Hi,
Our software has problems with the E5/E6 subordinate certificates (due to ECDSA P-384). Therefore, we need our certificate with the R10/R11 certificate chain until we have solved the problem.
How can we request a certificate with R10/R11 certificate chain? We use the certes nuget package.
I have tried it with different values for preferredChain (R10, ISRG Root X1). Unfortunately without success.
If you use rsa key it'd select rsa intermediate: but I don't think you can select intermediate manually
Yes, ECDSA-keyed leaf certificates are now signed by ECDSA intermediates. If your system can't support ECDSA intermediates (which almost everything can), then the way to get an RSA intermediate is for your leaf certificate to use an RSA key. I'm not familiar with certes, but you should be able to pick what kind of key you're giving it to pass along to Let's Encrypt to sign.
This is exactly the information I was missing. Thank you very much for the great support. You guys are awesome!
To explain myself: It is an extremely lightweight application in which only the most important key exchanges have been implemented. Unfortunately, we rated ECDSA P-384 incorrectly.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.