ACME Responder - dogtagpki/pki GitHub Wiki
The ACME responder is a web service that provides automatic certificate enrollment, renewal, and revocation via ACME v2 protocol as defined in RFC 8555.
Availability:
-
PKI 10.9 (tech preview)
-
PKI 10.10 or later (fully supported)
See also ACME Responder Demo.
The ACME responder supports the following domain validation methods:
-
HTTP-01
-
DNS-01
The ACME responder can be deployed in the following methods:
-
As a web application running in Tomcat
-
As a container running in Podman, Docker, or OpenShift
See also ACME Installation Guide.
The ACME responder uses a database to store the account records, order records, authorization records, and certificate records. The responder can be configured with the following databases:
-
389 Directory Server database
-
Red Hat Directory Server database
-
In-memory database (experimental)
-
PostgreSQL database (experimental)
-
OpenLDAP database (experimental)
See also Configuring ACME Database.
The ACME responder uses a certificate issuer to issue the actual certificates. The responder can be configured with the following certificate issuers:
-
Local NSS database (experimental)
See also Configuring ACME Issuer.
The ACME responder uses a realm to authenticate and authorize users that manage the ACME responder itself. The responder can be configured with the following realms:
-
389 Directory Server realm
-
Red Hat Directory Server realm
-
In-memory realm (experimental)
-
PostgreSQL realm (experimental)
See also Configuring ACME Realm.
The ACME responder has officially been tested against:
However, in general it should be compatible with any RFC 8555-compliant clients. See also Using PKI ACME Responder.