Introduction

Security architecture using cryptography has become a standard and a best practice to protect an organization and its valuable assets, including data at rest, in transit, and in process from any possible threats, exposures and attacks. Security through Public Key Infrastructure (PKI) in the form of digital certificates is the unanimously accepted technology in security architecture to provide confidentiality, integrity, and availability of the mission-critical resources for the business to function securely.

The digital certificates are used for a number of purposes like document signing, email protection, and more, in which the most significant of all is the SSL/TLS certificate. Due to the exponential growth of e-commerce and online transactions, it has become inevitable to secure the transactions to provide confidentiality and integrity of the data and information exchanged between the clients and servers participating in the online business.

The demand for the SSL/TLS certificates to secure web servers (also clients sometimes) created an opportunity to automate the certificate enrollment process for the domain validated web servers. This led to the development of Automatic Certificate Enrollment Environment (ACME), which is a protocol that defines guidelines for the certificate issuers and participating clients to automate the certificate issuance to the web servers.

This document describes the Sectigo ACME service in detail and provides instructions on how to integrate some of the widely used ACME clients with Sectigo ACME server(s) to auto-enroll their web servers to receive Sectigo SSL/TLS certificate to enable HTTPS for their portal or website.

Audience

This guide is intended for customers who have good exposure to Sectigo products, Sectigo Certificate Manager (SCM) administration and responsible for security products integration, system administration, PKI support, IT systems management, and support for environments for which TLS is an essential security protocol for providing confidentiality and integrity protection to systems and operations and implementing security solutions in organizations' IT support activities.

Scope

This document limits its scope to manual and automatic enrollment of SSL/TLS web server certificates using External Account Binding (EAB) supported ACME clients.

Assumptions

This document is guided by the following assumptions:

  • Administrator who executes the instructions from this guide has good understanding of SCM and ACME clients.

  • Pre-registration of organization is completed with Sectigo.

  • SCM portal setup for the customer access is completed.

  • Valid SCM credentials are securely provided to the customer for SCM portal access.

  • Domain registration is completed for public access web servers.

  • Multi-domain certificate or wildcard certificate for public access web servers should be pre-approved by Sectigo before executing the instructions given in this document.