Skip to content

PKI Server ACME CLI

Endi S. Dewata edited this page Oct 25, 2021 · 1 revision

Creating ACME Subsystem

$ pki-server acme-create

Deploying ACME Subsystem

$ pki-server acme-deploy

Displaying ACME Metadata Configuration

$ pki-server acme-metadata-show
  Terms of Service: https://www.dogtagpki.org/wiki/PKI_ACME_Responder
  Website: https://www.dogtagpki.org/wiki/PKI_ACME_Responder
  CAA Identities: dogtagpki.org
  External Account Required: false

Modifying ACME Metadata Configuration

$ pki-server acme-metadata-mod
The current value is displayed in the square brackets.
To keep the current value, simply press Enter.
To change the current value, enter the new value.
To remove the current value, enter a blank space.

Enter the location of the terms of service.
  Terms of Service [https://www.dogtagpki.org/wiki/PKI_ACME_Responder]:

Enter the location of the website.
  Website [https://www.dogtagpki.org/wiki/PKI_ACME_Responder]:

Enter the CAA identities.
  CAA Identities [dogtagpki.org]:

Enter true/false whether an external account is required.
  External Account Required [false]:

Displaying ACME Database Configuration

$ pki-server acme-database-show
  Database Type: postgresql
  Server URL: jdbc:postgresql://localhost:5432/acme
  Username: acme
  Password: ********

Modifying ACME Database Configuration

$ pki-server acme-database-mod
The current value is displayed in the square brackets.
To keep the current value, simply press Enter.
To change the current value, enter the new value.
To remove the current value, enter a blank space.

Enter the type of the database. Available types: in-memory, postgresql.
  Database Type [postgresql]:

Enter the location of the PostgreSQL server.
  Server URL [jdbc:postgresql://localhost:5432/acme]:

Enter the username for basic authentication.
  Username [acme]:

Enter the password for basic authentication.
  Password [********]:

Displaying ACME Issuer Configuration

$ pki-server acme-issuer-show
  Issuer Type: pki
  Server URL: https://localhost:8443
  Agent Username: caadmin
  Agent Password: ********
  Certificate Profile: acmeServerCert

Modifying ACME Issuer Configuration

$ pki-server acme-issuer-mod
The current value is displayed in the square brackets.
To keep the current value, simply press Enter.
To change the current value, enter the new value.
To remove the current value, enter a blank space.

Enter the type of the certificate issuer. Available types: pki.
  Issuer Type [pki]:

Enter the location of the PKI server.
  Server URL [https://localhost:8443]:

Enter the certificate nickname for client authentication.
This might be the CA agent certificate.
Enter blank to use basic authentication.
  Client Certificate []:

Enter the username of the CA agent for basic authentication.
Enter blank if a CA agent certificate is used for client authentication.
  Agent Username [caadmin]:

Enter the CA agent password for basic authentication.
Enter blank if the password is already stored in a separate property file
or if a CA agent certificate is used for client authentication.
  Agent Password [********]:

Enter the certificate profile for issuing ACME certificates.
  Certificate Profile [acmeServerCert]:

Undeploying ACME Subsystem

$ pki-server acme-undeploy

Removing ACME Subsystem

$ pki-server acme-remove

See Also

Clone this wiki locally