The ACME protocol is an Internet Engineering Task Force (IETF) proposed standard protocol that automates the signing of TLS certificates by a certificate authority (CA).
By default, the ACME certificate management option in PingAccess uses the staging Let’s Encrypt ACME CA.
The Let's Encrypt staging server, which PingAccess uses by default, has more lenient rate limits but it doesn't generate functional certificates, to support its use for testing purposes. For more information about rate limits, see the Let's Encrypt documentation.
After testing your environment, you must switch to a production server using the PingAccess administrative API.
- Use a
GET
call to/pa-admin-api/v3/acme/servers
to retrieve the ID of a production server. - Use a
PUT
call to/pa-admin-api/v3/acme/servers/default
to set the production Let's Encrypt server as the default.
To add more ACME servers, use a POST
call to
/pa-admin-api/v3/acme/servers
. For more information about
the administrative API endpoints, see Administrative API endpoints.
To manage certificates with ACME: