<html><body>Hi - My team is adding ACME 2.0 client support to the Open Liberty application server and wanted to test against Dogtag PKI's ACME server. My intention is to containerize the ACME server and drive it through the same functional tests we run against other ACME CA servers (i.e. - Pebble and Boulder for instance) to verify compatibility. The first error I hit was an issue with using JSS 4.7 and I understand that will be fixed by PR <a href="https://github.com/dogtagpki/jss/pull/532" target="_blank">https://github.com/dogtagpki/jss/pull/532</a> . <ul><ul><tt>2020-05-04 22:15:53 [http-nio-8080-exec-5] SEVERE: Unable to validate HTTP-01 challenge: Unable to get SunJSSE provider for TLS: SSLContextImpl is not initialized</tt> <tt>java.lang.RuntimeException: Unable to get SunJSSE provider for TLS: SSLContextImpl is not initialized</tt> <tt> at org.mozilla.jss.provider.javax.net.JSSContextSpi.engineGetSocketFactory(JSSContextSpi.java:118)</tt> <tt> at javax.net.ssl.SSLContext.getSocketFactory(SSLContext.java:294)</tt> <tt> at org.apache.http.conn.ssl.SSLConnectionSocketFactory.<init>(SSLConnectionSocketFactory.java:292)</tt> <tt> at org.apache.http.impl.client.HttpClientBuilder.build(HttpClientBuilder.java:978)</tt> <tt> at org.apache.http.impl.client.HttpClients.createDefault(HttpClients.java:56)</tt> <tt> at org.dogtagpki.acme.validator.HTTP01Validator.getResponse(HTTP01Validator.java:112)</tt> <tt> at org.dogtagpki.acme.validator.HTTP01Validator.validateChallenge(HTTP01Validator.java:63)</tt> <tt> at org.dogtagpki.acme.server.ACMEChallengeService.handlePOST(ACMEChallengeService.java:99)</tt> <tt> ...</tt></ul></ul> To move past this error, I was advised to move down to JSS 4.6.2. Upon doing so, I made it past the initial error but now hit the following error: <ul><ul><tt>2020-05-05 18:36:08 [http-nio-8080-exec-7] SEVERE: Servlet.service() for servlet [Resteasy] in context with path [/acme] threw exception</tt> <tt>org.jboss.resteasy.spi.UnhandledException: org.apache.commons.lang.NotImplementedException: Code is not implemented</tt> <tt> at org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:78)</tt> <tt> at org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:222)</tt> <tt> ...</tt> <tt>Caused by: org.apache.commons.lang.NotImplementedException: Code is not implemented</tt> <tt> at org.dogtagpki.acme.issuer.ACMEIssuer.generateCertificate(ACMEIssuer.java:61)</tt> <tt> at org.dogtagpki.acme.issuer.ACMEIssuer.issueCertificate(ACMEIssuer.java:73)</tt> <tt> at org.dogtagpki.acme.server.ACMEFinalizeOrderService.handlePOST(ACMEFinalizeOrderService.java:79)</tt> <tt> ...</tt></ul></ul> I can see in the ACME server's trace that it does indeed authorize my ownership of the domain and then try to issue the certificate. Examining the AcmeIssuer class shows that this class has several methods that are not implemented. <ul><ul><a href="https://github.com/dogtagpki/pki/blob/master/base/acme/src/main/java/org/dogtagpki/acme/issuer/ACMEIssuer.java#L61">https://github.com/dogtagpki/pki/blob/master/base/acme/src/main/java/org/dogtagpki/acme/issuer/ACMEIssuer.java#L61</a></ul></ul> Is this expected or is it possible I have a misconfiguration? I assume I am testing too early and need to wait until the implementation is further along, but I wanted to test early enough that if there were issues I could detect them earlier rather than later. If it matters, I am testing the with the image from @pki/master on a Fedora 30 docker container. Jesse Van Hill Websphere Identity Management Architect & Dev Lead WebSphere Application Server & Open Liberty <a href="https://openliberty.io/">https://openliberty.io/</a> 507-513-6234 jlvanhil@us.ibm.com </body></html>