Skip to content

ACME Responder Demo

Endi S. Dewata edited this page May 14, 2021 · 9 revisions

Overview

An ACME responder demo is available at https://pki.demo.dogtagpki.org/acme.

Disclaimers:

  • This demo uses a self-signed CA signing certificate which is not valid for public use and could change at any time.

  • The database and certificates may be removed completely at any time.

  • Use at your own risk. There is no guarantee of accuracy, performance, availability, privacy, or security.

Web UI

To access the demo with a Web browser, open https://pki.demo.dogtagpki.org/acme.

To access the admin interface, log in with the following credentials:

  • Username: admin

  • Password: Secret.123

PKI CLI

To check ACME responder status, execute the following commands:

$ pki client-init
$ modutil -dbdir ~/.dogtag/nssdb -add p11-kit-trust -libfile /usr/lib64/pkcs11/p11-kit-trust.so
$ pki -U https://pki.demo.dogtagpki.org acme-info

To enable/disable the ACME responder, execute the following commands:

$ pki -U https://pki.demo.dogtagpki.org -u admin -w Secret.123 acme-disable
$ pki -U https://pki.demo.dogtagpki.org -u admin -w Secret.123 acme-enable

ACME Client

To access the demo with an ACME client, use the following endpoint: https://pki.demo.dogtagpki.org/acme/directory.

To perform certificate enrollment with HTTP-01, execute the following command:

$ certbot certonly --standalone \
    --server https://pki.demo.dogtagpki.org/acme/directory \
    --preferred-challenges http \
    -d server.example.com

To perform certificate enrollment with DNS-01, execute the following command:

$ certbot certonly --manual \
    --server https://pki.demo.dogtagpki.org/acme/directory \
    --preferred-challenges dns \
    -d server.example.com
Clone this wiki locally