Architecture
Integrating third-party ACME clients with DigiCert® Trust Lifecycle Manager involves these basic components:
ACME client
You need an ACME client installed on each of your servers.
Certificate profile
In DigiCert® Trust Lifecycle Manager, you need one or more certificate profiles that your ACME clients can use to request certificates. Certificate profiles supply the required ACME credentials and set the properties of issued certificates.
Issuing certificate authority (CA)
You need access to one or more CAs that can issue certificates for your organization/domains. You can use a local issuing CA in DigiCert® CA Manager, or an external issuing CA linked to your DigiCert® Trust Lifecycle Manager account via a connector.
When a new certificate is required on a server, you use the local ACME client to initiate the request. The rest of the process is automated:
DigiCert® Trust Lifecycle Manager (TLM) authenticates and processes the request.
The relevant public or private certificate authority (CA) issues the certificate.
The ACME client downloads and installs the certificate on your server.
 |