Introduction

Keyfactor ACME is a stand-alone application that connects ACME clients like Certbot to a Certificate AuthorityClosed A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. (CAClosed A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA.) via Keyfactor Command. It streamlines certificate management by facilitating secure and automated communication between ACME clients and the CAs configured in Keyfactor Command.

The Automated Certificate Management Environment (ACME) protocol, defined in RFC 8555, was originally developed by Let’s Encrypt and is now widely adopted by various CAs, PKIClosed A public key infrastructure (PKI) is a set of roles, policies, and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. platforms, and browsers. It simplifies certificate lifecycle management by automating interactions between ACME clients and CAs.

How Keyfactor ACME Works

The Keyfactor ACME server acts as an intermediary between an ACME client and Keyfactor Command, handling certificate requests, renewals, and revocations. When an ACME client requests a certificate, the Keyfactor ACME server forwards the request to Keyfactor Command, which then processes it using the configured CA and certificate templateClosed A certificate template defines the policies and rules that a CA uses when a request for a certificate is received.. This ensures ACME-generated certificates are seamlessly integrated into Keyfactor Command’s PKI management.

Keyfactor ACME supports a variety of CAs integrated with Keyfactor Command, including:

  • Private CAs: Such as Keyfactor EJBCA or Microsoft CA.

  • Public CAs: Such as DigiCert or Entrust (if the ACME protocol is supported).

This flexibility allows organizations to issue private or public certificates based on their needs while maintaining centralized management and visibility.

Key Features

  • ACME Client Integration

    Compatible with widely-used ACME clients like Certbot to automate certificate lifecycle tasks.

  • Support for Multiple CAs

    Seamlessly integrates with both private and public CAs via Keyfactor Command.

  • Customizable Certificate Policies

    Supports tailored certificate issuance, including specific DNSClosed The Domain Name System is a service that translates names into IP addresses. entries in SANs, to meet organizational requirements.

  • Full PKI Integration

    Extends Keyfactor Command’s advanced PKI capabilities, ensuring compliance and operational efficiency.

Keyfactor ACME Components

  • Windows Installer Package

    Simplifies installation and setup of the Keyfactor ACME server.

  • Command Line Tool (KeyfactorACMEConfig.exe)

    Used to configure and manage the Keyfactor ACME server.

  • Keyfactor ACME SQL Database

    Stores configuration and operational data.

  • Keyfactor ACME API

    • Endpoints to acquire and renew EAB keys to use when registering ACME clients.

    • Endpoints to list and revoke accounts.

Hidden links to (linked document is not in XML format), (linked document is not in XML format), Search Results, (linked document is not in XML format) so that they will pull into the project.