Certificate automation and the ACME protocol
In recent years, the automation of CAs has seen some serious uptake. Let's Encrypt in particular has fueled this change, by offering free public-certificate services. They've reduced the cost of this service by using automation, in particular using the ACME protocol (RFC 8737/RFC 8555) and the Certbot services for verification of CSR information, as well as for issuing and delivering certificates. For the most part, this service and protocol focuses on providing automated certificates to web servers, but that is being scaled out to cover other use cases.
Implementations such as Smallstep, which uses the ACME protocol for automating and issuing certificate requests, have extended this concept to include the following:
- Open Authorization (OAuth)/OpenID Connect (OIDC) provisioning, using identity tokens for authentication, allowing single sign-on (SSO) integration for G Suite, Okta, Azure Active Directory (Azure AD), and...
