October 15, 2019

NewsCorporate PKIDevOpsEJBCA EnterpriseEnterprise

Automated Certificate Issuance and Management with ACME

ACME PrimeKey

In March 2019, Automatic Certificate Management Environment (ACME) protocol was published as an Internet Standard in RFC 8555 by the IETF working group.

One trend in Certificate Issuance and Management is automation. Automation enables more efficient processes and reduces human errors. ACME enables automation of the issuance, domain validation procedure (that an applicant for a certificate legitimately represents the domain name) and management of certificates. Thus, allowing servers and other infrastructure software to obtain certificates without any end-user interaction. The final outcome is that ACME simplifies the deployment of HTTPS in general and PKIX-based authentication for other protocols based on Transport Layer Security (TLS), ref [RFC 8555]*. PrimeKey EJBCA Enterprise announced support for ACME in October last year (2018). Since then, our customers have used ACME for requesting and renewing certificates for their Linux servers, for example, and their feedback to us is that this new automatic process has:

  • dramatically reduced time to provision applications and servers
  • minimized the risk of expiring certificates and
  • increased security posture by lowering the expiration period of certificates by automated frequent renewals

Up until now, EJBCA Enterprise has supported Draft 12 from the IETF ACME working group. With EJBCA Enterprise 7.3, we are now happy to announce that our implementation has been updated to fully support the final version of the ACME IETF standard, RFC 8555.

EJBCA Enterprise is available as software and hardware appliances, a service on AWS and you own Cloud instances in AWS and Azure. The complete list of supported ACME operations and workflow examples will be available with the coming release.

See also other standard based protocols and application programming interfaces (APIs) in EJBCA Enterprise that enable you to implement automated certificate issuance and management processes, SCEP, CMP, EST, ACME, Web Services and REST.