Multiple authorizations in the ACME server message


I was reading RFC 8555 and came across a question. In the message that is sent in response to the newOrder request by the ACME server, two links can be specified in the "authorization" field. As in the example from the RFC in the screenshot. Please tell me which of the links should be used in this case? Or do I need to use both for all identifires whose ownership needs to be confirmed?

I'm sorry for my English, it's not my native language.


in this case it's one auth per each identifier in order, you will need to clear all authz in that list to finalize and get the certificate


Specifically, in this example, one of those two authorizations would be for the identifier, and the other authorization would be fore the identifier.


Wouldn't it make more sense to have the autz URI mentioned next to the type and value items of the identifiers?

Although that question doesn't matter very much now :stuck_out_tongue:


Thank you all for the answers! You helped me understand


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.