Configure automation agent to use a custom ACME client

With managed automation, you can use a DigiCert provided ACME client, or you can configure the Agent to use your ACME client. To use a custom ACME client, you need to specify the client command path and arguments when configuring the automation agent.

Set up steps

For using your own ACME client, you need to do the following:

  1. Write a script or a .bat file based on platform that has the request command for the ACME client.
  2. Define the application in the console as “custom”.
  3. Define the script location path and arguments in the console, for the agent to execute the script.

Ensure the following checks for command path:

  • Must end with .bat or .sh.
  • Must not be more than 255 characters.
  • Must not include any privileged commands or special directives like rm -rf or rmdir.

Ensure the following checks for command arguments:

  • Must include the mandatory parameters.
  • Must not exceed 512 characters.
  • Must not include any privileged commands or special directives like rm -rf or rmdir

Configure ACME client

  1. In your CertCentral account, in the left main menu, go to Automation > Manage automation.
  2. On the Manage automation page, click the agent name.
  3. In agent details panel to the right, drill down to the Configure IP/Port section.
  4. Select the application for any configured IP/Port as “Custom”.

  1. In the client command path, provide the full directory path for the script that will run your custom ACME client.

    For example:

    • Windows: G:\certcentral\agent\custom_acme_client.bat
    • Linux: /home/certcentral/agent/custom_acme_client.sh

  1. In the client command arguments field, specify the ACME client arguments included in the script for your custom client.

    CertCentral automation supports the following ACME arguments:

    • {acmeDirectoryUrl} – Pass specific ACME directory URLs.
    • {host} – Specify the host details.
    • {email} – Specify email address.
    • {key} – Specify key algorithm: RSA or ECC.
    • {extActKid} – Specify the external account key identifier, which is a part of the URL.
    • {extActHmac} – Specify the HMAC key used for signing the response.

    For example:

    {acmeDirectoryUrl} {hosts} {email} {key} {extActKid} {extActHmac}

  2. Save the configuration changes.

What's next?

After you have saved the configuration, go back to CertCentral to run the ACME automation agent.

정보

DigiCert is the world's leading provider of scalable TLS/SSL, IoT and PKI solutions for identity and encryption. The most innovative companies, including 89% of the Fortune 500 and 97 of the 100 top global banks, choose DigiCert for its expertise in identity and encryption for web servers and Internet of Things devices. DigiCert supports TLS and other digital certificates for PKI deployments at any scale through its certificate lifecycle management solution, CertCentral®. The company is recognized for its enterprise-grade certificate management platform, fast and knowledgeable customer support, and market-leading security solutions. For the latest DigiCert news and updates, visit digicert.com or follow @digicert.

©2020 DigiCert, Inc. All rights reserved. DigiCert, its logo and CertCentral are registered trademarks of DigiCert, Inc. Norton and the Checkmark Logo are trademarks of NortonLifeLock Inc. used under license. Other names may be trademarks of their respective owners.