Automatic Certificate Management Environment
RFC 8555, “Automatic Certificate Management Environment”, is a Proposed Standard document published in March 2019 by R. Barnes, J. Hoffman-Andrews, D. McCarney, J. Kasten. The canonical text is published by the RFC Editor.
Abstract
Public Key Infrastructure using X.509 (PKIX) certificates are used for a number of purposes, the most significant of which is the authentication of domain names. Thus, certification authorities (CAs) in the Web PKI are trusted to verify that an applicant for a certificate legitimately represents the domain name(s) in the certificate. As of this writing, this verification is done through a collection of ad hoc mechanisms. This document describes a protocol that a CA and an applicant can use to automate the process of verification and certificate issuance. The protocol also provides facilities for other certificate management functions, such as certificate revocation.
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 8555 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 8554 Leighton-Micali Hash-Based Signatures
- RFC 8556 Multicast VPN Using Bit Index Explicit Replication
- RFC 8553 DNS Attrleaf Changes: Fixing Specifications That Use Underscored Node Names
- RFC 8557 Deterministic Networking Problem Statement
- RFC 8552 Scoped Interpretation of DNS Resource Records through "Underscored" Naming of Attribute Leaves
- RFC 8558 Transport Protocol Path Signals
- RFC 8551 Secure/Multipurpose Internet Mail Extensions Version 4.0 Message Specification
- RFC 8559 Dynamic Authorization Proxying in the Remote Authentication Dial-In User Service Protocol