GMO GlobalSign Adds ACME Support for Internal Domain Certificate Issuance
July 2024 by Marc Jacob
GMO GlobalSign, Inc announced updates to its Automated Certificate Management Environment (ACME) service for internal domain certificates, enabling customers to issue GMO GlobalSign IntranetSSL certificates through its ACME service. GMO GlobalSign is one of the few CA’s that offers users the ability issue certificates for internal and private domains using unofficial domain suffixes via ACME.
ACME is an internet protocol designed to enable enterprises to communicate with a CA like GMO GlobalSign to automate important lifecycle functions for TLS certificates at a low cost and high speed. With the introduction of this upgrade, GMO GlobalSign is unlocking a capability that has not been easily achieved by most organizations: the ability to issue certificates via ACME for internal/non-public domains using unofficial domain suffixes, such as internal or .lan. Organizations might use these internal domains for development networks or other non-production environments; they are also leveraged for private device networks and Active Directory domains (though recommended practice for AD domains is to use a subdomain of a publicly registered domain controlled by your organization).
Further updates to GMO GlobalSign’s ACME service include subdomain validation re-use, support of the ACME KeyChange endpoint, and backend ACME Nonce updates. By leveraging ACMEs inbuilt capabilities, subdomain validation reuse removes the requirement for domain validation for subdomains so long as the parent domain has already been verified. In addition, the ACME Nonce update enables our ACME service to handle more certificate requests than ever before. In total, these updates will better serve our customers and improve user experience.