For ACMEv2 enrollment, you must add the following certificate types to the Security Manager CA: ACME V2 TLS Client, ACME V2 TLS Server, and ACME V2 TLS Client and Server.

To add ACMEv2 certificate types to Security Manager

  1. Log in to Security Manager Administration.
  2. Export the certificate specifications to a file by selecting File > Certificate Specifications > Export.
  3. Open the certificate specifications file in a text editor.

  4. Add the following lines to the [Certificate Types] section.

    ; ----------------------------------------------------------------------
    ; Certificate types to be used with ACME
    ; ----------------------------------------------------------------------
    acme_tls_client=enterprise,ACME V2 TLS Client,ACME V2 TLS Client Certificate
    acme_tls_server=enterprise,ACME V2 TLS Server,ACME V2 TLS Server Certificate
    acme_tls_client_srv=enterprise,ACME V2 TLS Client and Server,ACME V2 TLS Client and Server Certificate

  5. Add the following lines to the [Extension Definitions] section.

    ; ----------------------------------------------------------------------
    ; Certificate definitions to be used with ACME Public protocol in CEG
    ; ----------------------------------------------------------------------
     
    [acme_tls_client Certificate Definitions]
    1=Dual Usage
     
    [acme_tls_client Dual Usage Extensions]
    ; KeyUsage = DigitalSignature + KeyEncipherment
    keyusage=2.5.29.15,n,m,BitString,101
    ; TLS Client Authentication
    extkeyusage=2.5.29.37,n,o,SeqOfObjectIdentifier,1.3.6.1.5.5.7.3.2
     
    [acme_tls_client Advanced]
    noUserInDirectory=1
     
    [acme_tls_server Certificate Definitions]
    1=Dual Usage
     
    [acme_tls_server Dual Usage Extensions]
    ; KeyUsage = DigitalSignature + KeyEncipherment
    keyusage=2.5.29.15,n,m,BitString,101
    ; TLS Server Authentication
    extkeyusage=2.5.29.37,n,o,SeqOfObjectIdentifier,1.3.6.1.5.5.7.3.1
     
    [acme_tls_server Advanced]
    noUserInDirectory=1
     
    [acme_tls_client_srv Certificate Definitions]
    1=Dual Usage
     
    [acme_tls_client_srv Dual Usage Extensions]
    ; KeyUsage = DigitalSignature + KeyEncipherment
    keyusage=2.5.29.15,n,m,BitString,101
    ; TLS Server Authentication + TLS Client Authentication
    extkeyusage=2.5.29.37,n,o,SeqOfObjectIdentifier,1.3.6.1.5.5.7.3.1 1.3.6.
    _continue_=1.5.5.7.3.2
     
    [acme_tls_client_srv Advanced]
    noUserInDirectory=1
     
    ; --- END ACME Certificate Definitions ---------------------------------
  6. Save and close the file.
  7. Import the certificate specifications back into Security Manager. In Security Manager Administration, select File > Certificate Specifications > Import.