This talk will give a feedback on the deployment of an ACME proxy in front of a private Certificate Authority (CA) in a corporate network.

I will expose:
- our analysis of the shortcomings of our current CA setup (slowness, heaviness, not so robust security controls),
- our search to improve our architecture,
- why we look at the Internet CA landscape,
- why we choose ACME.

I will then detailed to the audience:
- the expected benefits of having an ACME service inside your corporate ecosystem like robustness or automation opportunities
- but also the unexpected ones like non anticipated uses cases provided directly by our IT users or massive ACME appropriation by a wide variety of IT professionals in the company that were not regular users of our original CA setup.

And, finally, I will end speaking about new ACME use cases in private networks provided by the IT security industry like the new ACME challenge, device-attest-01, proposed by Google [1] and used by Apple in its Managed Device Attestation [2] solution used to enrolled new corporate private iOS/MacOS/iPadOS devices.

[1] https://www.ietf.org/id/draft-acme-device-attest-01.html
[2] https://support.apple.com/guide/deployment/managed-device-attestation-dep28afbde6a/web