For ACMEv2 enrollment, you must add the following certificate types to Entrust Certificate Authority.

  • ACME V2 TLS Client
  • ACME V2 TLS Server
  • ACME V2 TLS Client and Server

See below for the required steps.

To add ACMEv2 certificate types

  1. Log into Entrust Certificate Authority Administration.
  2. Export the certificate specifications to a file by selecting File > Certificate Specifications > Export.
  3. Open the certificate specifications file in a text editor.

  4. Add the following lines to the [Certificate Types] section.

    ; ----------------------------------------------------------------------
    ; Certificate types to be used with ACME
    ; ----------------------------------------------------------------------
    acme_tls_client=enterprise,ACME V2 TLS Client,ACME V2 TLS Client Certificate
    acme_tls_server=enterprise,ACME V2 TLS Server,ACME V2 TLS Server Certificate
    acme_tls_client_srv=enterprise,ACME V2 TLS Client and Server,ACME V2 TLS Client and Server Certificate

  5. Add the following lines to the [Extension Definitions] section.

    ; ----------------------------------------------------------------------
    ; Certificate definitions to be used with ACME Public protocol in CEG
    ; ----------------------------------------------------------------------
     
    [acme_tls_client Certificate Definitions]
    1=Dual Usage
     
    [acme_tls_client Dual Usage Extensions]
    ; KeyUsage = DigitalSignature + KeyEncipherment
    keyusage=2.5.29.15,n,m,BitString,101
    ; TLS Client Authentication
    extkeyusage=2.5.29.37,n,o,SeqOfObjectIdentifier,1.3.6.1.5.5.7.3.2
     
    [acme_tls_client Advanced]
    noUserInDirectory=1
     
    [acme_tls_server Certificate Definitions]
    1=Dual Usage
     
    [acme_tls_server Dual Usage Extensions]
    ; KeyUsage = DigitalSignature + KeyEncipherment
    keyusage=2.5.29.15,n,m,BitString,101
    ; TLS Server Authentication
    extkeyusage=2.5.29.37,n,o,SeqOfObjectIdentifier,1.3.6.1.5.5.7.3.1
     
    [acme_tls_server Advanced]
    noUserInDirectory=1
     
    [acme_tls_client_srv Certificate Definitions]
    1=Dual Usage
     
    [acme_tls_client_srv Dual Usage Extensions]
    ; KeyUsage = DigitalSignature + KeyEncipherment
    keyusage=2.5.29.15,n,m,BitString,101
    ; TLS Server Authentication + TLS Client Authentication
    extkeyusage=2.5.29.37,n,o,SeqOfObjectIdentifier,1.3.6.1.5.5.7.3.1 1.3.6.
    _continue_=1.5.5.7.3.2
     
    [acme_tls_client_srv Advanced]
    noUserInDirectory=1
     
    ; --- END ACME Certificate Definitions ---------------------------------
  6. Save and close the file.
  7. Import the certificate specifications back into Entrust Certificate Authority. In Entrust Certificate Authority Administration, select File > Certificate Specifications > Import.