Features¶
Design philosophy¶
Keys in a PKCS11 device
All certificates (and CA’s) should have working CRL, OCSP, and CA Issuers fields.
Full ACME support
CMC Support
Elegant and simple fully automatic management API
Handle 10 requests per second. For example receiving an CSR and signing it with the PKCS11 device into a certificate returned to the client.
PKCS11 key storage¶
ACME¶
Note
The Automatic Certificate Management Environment (ACME) protocol is a communications protocol for automating interactions between certificate authorities and their users’ servers. Allowing the automated deployment of public key infrastructure at very low cost. It was designed by the Internet Security Research Group (ISRG) for their Let’s Encrypt service. The protocol, based on passing JSON-formatted messages over HTTPS has been published as an Internet Standard in RFC 8555 by its own chartered IETF working group
CMC¶
Note
The Certificate Management over CMS (CMC) is an Internet Standard published by the IETF, defining transport mechanisms for the Cryptographic Message Syntax (CMS). It is defined in RFC 5272, its transport mechanisms in RFC 5273. Similarly to the Certificate Management Protocol (CMP), it can be used for obtaining X.509 digital certificates in a public key infrastructure (PKI).
Elegant management API¶
Note
This is under active development and might be functionally changed in the future.