Skip to main content

Architecture of ACME automation service

The ACME automation service for DigiCert​​®​​ Trust Lifecycle Manager involves these basic components:

  • ACME client

    You need an ACME client installed on each of your servers.

  • Certificate profiles

    In Trust Lifecycle Manager, you need one or more certificate profiles that your ACME clients can use to request certificates. Certificate profiles supply the required ACME credentials and set the properties of issued certificates.

  • Issuing certificate authority (CA)

    You need access to one or more CAs that can issue certificates for your organization/domains. You can use a local issuing CA in DigiCert® Private CA, or an external issuing CA linked to your Trust Lifecycle Manager account via a CA connector.

When a new certificate is required on a server, you use the local ACME client to initiate the request. The rest of the process is automated:

  1. Trust Lifecycle Manager authenticates and processes the request.

  2. The relevant public or private certificate authority (CA) issues the certificate.

  3. The ACME client downloads and installs the certificate on your server.

acme_tlm_integration_architecture.png
In this section: