...

We strongly recommend that you create personal admin users (not shared ones), to be able to see who has done what in the system.

It has been reported was earlier the case that some privileges (management of peer admins, Allow DCV) cannot could not be assigned by one RAO to another. If that affects your organization email tcs@sunet.se to have it fixed manually. Tell us the usernames involved and what privileges you want to add. We'd like that email to come from an admin that already has "Allow creating/editing of peer admin users" instead of the admin who wants more privilegesThis is no longer the case - if you can create/edit peer admin users, you can delegate your privileges too.

Note: the Automatically approve certificate requests privilege seems to be a bit misnamed after recent changes. Without it, the admin does not get the manual Approve button either. Thus, you need to set this privilege for admins that should be able to request and approve certificates.

Locked Account

You can get locked if you fail to login a number of times. You will then get an "Incorrect login details, account is locked, password has expired or your source IP is blocked." message when you try to login, even if you use the correct password. It will be the case even if your password have been changed by another admin who can do that for you. This requires the lock to be reset and that can only be done by an MRAO, so you need to contact tcs@sunet.se.

...

As inspiration for API use, Fredrik Domeij at LADOK has provided bash scripts to request and retrieve certificates. You find them as ladok-sectigo-bash-2024-02-0809.zip.

 ACME support

There is support for ACME and some of the test members have started to try that. We will update this section as we get feedback.

...