Support for TNAuthList Identifier and tkauth 01 Challenges

TNAuthList Support

Support for the TNAuthList identifier and tkauth-01 challenges is currently experimental, as neither the identifier nor the challenge type has been fully standardized.

Implementation

The current implementation follows these specifications:

Enabling TNAuthList Support

By default, TNAuthList support is disabled. To enable it, modify the Order section of the configuration file (acme_srv.cfg) and add:

[Order]
tnauthlist_support: True

ACME Client Support

Currently, no ACME client officially supports the TNAuthList extension. However, for testing purposes, I have added support to a modified version of acme.sh. These changes have not yet been merged into the main repository.

If you choose to use this modified version, please proceed at your own risk and provide feedback.

Enrolling a Certificate with TNAuthList

To enroll a certificate that includes a TNAuthList certificate extension, use the following command:

acme.sh --server http://<server-name> --issue -d <fqdn>         --tnauth <TN Authorization List> --spctoken <Service Provider Code Token>         --standalone -w /tmp --debug 2 --output-insecure --force --log acme.log

Support for TNAuthList Identifier and tkauth 01 Challenges

TNAuthList Support

Implementation

Enabling TNAuthList Support

ACME Client Support

Enrolling a Certificate with TNAuthList

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally