GlobalSign updates ACME service to simplify domain management

GMO GlobalSign announced updates to its Automated Certificate Management Environment (ACME) service for internal domain certificates, enabling customers to issue GlobalSign IntranetSSL certificates through its ACME service.

ACME is an internet protocol designed to enable enterprises to communicate with a CA like GlobalSign to automate important lifecycle functions for TLS certificates at a low cost and high speed. With the introduction of this upgrade, GMO GlobalSign is unlocking a capability that has not been easily achieved by most organizations: the ability to issue certificates via ACME for internal/non-public domains using unofficial domain suffixes, such as .internal or .lan.

Organizations might use these internal domains for development networks or other non-production environments; they are also leveraged for private device networks and Active Directory domains (though recommended practice for AD domains is to use a subdomain of a publicly registered domain controlled by your organization).

“Some users choose self-signed certificates, however, that requires an understanding of your organization’s Public Key Infrastructure (PKI), but not every business employs these specialists,” said Julie Gaunt, product manager, GMO GlobalSign, Inc. “Because we are a publicly trusted, WebTrust audited certificate authority, we have domain expertise that is now being paired with ACME. By automating the issuance and renewal of non-public TLS certificates, organizations can be confident that internal endpoints will maintain encryption standards and meet internal compliance mandates, preventing unauthorized access, data breaches and potential disruptions to operations.”

Further updates to GlobalSign ACME service include subdomain validation re-use, support of the ACME KeyChange endpoint, and backend ACME Nonce updates. By leveraging ACME’s inbuilt capabilities, subdomain validation reuse removes the requirement for domain validation for subdomains so long as the parent domain has already been verified. In addition, the ACME Nonce update enables our ACME service to handle more certificate requests than ever before. In total, these updates will better serve our customers and improve user experience.

About GlobalSign ACME service

GlobalSign ACME service is critical for today’s certificate lifecycle management marketplace due to shortening certificate lifespans. Because many companies lack experts in PKI, there is an urgent need to ensure that companies can automate the process of getting certificates to reach their intended endpoints.

The strength of GlobalSign ACME service lies in the communication between an ACME client requesting a certificate from an ACME server for the automation of the most important certificate lifecycle management (CLM) functions. GlobalSign ACME for IntranetSSL empowers small and medium enterprises to automate the certificate issuance process for internal endpoints or any type of web server that is restricted from public internet use.

Powered by GlobalSign Digital Identity Platform, Atlas, ACME offers organizations seamless certificate management automation.