This section lists down the settings for the ACME protocol.


Expand Enrolment Protocol(s) > Settings > ACME.


ACME Configuration


The ACME Configuration section will display the ACME URL in read-only mode (ACME URL is configured in the ADSS Web RA admin portal).


ACME Profile Setup


ACME Profile Setup will determine which certification profile and binding type you will be using for generating ACME certificates. 


You will have the option to select the certification profile from 'Certificate Type' dropdown. The rest of the fields will appear according to the 'External Account Binding Type' settings configured in the certification profile. 


The Profile ACME URL will appear in disabled (read-only) form and is used to create ACME certificates. 


The ACME URL will vary based on the selected Profile Binding Type. 


  • If the binding type is None, the word 'None' will appear at the end of the URL
  • If the binding type is Fixed or Random, the respective word will appear at the end of the URL accordingly.


If you select a certification profile with the 'External Account Binding Type' set to 'None', the following screen will appear:


In this screen, the 'Profile Binding Type' will appear as 'None' (in disabled form), and the ACME URL will end with the word 'None'.



If you select a certification profile with the 'External Account Binding Type' set to 'Fixed', the 'Profile Binding Type' will appear as 'Fixed' (in disabled form), and the ACME URL will end with the word 'Fixed'.


The system will also display the 'Profile HMAC Key' in a disabled (read-only) field, which can be copied by clicking the folder icon.



If you select a certification profile with the 'External Account Binding Type' set to 'Random', the 'Profile Binding Type' will appear as 'Random' (in disabled form), and the ACME URL will end with the word 'Random'.


The ‘Profile HMAC Key’ for the Random binding type is provided during the creation of certificate request in the web portal for the ACME protocol. The HMAC Key value is unique for each certificate request when using the Random binding type.



Renewal Configuration


The renewal configuration section will display the following fields in disabled (read-only) form.


Field

Description

Select interval

The interval at which the certificate renewal request will be initiated

Select Time

The time at which the certificate renewal request will be executed

Retry Interval

The number of retries in seconds for ACME renewal request