-
Notifications
You must be signed in to change notification settings - Fork 139
Configuring ACME with NSS Issuer
This document describes the process to configure ACME responder to issue certificates using a local NSS database.
A sample NSS issuer configuration is available at /usr/share/pki/acme/issuer/nss/issuer.conf.
To configure an NSS issuer, copy the sample issuer.conf
into the /var/lib/pki/pki-tomcat/conf/acme
folder,
or execute the following command to customize some of the parameters:
$ pki-server acme-issuer-mod --type nss \ -Dnickname=ca_signing
Customize the configuration as needed. The issuer.conf
should look like the following:
class=org.dogtagpki.acme.issuer.NSSIssuer nickname=ca_signing
The nickname parameter can be used to specify the nickname of the CA signing certificate. The default value is ca_signing.
The extensions parameter can be used to configure the certificate extensions for the issued certificates.
The default value is /usr/share/pki/acme/issuer/nss/sslserver.conf
.
Sample extension configuration files are available at:
Customize the configuration as needed. The format is based on OpenSSL x509v3_config.
Tip
|
To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis. |