OpenXPKI Integrates ACME Protocol – Certificate Management is now even easier
OpenXPKI Enterprise Edition continues to grow: With today’s release, our proven PKI system gains a native interface for the ACME protocol. This expands OpenXPKI’s options for certificate auto-enrollment—which previously included SCEP, EST, and our proprietary OpenXPKIRPC API—to include a de facto standard for automated certificate management.
Account Registration with the Option to approve
ACME-compatible clients—such as Traefik, Certbot, dehydrated, or the Kubernetes cert-manager—can now work directly with OpenXPKI as a certificate provider. The process follows the ACME protocol but allows for separate verification during account creation:
- Account Creation – A client first creates an account in accordance with the ACME protocol.
- Verification – A Registration Officer reviews and approves the request in the OpenXPKI frontend (optional).
- Certificate Request – Once approved, the subscriber uses their account to automatically obtain certificates at any time via the ACME protocol.
- Authentication – The ACME challenge for authenticating the certificate request is performed via HTTP in accordance with the protocol.
As a result, OpenXPKI Enterprise Edition meets high security requirements without sacrificing the convenience of fully automated certificate issuance via ACME.
More Flexibility, same Comfort
The new ACME interface uses the same granular configuration options that OpenXPKI users are already familiar with from other protocols. This allows organizations to maintain existing policies, clearly define responsibilities, and centrally audit the entire certificate lifecycle.
With the ACME integration, the White Rabbit Security team is taking another step toward a state-of-the-art and flexible PKI infrastructure.
