github
/
acme4j
mirror of https://github.com/shred/acme4j
1
0
Fork 0
Code Issues Releases Wiki Activity

Add documentation about profiles

master
Richard Körber 2025-01-18 12:07:31 +01:00
parent 36363adfe2
commit 786a2d279d
No known key found for this signature in database
GPG Key ID: AAB9FD19C78AA3E0
3 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -16,6 +16,7 @@ This Java client helps connecting to an ACME server, and performing all necessar
* Supports [RFC 8823](https://tools.ietf.org/html/rfc8823) for S/MIME certificates (experimental)
* Supports [RFC 9444](https://tools.ietf.org/html/rfc9444) for subdomain validation
* Supports [draft-ietf-acme-ari-06](https://www.ietf.org/archive/id/draft-ietf-acme-ari-06.html) for renewal information (experimental)
* Supports [draft-aaron-acme-profiles-00](https://www.ietf.org/archive/id/draft-aaron-acme-profiles-00.html) for certificate profiles (experimental)
* Easy to use Java API
* Requires JRE 11 or higher
* Supports [Buypass](https://buypass.com/), [Google Trust Services](https://pki.goog/), [Let's Encrypt](https://letsencrypt.org/), [SSL.com](https://www.ssl.com/), [ZeroSSL](https://zerossl.com/), and all other CAs that comply with the ACME protocol (RFC 8555). Note that _acme4j_ is an independent project that is not supported or endorsed by any of the CAs.

1
src/doc/docs/index.md
View File

@ -20,6 +20,7 @@ Latest version: ![maven central](https://shredzone.org/maven-central/org.shredzo
* Supports [RFC 8823](https://tools.ietf.org/html/rfc8823) for S/MIME certificates (experimental)
* Supports [RFC 9444](https://tools.ietf.org/html/rfc9444) for subdomain validation
* Supports [draft-ietf-acme-ari-06](https://www.ietf.org/archive/id/draft-ietf-acme-ari-06.html) for renewal information (experimental)
* Supports [draft-aaron-acme-profiles-00](https://www.ietf.org/archive/id/draft-aaron-acme-profiles-00.html) for certificate profiles (experimental)
* Easy to use Java API
* Requires JRE 11 or higher
* Supports [Buypass](https://buypass.com/), [Google Trust Services](https://pki.goog/), [Let's Encrypt](https://letsencrypt.org/), [SSL.com](https://www.ssl.com/), [ZeroSSL](https://zerossl.com/), and all other CAs that comply with the ACME protocol (RFC 8555). Note that _acme4j_ is an independent project that is not supported or endorsed by any of the CAs.

17
src/doc/docs/usage/order.md
View File

@ -240,3 +240,20 @@ The CA can then choose to issue challenges for any of `foo.bar.example.org`, `ba
`Authorization.isSubdomainAuthAllowed()` will return `true` if that `Authorization` is used to issue subdomain certificates.
To check if your CA supports RFC 9444, read `Metadata.isSubdomainAuthAllowed()`.
## Profiles
If your CA supports [draft-aaron-acme-profiles](https://www.ietf.org/archive/id/draft-aaron-acme-profiles-00.html), you can select a profile when ordering a certificate:
```java
Order order = account.newOrder()
.profile("tlsserver")
.create();
```
You can use `Metadata` to check if profiles are supported, and which ones:
* `Metadata.isProfileAllowed()`: `true` if profiles are supported
* `Metadata.isProfileAllowed(String)`: `true` if the given profile is supported
* `Metadata.getProfiles()`: returns a `Set` of all profile names
* `Metadata.getProfileDescription(String)`: returns a human-readable profile description