-
Notifications
You must be signed in to change notification settings - Fork 139
Installing ACME Responder using pkispawn
Endi S. Dewata edited this page Feb 6, 2025
·
15 revisions
This document describes the process to install an ACME responder on a PKI server that already has a CA subsystem using pkispawn command.
This document assumes that the following DS service is available to use as ACME database and ACME realm:
-
URL:
ldap://ds.example.com:3389 -
Base DN:
dc=acme,dc=pki,dc=example,dc=com -
Bind DN:
cn=Directory Manager -
Bind password:
Secret.123
It also assumes that the following CA service is available to use as ACME issuer:
-
URL:
ldap://pki.example.com:3389 -
Username:
caadmin -
Password:
Secret.123
To import the DS schema for ACME database:
$ ldapmodify \
-H ldap://ds.example.com:3389 \
-D "cn=Directory Manager" \
-w Secret.123 \
-f /usr/share/pki/acme/database/ds/schema.ldif
To create the DS indexes for ACME database:
$ ldapadd \
-H ldap://ds.example.com:3389 \
-D "cn=Directory Manager" \
-w Secret.123 \
-f /usr/share/pki/acme/database/ds/index.ldif
To create the DS subtrees for ACME database:
$ ldapadd \
-H ldap://ds.example.com:3389 \
-D "cn=Directory Manager" \
-w Secret.123 \
-f /usr/share/pki/acme/database/ds/create.ldif
To create the DS subtrees for ACME realm:
$ ldapadd \
-H ldap://ds.example.com:3389 \
-D "cn=Directory Manager" \
-w Secret.123 \
-f /usr/share/pki/acme/realm/ds/create.ldif
$ pkispawn \
-f /usr/share/pki/server/examples/installation/acme.cfg \
-s ACME \
-D acme_database_url=ldap://ds.example.com:3389 \
-D acme_issuer_url=https://pki.example.com:8443 \
-D acme_realm_url=ldap://ds.example.com:3389 \
-v
|
Tip
|
To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis. |