Configuring ACME in PKIaaS

Create a PKIaaS protocol configuration for ACME enrollment.

To create an ACME configuration in PKIaaS:

1. Follow the steps described in Accessing your partitions to log into the PKIaaS interface as a user with any of the following roles:

   • Owners
   • Protocol Operators

2. Click Enrollment Protocols in the sidebar.

   

3. Click the plus + icon to the right of the Protocol Configurations tab.

4. Select ACME in the Type list.

5. Configure the following values in the Create Protocol Config dialog.

   Field	Value
   Protocol Configuration Identifier	Enter a unique identifier for the new configuration in your PKI. This identifier must be 2-18 characters long and can only include lowercase letters, numbers, hyphens (’-’), and underscores (’_’).
   Description	Enter an optional description of the protocol purpose.
   Authority Identifier	Select an issuing subordinate authority with profiles of the privatessl group.
   Certificate Profile	Select a privatessl profile of the selected CA to enroll the certificates.

6. Click Create.

7. In the confirmation dialog, copy the URL under the ACME Directory URL section.

   

8. Click the plus + icon to the right of the EAB Keys tab.

9. In the Create EAB Key Credentials dialog, enter a friendly name that is 2-18 characters long and only includes lowercase letters, numbers, hyphens (’-’), and underscores (’_’).

   

10. Click Create.

11. Copy the EAB Identifier and EAB HMAC Key values displayed in the confirmation dialog.

    

    ---

    ⚠ As stated in the confirmation dialog before leaving this page, Entrust PKIaaS will not display the EAB HMAC Key again.

    ---