Hi -

My team is adding ACME 2.0 client support to the Open Liberty application server and wanted to test against Dogtag PKI's ACME server. My intention is to containerize the ACME server and drive it through the same functional tests we run against other ACME CA servers (i.e. - Pebble and Boulder for instance) to verify compatibility.

The first error I hit was an issue with using JSS 4.7 and I understand that will be fixed by PR https://github.com/dogtagpki/jss/pull/532 .

To move past this error, I was advised to move down to JSS 4.6.2. Upon doing so, I made it past the initial error but now hit the following error:

I can see in the ACME server's trace that it does indeed authorize my ownership of the domain and then try to issue the certificate. Examining the AcmeIssuer class shows that this class has several methods that are not implemented.

Is this expected or is it possible I have a misconfiguration? I assume I am testing too early and need to wait until the implementation is further along, but I wanted to test early enough that if there were issues I could detect them earlier rather than later.

If it matters, I am testing the with the image from @pki/master on a Fedora 30 docker container.

Jesse Van Hill
Websphere Identity Management Architect & Dev Lead
WebSphere Application Server & Open Liberty

507-513-6234 jlvanhil@us.ibm.com