This article describes a configuration example of the ACME protocol in Protocol Gateway. For more information, see ACME support in Certificate Manager.
...
For demo use cases: Add CM domain to Windows hosts file
For demo use cases, when there is no real DNS set up, follow these steps to point out the CM domain:
- Open the file C:\Windows\System32\drivers\etc\hosts for editing.
...
In Registration Authority (RA) in Certificate Manager, preregister an ACME device:
- Go to the Order tab.
- In the Input view drop-down list, select the token procedure ACME preregistration, that is configured to use the input view GPIV 13 - Save and Search ACME Pre-Registrations.
- Enter the following:
- Enter a KeyID, a unique number to identify the device.
- By HMAC key, click Generate to get an HMAC key.
- In Allowed domains, enter cm.local.
For more information, see Allowed domain names for preregistration in Certificate Manager. - In State, select Open.
- Copy the KeyID and HMAC key to use them in a Certbot command in the next task.
NOTE:
This article does not cover how the KeyID and HMAC key are shared beforehand with ACME clients, since it is handled differently for each installation and organization.
ACME devices can also be preregistered using CM SDK or Certificate Manager (CM) REST API. For example code, see RegistrationExample.java distributed in the CM SDK.
...
Request certificate via Certbot
To test the ACME setup, request a certificate via Certbot:
With Certbot, run the certonly command to request a certificate for the registered device:
...