FAQ

• What is ACMESharp? ACMESharp is a project to provide (1) a .NET library implementation for the ACME protocol and (2) a set of tools in the form of a PowerShell module that use that library to manage certificate requests and issuance.

• What is ACME? ACME is the protocol spearheaded by the Let's Encrypt project, and submitted to the IETF for standardization which defines an automated process for requesting PKI certificates and all the related operations needed to support that function.

• What is Let's Encrypt? Let's Encrypt is a project to establish a trusted Certificate Authority (CA) which can be used to issue free PKI certificates for securing access to web sites.

• What is a domain-validated (DV) certificate? A domain-validated certificate is a PKI certificate where the ownership of the DNS name on the certificate has been verified by the issuing part (i.e. the Certificate Authority (CA)). It is just one of several standard types of certificates, such as organization-validated (OV) and extended validation (EV) certificates. DV certificates are the only ones supported by the Let's Encrypt project because they are the only ones that can be easily automated and made cost-effective for free issuance on a grand scale.

• Is ACMESharp FIPS-compliant? ACMESharp relies on a combination of the underlying Windows and .NET crypto services, and externalized crypto functions of various providers, by default the OpenSSL port to Windows. These providers can be configured to require the use of FIPS-compliant primitives or can be swapped out with providers that guarantee FIPS-compliance. See this comment and this issue for more details.

• What are the crypto functions in use by ACMESharp? The crypto primitives used in ACMESharp can be split between those supporting the ACME protocol itself, namely support of JWS, and those that are used in support of certificate operations, such as private key and CSR generation. They are isolated in a few base classes with various provider derivatives as described in this comment.