Implementing Keyfactor ACME

As a high level overview, the work flow to implement Keyfactor ACME is as follows:

  1. Complete the preparation steps (see Preparing).

  2. Install and configure the Keyfactor ACME server.

    Windows Installations (IIS):

    1. Run the Windows installer package (KeyfactorACME.msi) on the server you want to use to deploy the Keyfactor ACME server. This can be, but does not need to be, on the same server on which Keyfactor Command is installed (see Installing Keyfactor ACME on Windows).
    2. Run the configuration tool (KeyfactorACMEConfig.exe) Configure command with appropriate configuration for your environment (see The Configure Command).

    3. Run the configuration tool (KeyfactorACMEConfig.exe) Identifiers command with appropriate configuration for your environment (see Validators and the Identifiers Command).

    4. Run the configuration tool (KeyfactorACMEConfig.exe) Claims command with appropriate configuration for your environment (see Access Control and Claims).

    Container Installations (Kubernetes):

    1. Create the Kubernetes resources required for the install (see Setup Kubernetes Resources).
    2. Create a customized values file to provide the configuration settings to Helm (see Helm Chart Customization).
    3. Start the customized Keyfactor ACME server container (see Install).
  3. Configure application-level encryption, if desired (see Application-Level Encryption).
  4. Configure metadataClosed Metadata provides information about a piece of data. It is used to summarize basic information about data, which can make working with the data easier. In Keyfactor Command, the certificate metadata feature allows you to create custom metadata fields that allow you to tag certificates with tracking information about certificates., if desired (see Keyfactor ACME Metadata).
  5. Create EAB keys for your users (see GET KeyManagement).
  6. Install Certbot or the ACME client of your choice (if not already installed).
  7. Register an account for your ACME client with the Keyfactor ACME server (for Certbot, see Register an Account).
  8. Include a call to Certbot using the Keyfactor ACME account in any server scripts that require certificate orders (see Using Certbot with Keyfactor ACME).