certEP certLife | certACME | certPush | certBox | certMode

certACME – SSL/TLS Autoenrollment

Secardeo certACME is a proxy for the automatic registration of web server certificates using the ACME protocol (Automatic Certificate Management Environment). The lifetime of public TLS certificates, currently one year, is decreasing more and more, which is why automated certificate management is urgently required. The unavailability of web servers due to expired certificates can lead to massive financial damage. The ACME protocol is used to automate the interactions between certification authorities and web servers. It was developed for the free Let’s Encrypt CA service. However, many organizations prefer to use certificates from a commercial CA under a well-defined contract for public web servers. Or internal certificates from a Microsoft CA are used. certACME can be used to issue certificates from public certification authorities such as SwissSign or QuoVadis or an internal Microsoft CA. All certificates are stored in the central TOPKI certificate database. This ensures complete control over the certificates and auditable certificate management processes.

certACME Advantages

  • Automation for TLS web server certificates
  • Increase in service quality and cost savings
  • Full control over certificates and auditable certificate management processes
  • Use for external web servers or internal web servers
  • Flexible choice of certification authority (CA)

How it works

certACME can be easily integrated as a Microsoft IIS web application and acts as an ACME server for standard ACME clients. This validates the certificate requests using an HTTP request and forwards the Certificate Signing Request (CSR) to the connected public or private certification authority. CertACME optionally extends a CSR with company attributes such as organization, country, organizational unit. certACME stores all certificates in a local or central SQL database. certACME sends automatically configurable notifications to certificate managers and administrators.

certACME Features

certACME will offer you the following features:

  • Acts as an ACME server for standard ACME clients
  • Supports common web servers and F5 Big-IP server pools
  • Validates a web server using a HTTP or DNS challenge
  • Forwards CSR to a public or private CA
  • Optionally enhances CSR with corporate attributes like Organization, Country, OU
  • Stores certificates in a local or central SQL database
  • Automatically sends configurable notifications to certificate managers and administrators
  • Multiple Backend CAs
  • Multiple AD Certificate Templates with individual challenge configuration
  • Whitelist based domain name authorization
  • ACME account management