ACME external account binding (EAB)

ACME EAB credentials

The ACME protocol (RFC 8555) defines an external account binding (EAB) field that ACME clients can use to access a specific account on the certificate authority (CA).

DigiCert®’s ACME implementation uses the EAB field to identify both your DigiCert® Trust Lifecycle Manager account and a specific certificate profile there.

Your ACME client must send the following EAB credentials to request certificates:

Key identifier (KID)
Identifies your DigiCert ONE account and the automation profile for certificate issuance.
HMAC key
Used to encrypt and authenticate your account key during automation events.

ACME-based certificate profiles

In DigiCert® Trust Lifecycle Manager, you create ACME-based certificate profiles to get the required ACME EAB credentials and define the types of certificates that can be issued via ACME.

DigiCert® provides certificate templates to facilitate the creation of profiles. To create an ACME-based certificate profile, you select an available base template and then add your unique business and certificate requirements, selecting ACME as the certificate enrollment method.

Each ACME-based certificate profile has unique ACME external account binding (EAB) credentials associated with it. Your ACME clients use these credentials to request new certificates from that profile.

En esta sección:

ACME external account binding (EAB)

ACME EAB credentials

ACME-based certificate profiles

Resultados de la búsqueda