Closed treidel closed 5 months ago
Is there any official information that it has been supported?
Hi, I work for Entrust so I can verify that ES256 is now supported. A colleague installed acmebot in his Azure environment and was successfully able to issue a certificate without needing to configure the override to use RSA signatures.
As further confirmation, the Entrust Certificate Services ACME training content has a statement that both ES256 and RS256 signature algorithms are supported by the Entrust ACME service.
Both the mandatory ES256 and optional RS256 signature algorithms are supported.
Unfortunately, the training is only accessible when logged into the Entrust portal however all customers are able to view the content where the quote above is posted when they are logged in.
Thanks for the information. I am relieved to know that the information is reliable.
As for the Wiki, it has been fixed.
The Entrust ACME service now supports the mandatory/default ES256 hash algorithm. The "Current limitations in Entrust" section can be removed as it is no longer required to override the hash algorithm to use RSA signatures instead, e.g. the default settings for acmebot are sufficient to connect to successfully issue certificates via Entrust.
https://github.com/shibayan/keyvault-acmebot/wiki/External-Account-Binding