The article explores using ACME device attestation with step-ca to issue TLS certificates bound to hardware security modules like TPMs. It introduces the device-attest-01 challenge that verifies device identity through hardware attestation rather than traditional domain validation. The author shares personal projects integrating TPMs with SSH and encryption tools, highlighting practical applications for home infrastructure security.
Background
ACME is the protocol used by Let's Encrypt to automate TLS certificate issuance, while device attestation allows hardware security modules to cryptographically prove device identity and integrity.
- Source
- Lobsters
- Published
- Mar 22, 2026 at 06:36 AM
- Score
- 6.0 / 10