How-To: Enable ACME for Private PKI

In this page we go through how to set up our ACME agent allowing you to issue ACME certificates in your private Certificate Authority.

Introduction - What is ACME?

ACME (Automatic Certificate Management Environment) is a communication protocol for automating certificate lifecycle between certificate authorities and servers. This automation dramatically reduces the cost of certificate lifecycle and prevents costly outages.

Diagram showing ACME protocol flow between web server admin software, EZCA certificate authority, and domain validation

Web servers (or any other software that needs certificates) can use ACME to automatically request, renew, and manage SSL/TLS certificates from a certificate authority. They prove ownership of the domain by responding to challenges issued by the CA, and once validated, the CA issues the certificate. This process can be automated to ensure that certificates are always up to date, reducing the risk of expired certificates and improving security.

How to Use ACME with an EZCA Certificate Authority

EZCA supports the ACME protocol, allowing you to automate certificate management for your private PKI. This allows you to streamline the process of issuing and renewing certificates for your internal applications and services.

Diagram showing how the EZCA ACME Agent interacts with the EZCA Certificate Authority and internal applications

Since ACME depends on the validation of domain ownership for your internal domains, an agent has to be deployed within your local network. This ensures that the ACME challenges can be properly validated by the CA, allowing for seamless certificate issuance and renewal.

🚀 Deploy the EZCA ACME Agent