Manage key pairs using the automatic certificate management environment (ACME) protocol, which automatically obtains and renews certificates indirectly signed by a well-known trust anchor.
protocol is an Internet Engineering Task Force (IETF) proposed standard protocol
that automates the signing of TLS certificates by a
The ACME certificate management option in PingAccess uses the staging Let’s Encrypt ACME CA by default.
The Let's Encrypt staging server that PingAccess uses by default has more lenient rate limits, but it doesn't generate functional certificates, to support its use for testing purposes. For more information about rate limits, see the Let's Encrypt documentation.
After testing your environment, you must switch to a production server using the
- Use a
/pa-admin-api/v3/acme/serversto retrieve the ID of a production server.
- Use a
/pa-admin-api/v3/acme/servers/defaultto set the production Let's Encrypt server as the default.
To add more ACME servers, use a
POST call to
/pa-admin-api/v3/acme/servers. See the Administrative API endpoints documentation for more information about the
administrative API endpoints.
- Click Security and then go to .
Click the Pencil icon, and then click Manage
with ACME for the key pair.
The ACME status changes to Pending. When the protocol has completed, the status changes to Valid if the protocol completed successfully.