Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to use Custom CSR #191

Closed
codeendevor opened this issue Dec 1, 2016 · 11 comments
Closed

How to use Custom CSR #191

codeendevor opened this issue Dec 1, 2016 · 11 comments

Comments

@codeendevor
Copy link

codeendevor commented Dec 1, 2016
edited

How would one use a custom CSR to supply Organization information for the certificate. Is this an option with ACMESharp on a windows server? Or maybe can we sent the Organization information while creating the cert in Powershell
@ebekker
Copy link
Owner

ebekker commented Dec 1, 2016

If you generated a private key and CSR file outside of ACMESharp you would import them (each in PEM format) as follows:

New-ACMECertificate -IdentifierRef my-dns-identifier  -KeyPemFile your-private-key.pem -CsrPemFile your-csr.pem -Alias my-shiny-new-cert

Where my-dns-identifier is an alias or other reference to an existing DNS name that you have validated (i.e. using New-ACMEIdentifier and Submit-ACMEChallenge) and my-shiny-new-cert is a new alias for the certificate you're creating.

@ebekker
Copy link
Owner

ebekker commented Dec 1, 2016
edited

Question added to the FAQ.

@codeendevor
Copy link
Author

That looks great, Is there a way of adding Organization information to ACMESharp to avoid creating outside of ACMESharp. I think i would like that better. also really want to say this is an awesome application. Great Job.

@ebekker
Copy link
Owner

ebekker commented Dec 1, 2016
edited

You can pass in a hashtable to the -CsrDetails parameter that defines any of the details of a CSR. The list of known CSR elements not very well documented, but it can be found in this class.

So for example, in PowerShell, you can define a hashtable and assign it to a variable and pass it in as a parameter, or you can even define it inline:

New-ACMECertificate ... -CsrDetails @{ Organization = "My Company, Inc."; OrganizationUnit = "My Dept" }

@codeendevor
Copy link
Author

Awsome, Thank you so much for your help.

@ebekker
Copy link
Owner

ebekker commented Dec 2, 2016

Np, if everything is working for you, please update/close the ticket.

@Amamatthew
Copy link

another private question

Where/which folder, should I put my-private-key.pem, and my-csr.pem in?
In another word, how can I submit the file with the path info?

@ebekker
Copy link
Owner

ebekker commented Dec 7, 2016

You can use full paths when you specify the PEM files. You can place them wherever you like as long as ACMESharp can read the files under the current context.

@Amamatthew
Copy link

Amamatthew commented Dec 9, 2016
edited

In most of the online CSR Generate tools and IIS7.0+ Certification generate tools generate the csr file or key file with .txt suffix. Should we rename the key file and csr file's suffix name to .pem?

I submit a New-ACMECertificate content as below:
New-ACMECertificate -IdentifierRef dns_1 -KeyPemFile "‪C:\cert\test.ug.co_key.pem" -CsrPemFile "C:\cert\test.ug.co_csr.pem" -Alias test-ugod-co

After I press the Enter key the PowerShell echo a error tips as below:

`New-ACMECertificate : Missing specified RSA Key file path
At line:1 char:1

  • New-ACMECertificate -IdentifierRef dns_1 -KeyPemFile "‪C:\cert\test. ...
  •   + CategoryInfo          : NotSpecified: (:) [New-ACMECertificate], FileNot
 FoundException
  + FullyQualifiedErrorId : System.IO.FileNotFoundException,ACMESharp.POSH.N
 ewCertificate`

Why?

the file path is true and correct

‪C:\cert\test.ug.co_key.pem
C:\cert\test.ug.co_csr.pem

The full paths surrounded by double quotation marks.
If you delete the double quotation marks, question remains.

@Amamatthew
Copy link

Amamatthew commented Dec 10, 2016
edited by ebekker

New-ACMECertificate ... -CsrDetails @{ Organization = "My Company, Inc."; OrganizationUnit = "My Dept" }
In the online New-ACMEIdentifier with -CsrDetails there‘s a obj param with key value pairs.

I want to confirm if the key's name in the obj param is precise definited or not?
If there're precise definited what is the precise key names? Can you show us.
Thank u.

@fpeterson194
Copy link

fpeterson194 commented Feb 13, 2017
edited by ebekker

I´m currently using the parameter -CsrDetails in order to put more information on the certificate.
By taking a look here: https://github.com/ebekker/ACMESharp/blob/master/ACMESharp/ACMESharp/PKI/CsrDetails.cs
you have the parameter "AlternativeNames". I have the following questions:

  1. If I want to register domain NAME1 that has 10 SAN, I assume I cannot do the following:
    New-ACMECertificate -Dns $NAME1-Alias $NAME1 -CsrDetails @{ AlternativeNames = "$SAN1, $SAN2....$SAN10"}. I assume that every SAN must pass for the challenge to validate you own this domain/SAN. So I should register the principal CN and each SAN individually. Am I right?
  2. If the above is true, then I read in the rate-limits that we have 100 SAN per domain but 5 attempts to register the same domain per week. I see the limits here:
    https://github.com/ebekker/ACMESharp/wiki/Let's-Encrypt-Reference-Sheet
    My goal is to register a domain with at least 10 SAN, how can I do this?

Awesome work ebekker!! Keep going with it!

@fpeterson194 fpeterson194 mentioned this issue Feb 13, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ebekker @Amamatthew @codeendevor @fpeterson194