What were you trying to do that didn't work?

ACME server specification requires to support ES256 signature alghoritm for JWK validation while currently only RS256 is supported.

What is the impact of this issue to you?

Some client, like caddy server, cannot get certificates from ACME.

Please provide the package NVR for which the bug is seen:

idm-pki-acme-11.6.0-3.el9.noarch.rpm

How reproducible is this bug?:

Always

Steps to reproduce

1. Configure a CA and connect ACME subsystem. Can be done as part of IPA setup or without IPA.
2. Installa caddy and configure the acme endpoint
3. Start caddy from the configuration directory (# caddy start)
   Es. of caddy configuration:

{
        debug

        #Tell Caddy to use FreeIPA as an ACME server
        acme_ca https://pki.example.com:8443/acme/directory
        acme_ca_root /etc/caddy/ca_signing.crt
        key_type rsa2048
}

client.example.com {
    # Set this path to your site's directory.
    root * /usr/share/caddy

    # Enable the static file server.
    file_server
}
import Caddyfile.d/*.caddyfile

Expected results

Caddy should start and respond to https request using curl.

Actual results

Caddy cannot reply to https and in the debug output there are registration errors with ACME server.