Skip to content

Configuring ACME with OpenLDAP Database

Endi S. Dewata edited this page Dec 6, 2024 · 4 revisions

Configuring ACME with OpenLDAP Database


This document describes the process to configure ACME responder to use an OpenLDAP database.

Initializing OpenLDAP Database

First, add the ACME OpenLDAP schema by importing /usr/share/pki/acme/database/openldap/schema.ldif with the following command:

$ ldapadd -H ldapi:/// -Y EXTERNAL \
    -f /usr/share/pki/acme/database/openldap/schema.ldif

Next, prepare an LDIF file to create the ACME subtree. A sample LDIF file is available at /usr/share/pki/acme/database/openldap/create.ldif. This example uses dc=acme,dc=pki,dc=example,dc=com as the base DN. Import the file with the following command:

$ ldapadd -H ldap://$HOSTNAME -x -D "cn=Manager,dc=example,dc=com" -w Secret.123 \
    -f /usr/share/pki/acme/database/openldap/create.ldif

Configuring ACME Database

A sample database configuration is available at /usr/share/pki/acme/database/openldap/database.conf.

To use the OpenLDAP database, copy the sample database.conf into the /var/lib/pki/pki-tomcat/conf/acme folder, or execute the following command to customize some of the parameters:

$ pki-server acme-database-mod --type openldap \

Customize the configuration as needed. The database.conf should look like the following:


See Also

Clone this wiki locally