mirror of
https://github.com/grindsa/acme2certifier.git
synced 2025-12-31 01:51:01 +02:00
Page:
Support for TNAuthList Identifier and tkauth 01 Challenges
Pages
# How to build an acme2certifier cluster on Ubuntu 22.04
<! wiki title: DEB Installation on Ubuntu 22.04
<! wiki title: External Account Binding
<! wiki title: Hooks
<! wiki title: Installation on Apache2 Running on Ubuntu 22.04
<! wiki title: Installation on NGINX Running on Alma Linux 9
<! wiki title: Pass Information from ACME Client to CA Handler
<! wiki title: Reporting and Housekeeping
<! wiki title: Support for ACME profiling
<! wiki title: Support for External Databases
ACME CA handler
Asynchronous Mode (`async_mode`) in acme2certifier
CA Handler for Microsoft Certification Authority Web Enrollment Service
CA Handler for Microsoft Windows Client Certificate Enrollment Protocol (MS WCCE)
CA Handler for NetGuard Certificate Lifecycle Manager
CA Handler for OpenXPKI
CA Handler for XCA
CA Handler for an OpenSSL based CA Stored on Local File System
CA Polling to Check Pending Enrollment Requests
CA Trigger
CA handler for Digicert CertCentral
CA handler for EJBCA
CA handler for Entrust ECS Enterprise
CA handler for Insta ActiveCMS
CA handler for Insta
CA handler for Microsoft Certification Authority Web Enrollment Service
CA handler for Microsoft Windows Client Certificate Enrollment Protocol (MS WCCE)
CA handler for NetGuard Certificate Lifecycle Manager
CA handler for NetGuard Certificate Manager and Insta Certifier
CA handler for OpenXPKI
CA handler for XCA
CA handler for an openssl based CA stored on local file system
CA handler using CMPv2 protocol
CA handler using EST protocol
CA polling to check pending enrollment requests
CA trigger
CA‐handler for Hashicorp Vault PKI
Configuration options for acme2certifier
Containerized Installation Using Apache2 or Nginx as Web Server with WSGI or Django
Containerized installation
DEB installation on Ubuntu 22.04
Database scheme
Enrollment of End User Certificates according to RFC8823
Enrollment profiling via external account binding
Example commands for acme clients
External Account Binding (EAB)
External Account Binding
Home
Hooks support
Hooks
How to Create Your Own CA Handler
How to build am acme2certifier cluster on Ubuntu 22.04
How to build an acme2certifier cluster on Alma Linux 9
How to build an acme2certifier cluster on Ubuntu 22.04
How to contribute to this project
How to create your own CA Handler
Installation on Apache2 Running on Ubuntu 22.04
Installation on NGINX Running on Alma Linux 9
Installation on Nginx Running on Ubuntu 22.04
Installation on nginx running on Ubuntu 22.04
Pass Information from ACME Client to CA Handler
Prevalidated Domain List Feature for ACME Authorization
Proxy Support in acme2certifier
Proxy support in acme2certifier
RPM Installation on AlmaLinux 9
RPM installation on Alma Linux 9
RPM installation on alma Linux 9
Reporting and Housekeeping support
SOAP CA Handler Prototype
SOAP CA handler protopype
Security Policy
Support for ACME profiling
Support for External Databases
Support for TNAuthList Identifier and tkauth 01 Challenges
Support for TNAuthList identifier and tkauth 01 challenges
Upgrading acme2certifier
Using cert manager to enroll certificate in Kubernetes environments
acme_srv.cfg configuration options
upgrading acme2certifier
vault
No results
2
Support for TNAuthList Identifier and tkauth 01 Challenges
grindsa edited this page 2025-06-27 15:44:18 +00:00
TNAuthList Support
Support for the TNAuthList identifier and tkauth-01 challenges is currently experimental, as neither the identifier nor the challenge type has been fully standardized.
Implementation
The current implementation follows these specifications:
- RFC 9447 - Automated Certificate Management Environment (ACME) Challenges Using an Authority Token
- RFC 9448 - TNAuthList Profile of Automated Certificate Management Environment (ACME) Authority Token
- ATIS-1000080
Enabling TNAuthList Support
By default, TNAuthList support is disabled. To enable it, modify the Order section of the configuration file (acme_srv.cfg) and add:
[Order]
tnauthlist_support: True
ACME Client Support
Currently, no ACME client officially supports the TNAuthList extension. However, for testing purposes, I have added support to a modified version of acme.sh. These changes have not yet been merged into the main repository.
If you choose to use this modified version, please proceed at your own risk and provide feedback.
Enrolling a Certificate with TNAuthList
To enroll a certificate that includes a TNAuthList certificate extension, use the following command:
acme.sh --server http://<server-name> --issue -d <fqdn> --tnauth <TN Authorization List> --spctoken <Service Provider Code Token> --standalone -w /tmp --debug 2 --output-insecure --force --log acme.log