Entrust PKI as a Service

Configuring ACME in PKIaaS

Create a PKIaaS enrollment workflow configuration for ACME enrollment.

To create an ACME configuration in PKIaaS:

  1. Follow the steps described in Accessing your partitions to log into the PKIaaS interface as a user with any of the following roles:

  2. Click Enrollment Workflows in the sidebar.

    Enrollment Workflows

  3. Click Create Workflow Configuration.

  4. Click ACME under Type.

    Enrollment Workflows

  5. Configure following settings.

    Field Value
    Workflow Configuration Identifier Enter a unique identifier for the new configuration in your PKI. This identifier must contain 2–18 characters and can only include lowercase letters, numbers, hyphens (’-’), and underscores (’_’).
    Description Enter an optional description of the enrollment workflow purpose.
    Authority Identifier Select an issuing subordinate authority with profiles of the privatessl group.
    Certificate Profile Select a privatessl profile of the selected CA to enroll the certificates.

  6. Click Create.

  7. In the confirmation dialog, copy the URL under the ACME Directory URL section.

    ACME

  8. Click Create EAB Key and enter a friendly name with the following requirements:

    • 2-18 characters long
    • Only includes lowercase letters, numbers, hyphens (’-’), and underscores (’_’).

  9. Click Create.

  10. Copy the EAB Identifier and EAB HMAC Key values displayed in the confirmation dialog.

    EAC Key

    ⚠ As stated in the confirmation dialog before leaving this page, Entrust PKIaaS will not display the EAB HMAC Key again.