We just added ACME support to `step-ca`, an open source private certificate authority that I work on. ACME is the protocol that Let's Encrypt uses to automate certificate management for websites.
ACME support in `step-ca` means you can leverage existing ACME clients and libraries to get certificates from your own private certificate authority (CA). This is particularly useful for:
* Using ACME in production to issue certificates to workloads, proxies, queues, databases, etc. so you can use mutual TLS for authentication & encryption.
* Simulating Let’s Encrypt’s CA in dev & pre-production in scenarios where connecting to Let’s Encrypt’s staging server is problematic.
We're supporting the `http-01` and `dns-01` challenge types, so you should be able to get certs using any ACMEv2 client that supports one of these (most do).
1 comment
[ 2.9 ms ] story [ 15.9 ms ] threadACME support in `step-ca` means you can leverage existing ACME clients and libraries to get certificates from your own private certificate authority (CA). This is particularly useful for:
* Using ACME in production to issue certificates to workloads, proxies, queues, databases, etc. so you can use mutual TLS for authentication & encryption.
* Simulating Let’s Encrypt’s CA in dev & pre-production in scenarios where connecting to Let’s Encrypt’s staging server is problematic.
We're supporting the `http-01` and `dns-01` challenge types, so you should be able to get certs using any ACMEv2 client that supports one of these (most do).
* More info and examples on our blog: https://smallstep.com/blog/private-acme-server/
* step-ca is on GitHub: https://github.com/smallstep/certificates
We've been working on this for a while so we're psyched to release it and see how people use it! Let us know what you think!