ACME requirements
You must meet the following requirements to automate ACME enrollment with PKIaaS.
PKIaaS account requirements
You need an Entrust PKIaaS account with privileges to create an issuing certificate authority.
Certificate authority requirements
Make sure you have a subordinate issuing CA with a profile of the privatessl group. You can either:
- Create a new CA with this group, as explained in Creating an issuing subordinate authority.
- Add this group to an existing CA, as explained in Selecting CA profiles.
TLS Cipher requirements
Enrollment URLs support the following TLS Ciphers.
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-RSA-AES256-GCM-SHA384