This article describes a configuration example of the ACME protocol in Protocol Gateway. For more information, see ACME support in Certificate Manager.
...
For demo use cases: Add CM domain to Windows hosts file
For demo use cases, when there is no real DNS set up, follow these steps to point out the CM domain:
Open the file C:\Windows\System32\drivers\etc\hosts for editing.
Add the Certificate Manager domain and machine to point to 127.0.0.1 (or to be resolvable via DNS).
...
In Registration Authority (RA) in Certificate Manager, preregister an ACME device:
Go to the Order tab.
In the Input view drop-down list, select the token procedure ACME preregistration, that is configured to use the input view GPIV 13 - Save and Search ACME Pre-Registrations.
Enter the following:
Enter a KeyID, a unique number to identify the device.
By HMAC key, click Generate to get an HMAC key.
In Allowed domains, enter cm.local.
For more information, see Allowed domain names for preregistration in Certificate Manager.In State, select Open.
Copy the KeyID and HMAC key to use them in a Certbot command in the next task.
...
Request certificate via Certbot
To test the ACME setup, request a certificate via Certbot:
With Certbot, run the
certonlycommand to request a certificate for the registered device:In
--eab-kid, enter the KeyID that you copied from the registered device.In
--eab-hmac-key, enter the HMAC key that you copied from the registered device.
...
With Certbot, run the revoke command to revoke the certficate test.cm.local:
Example: Revoke test certificate
...