We need sign in of a Certificate for a server which is not https. We can generate the CSR. How do we sign in it
The same way as always.
You do a validation (http-01, tls-alpn-01, or dns-01) and once you have the certificate you install it, telling the acme client how to renew and install it in your whatever (mailserver? ftp?).
If you don't have a webserver on the machine, several acme clients can spin up their own.
What operating system (and version) are you using?
We are using Windows Server 2012
Getting Started - Let's Encrypt (letsencrypt.org)
ACME Client Implementations - Let's Encrypt (letsencrypt.org)
You could try out the app I develop https://certifytheweb.com - it's a full GUI for windows.
Do you specifically need to use your own CSR - which service are you trying to add the certificate to? You can specify a custom CSR in Certify when adding a new managed certificate under Certificate > Advanced > Signing & Security.
Hi webprofusion,
I downloaded the app and followed the instructions provided.
When I load my CSR and after pushing the Request Certificate button, a message box popups and says that 'One or more domains specified are internal hostnames. Certificates for internal hostnames are not supported by Certificate Authority"
The service we have is a Server (non hosted). The server was developed in C++ and uses woldSSL library.
Please help.
Thanks,
Pedro
This means you cannot have a publicly trusted certificate for those hostnames.
You have to use a domain name that is in the global DNS infrastructure.
Yes, as @9peppe says, Let's Encrypt (etc) cannot provide certificates for an internal hostname e.g. srvapp01 or localhost, they can instead provide certificates for fully qualified names that are in your public dns e.g. srvapp01.yourdomain.com
To create internal certificates you can either:
- create a self signed cert using a tools (e.g. New-SelfSignedCertificate (pki) | Microsoft Learn) then when users access it they have to accept the certificate warning.
- create your own internal certificate authority and distribute the root or intermediate certificate to your client machine trust stores. (e.g. smallstep-ca, MS AD CS Install the Certification Authority | Microsoft Learn)
It's usually easiest just to use your public domain dns and get a proper public certificate (your service does not have to be public if you are using DSN validation to validate your domain with Let's Encrypt). You would then direct users etc to use your system using it's fully qualified name
If you care to show us the CSR file, we will show which entries are unable to be validated / "certified".
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.