Hi Jesse,

I'd like to let you know that we have created a PKI ACME container that can be

deployed much more easily on Podman or OpenShift:

https://github.com/dogtagpki/pki/blob/master/docs/installation/acme/Deploying_ACME_on_Podman.md

https://github.com/dogtagpki/pki/blob/master/docs/installation/acme/Deploying_ACME_on_OpenShift.md

By default the container will generate a self-signed CA signing certificate and use

an ephemeral database, but you can configure it with a permanent certificate and

persistent database.

We've also set up a demo instance that you can try:

https://acme.demo.dogtagpki.org/acme/directory

Just let me know if you have any questions. Thanks!

Endi S. Dewata

On Tue, Jun 2, 2020 at 8:35 AM Jesse L Van hill <jlvanhil@us.ibm.com> wrote:

Hi Endi -

Unfortunately, customer issues have kept me from pursuing this further. I or one of my team still intends on doing so. I will be sure to let you know when I have tested.

Jesse Van Hill
Websphere Identity Management Architect & Dev Lead
WebSphere Application Server & Open Liberty
https://openliberty.io/

507-513-6234 jlvanhil@us.ibm.com

Endi Sukma Dewata ---06/01/2020 10:42:43 PM-------- Original Message ----- > > Hi -

From: Endi Sukma Dewata <edewata@redhat.com>
To: Jesse L Van hill <jlvanhil@us.ibm.com>
Cc: pki-devel@redhat.com
Date: 06/01/2020 10:42 PM
Subject: [EXTERNAL] Re: [Pki-devel] ACME Support: Error issuing certificate
Hi Jesse, I was just wondering if you managed to test against the ACME server. FYI, we're working on adding an embedded CA into the ACME server so it can be containerized more easily without dependency on a separate CA. Hopefully we will have something usable by the end of the month. -- Endi S. Dewata