This document describes the process to configure ACME responder to issue certificates using a PKI issuer (i.e. CA). It assumes that the CA has been installed as described in Installing CA.
A sample PKI issuer configuration is available at /usr/share/pki/acme/issuer/pki/issuer.conf.
To configure a PKI issuer, copy the sample issuer.conf into the /etc/pki/pki-tomcat/acme folder,
or execute the following command to customize some of the parameters:
$ pki-server acme-issuer-mod --type pki \
-Dusername=caadmin \
-Dpassword=Secret.123
Customize the configuration as needed. The issuer.conf should look like the following:
class=org.dogtagpki.acme.issuer.PKIIssuer url=https://<hostname>:8443 profile=acmeServerCert username=caadmin password=Secret.123
The url parameter is used to specify the PKI issuer location.
The profile parameter is used to specify the certificate profile to use.
To use client certificate authentication, specify the client certificate nickname in the nickname parameter.
To use basic authentication, specify the username in the username parameter and the password in the password parameter.