Egothor/ZeroEcho
2
0
Fork 0
Code Issues 15 Pull Requests Actions Packages Projects 1 Releases 2 Wiki Activity

Design ACME integration on top of the profile and approval model #7

New Issue
Open
opened 2026-03-24 18:00:22 +01:00 by galambos · 0 comments
galambos commented 2026-03-24 18:00:22 +01:00
Owner
Copy Link

Prepare and implement an ACME integration layer that issues certificates through the existing PKI/profile infrastructure rather than bypassing it. ACME should become an enrollment and automation surface, not a parallel issuance model.

Why this matters

ACME is a strategic next step, but in regulated environments it must respect profiles, approval policy, issuance governance, and audit requirements.

Acceptance criteria

  • ACME order flow maps into internal profile selection and issuance policy.
  • ACME-issued artifacts remain auditable as ordinary PKI issuance events.
  • Policy can distinguish which profiles are ACME-eligible.
  • Server/infrastructure certificate approvals can still be enforced where needed.
  • Design leaves room for challenge validation, renewal automation, and publication.
Prepare and implement an ACME integration layer that issues certificates through the existing PKI/profile infrastructure rather than bypassing it. ACME should become an enrollment and automation surface, not a parallel issuance model. ## Why this matters ACME is a strategic next step, but in regulated environments it must respect profiles, approval policy, issuance governance, and audit requirements. ## Acceptance criteria - ACME order flow maps into internal profile selection and issuance policy. - ACME-issued artifacts remain auditable as ordinary PKI issuance events. - Policy can distinguish which profiles are ACME-eligible. - Server/infrastructure certificate approvals can still be enforced where needed. - Design leaves room for challenge validation, renewal automation, and publication.
galambos added this to the PKI Foundation Hardening and Regulated Operations Roadmap project 2026-03-24 18:56:06 +01:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project PKI Foundation Hardening and Regulated Operations Roadmap
Assignees
Clear assignees
galambos gitea-ci
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Egothor/ZeroEcho#7
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?