ACME external account binding (EAB)
ACME EAB credentials
The ACME protocol (RFC 8555) defines an external account binding (EAB) field that ACME clients can use to access a specific account on the certificate authority (CA).
DigiCert®’s ACME implementation uses the EAB field to identify both your DigiCert® Trust Lifecycle Manager account and a specific certificate profile there.
Your ACME client must send the following EAB credentials to request certificates:
Key identifier (KID)
Identifies your DigiCert ONE account and the automation profile for certificate issuance.
HMAC key
Used to encrypt and authenticate your account key during automation events.
ACME-based certificate profiles
In DigiCert® Trust Lifecycle Manager, you create ACME-based certificate profiles to get the required ACME EAB credentials and define the types of certificates that can be issued via ACME.
DigiCert® provides certificate templates to facilitate the creation of profiles. To create an ACME-based certificate profile, you select an available base template and then add your unique business and certificate requirements, selecting ACME as the certificate enrollment method.
Each ACME-based certificate profile has unique ACME external account binding (EAB) credentials associated with it. Your ACME clients use these credentials to request new certificates from that profile.