Skip to main content

Create an ACME profile

The ACME profile generates the ACME directory URL and credentials required to connect your ACME client to DigiCert® Private CA. It also binds incoming requests to a specific issuing CA, certificate template, authentication method, and lifecycle rules.

Important

Make sure you have an end entity certificate template in DigiCert Private CA that fits your certificate requirements before you start creating a profile.

To create an ACME profile in DigiCert Private CA:

  1. In the main menu, select Profiles.

  2. Select Create profile.

  3. Select ACME under Protocols.

  4. Enter a Profile name.

  5. [Optional] Add a Description for your profile.

  6. Select the Protocol version you prefer, from the available options.

  7. In Issuer CA, select the certificate authority to be used for issuing the end entity certificates.

  8. Select a Certificate template ID. You can only use one template in a profile. Create multiple profiles for different templates or certificate settings.

  9. Select the Certificate validity details, like how many days, months, or years the issued certificates are valid for.

  10. Enter a value in days for your preferred Renewal window. Your private CA rejects any renewal requests outside this window.

  11. Select the Signature algorithm used by the profile.

  12. Select Submit.

    Caution

    Prepare to copy and securely store the information shown next.

  13. Copy the ACME directory URL, Key identifier, and HMAC key and store them securely.

Your ACME profile is saved.

Select Profiles in the main menu to see your ACME profile.

ACME URL and credentials

When you're ready to set up your ACME client, you'll need the following information:

  • ACME directory URL

  • Key identifier (KID)

  • HMAC key

ACME URLs are structured as follows:

https://<ca-server>/certificate-authority/api/v1/acme/directory

Where:

  • ca-server is the base domain of your DigiCert Private CA.

  • /certificate-authority/api/v1/acme/ is the standard path used by DigiCert Private CA for ACME protocol communication.

  • /directory is the ACME directory endpoint used by ACME clients to discover supported operations.

The Key identifier is your profile ID while the HMAC key serves as a randomly generated authentication code. These values are part of External Account Binding (EAB) requirements in ACME.

Important

The HMAC key must be copied while creating the profile as it's permanently masked afterwards.

In this section: