The Automatic Certificate Management Environment (or ACME for short) Protocol is used to enable the automatic enrolment of certificates for webservers. It allows a client to request certificates using signed JSON messages sent over HTTPS. The ACME server will verify that the client owns the requested domains by using either a HTTP or DNS based challenge.

Several free and open-source ACME clients exist. The most popular of which, Certbot, can be configured to automatically install and renew certificates for Apache, Nginx, and other webservers.

ACME+

The next generation of Certificate Automation

 ACME+ is a Cogito Group extension to the ACME protocol which allows issuance of different types of Certificates, whereas the standard protocol is limited to certificates for webservers.

When operating in ACME+ mode, the server can be configured to use other forms of trust and validation rather than relying on a certificate’s identifiers that must be based on a DNS name in the event one is not available. This mode is intended to allow for the automated issuance of certificates using convenient and familiar tools.

Functionality of ACME+

• adds the ability to use the ACME protocol as a basis for certificate types other than TLS certificates
• allows for domain validation to be turned off where required.
• replaces our existing “store and forward” capability with a standard protocol approach:
• • this is where a certificate is requested and delivered through a store and forward
    mechanism for disconnected domains.
  • this allows domains that are disconnected from a CA to still automate requests.
• will store automated requests for transfer to another network where the CA resides.
• • It enables requests to be automatically bulk submitted and returned for transfer back to the originating disconnected network.
  • The requests can then be automatically picked up by the clients that have requested

Features