-
Notifications
You must be signed in to change notification settings - Fork 36
Support for TNAuthList identifier and tkauth 01 challenges
The support of TNAuthList identifier and tkauth-01 challenges is rather experimental. Main reason is that neither identifier nor challenge type are fully standardized.
The current implementation follows:
TNAuthList support is disabled by default and needs to be enabled in acme_srv.cfg by adding the parameter tnauthlist_support: True
into the Order
section of the configuration file.
There is currently no acme-client available supporting the TNAuthList extension. For testing purposes, I added the needed support to acme.sh but the changes are not yet incorporated into the main code. So, feel free to use it at your own risk and don't forget to provide feedback.
Below the command to be used enroll the certificate having a TNAuthList certificate extension
root@rlh:~# acme.sh --server http://<server-name> --issue -d <fqdn> --tnauth <TN Authorization List> --spctoken <service provider code token> --standalone -w /tmp --debug 2 --output-insecure --force --log acme.log'