns-01",
	"url" : "http://localhost.localdomain:8080/acme/chall/r8jjzmRSCn",
	"token" : "Tbh_TB7SshUB5czmTjmwbQ",
	"challengeID" : "r8jjzmRSCn",
	"authzID" : "IRR2o7dOPH"
}

Orders

> db.orders.find().pretty()
{
	"_id" : ObjectId("5d7c1581e21dc520a08e51fa"),
	"status" : "valid",
	"expires" : "2016-01-05T14:09:07.99Z",
	"identifiers" : [
		{
			"type" : "dns",
			"value" : "localhost.localdomain"
		}
	],
	"authorizations" : [
		"http://localhost.localdomain:8080/acme/authz/IRR2o7dOPH"
	],
	"certificate" : "http://localhost.localdomain:8080/acme/cert/Dw",
	"orderID" : "EP5fGE4RRl"
}

See Also