The SMS features Automatic Certificate Management Environment (ACME) support that makes procuring and managing TLS certificates and keys more streamlined.
ACME eliminates having to manually request TLS certificates and keys from a protected
web server for the initial TLS configuration and then every time these crypto assets
expire. Instead, the SMS can get them automatically from any certificate authority
(CA) that uses the ACME protocol.
The SMS currently uses the Let's Encrypt (LE) CA for ACME certificate requests. Each
SMS certificate request includes the domain names that require a certificate, the
key length, and the algorithm (RSA or ECDSA) for the certificate. Before a certificate
can be issued, LE CA validates whether the requester is the owner of the domain. Through
a series of token transactions with the SMS and the TPS protecting the server, LE
validates the request and provides the certificate to the SMS.
After the transaction completes, the SMS stores the certificate.
 |
NoteFor ACME to work, the SMS cannot have FIPS mode or Asymmetric Network mode enabled.
|
To learn more about configuring ACME on the SMS, refer to the Threat Protection System (TPS) SSL Inspection Deployment Guide.