Add documentation about profiles

shred · Jan 18, 2025 · 786a2d2 · 786a2d2
1 parent 36363ad
commit 786a2d2
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -16,6 +16,7 @@ This Java client helps connecting to an ACME server, and performing all necessar
 * Supports [RFC 8823](https://tools.ietf.org/html/rfc8823) for S/MIME certificates (experimental)
 * Supports [RFC 9444](https://tools.ietf.org/html/rfc9444) for subdomain validation
 * Supports [draft-ietf-acme-ari-06](https://www.ietf.org/archive/id/draft-ietf-acme-ari-06.html) for renewal information (experimental)
+* Supports [draft-aaron-acme-profiles-00](https://www.ietf.org/archive/id/draft-aaron-acme-profiles-00.html) for certificate profiles (experimental)
 * Easy to use Java API
 * Requires JRE 11 or higher
 * Supports [Buypass](https://buypass.com/), [Google Trust Services](https://pki.goog/), [Let's Encrypt](https://letsencrypt.org/), [SSL.com](https://www.ssl.com/), [ZeroSSL](https://zerossl.com/), and all other CAs that comply with the ACME protocol (RFC 8555). Note that _acme4j_ is an independent project that is not supported or endorsed by any of the CAs.

diff --git a/src/doc/docs/index.md b/src/doc/docs/index.md
@@ -20,6 +20,7 @@ Latest version: ![maven central](https://shredzone.org/maven-central/org.shredzo
 * Supports [RFC 8823](https://tools.ietf.org/html/rfc8823) for S/MIME certificates (experimental)
 * Supports [RFC 9444](https://tools.ietf.org/html/rfc9444) for subdomain validation
 * Supports [draft-ietf-acme-ari-06](https://www.ietf.org/archive/id/draft-ietf-acme-ari-06.html) for renewal information (experimental)
+* Supports [draft-aaron-acme-profiles-00](https://www.ietf.org/archive/id/draft-aaron-acme-profiles-00.html) for certificate profiles (experimental)
 * Easy to use Java API
 * Requires JRE 11 or higher
 * Supports [Buypass](https://buypass.com/), [Google Trust Services](https://pki.goog/), [Let's Encrypt](https://letsencrypt.org/), [SSL.com](https://www.ssl.com/), [ZeroSSL](https://zerossl.com/), and all other CAs that comply with the ACME protocol (RFC 8555). Note that _acme4j_ is an independent project that is not supported or endorsed by any of the CAs.

diff --git a/src/doc/docs/usage/order.md b/src/doc/docs/usage/order.md
@@ -240,3 +240,20 @@ The CA can then choose to issue challenges for any of `foo.bar.example.org`, `ba
 `Authorization.isSubdomainAuthAllowed()` will return `true` if that `Authorization` is used to issue subdomain certificates.
 
 To check if your CA supports RFC 9444, read `Metadata.isSubdomainAuthAllowed()`.
+
+## Profiles
+
+If your CA supports [draft-aaron-acme-profiles](https://www.ietf.org/archive/id/draft-aaron-acme-profiles-00.html), you can select a profile when ordering a certificate:
+
+```java
+Order order = account.newOrder()
+        .profile("tlsserver")
+        .create();
+```
+
+You can use `Metadata` to check if profiles are supported, and which ones:
+
+* `Metadata.isProfileAllowed()`: `true` if profiles are supported
+* `Metadata.isProfileAllowed(String)`: `true` if the given profile is supported
+* `Metadata.getProfiles()`: returns a `Set` of all profile names
+* `Metadata.getProfileDescription(String)`: returns a human-readable profile description