DNS method certificate completion

kyletenacit · 2017-01-17 16:57:55 UTC

I have just completed update-ACMEcertificate and received a serial number

Used DNS method to submit identifier. Need assistance in order to complete this as new certificate has not taken effect as yet:

ncentral.tenacit.net

PS C:\WINDOWS\system32> Update-ACMECertificate ncentral_cert

Id : ecfbf841-7d79-4f58-8c21-95c9fc298a47
Alias : ncentral_cert
Label :
Memo :
IdentifierRef : 042c6a2c-c9bc-4130-9434-716e95afbf74
KeyPemFile : ecfbf841-7d79-4f58-8c21-95c9fc298a47-key.pem
CsrPemFile : ecfbf841-7d79-4f58-8c21-95c9fc298a47-csr.pem
GenerateDetailsFile : ecfbf841-7d79-4f58-8c21-95c9fc298a47-gen.json
CertificateRequest : ACMESharp.CertificateRequest
CrtPemFile : ecfbf841-7d79-4f58-8c21-95c9fc298a47-crt.pem
CrtDerFile : ecfbf841-7d79-4f58-8c21-95c9fc298a47-crt.der
IssuerSerialNumber : 0A0141420000015385736A0B85ECA708
SerialNumber : 034BCF9E38A685B9D5EA44CA6DE7D91B50D4
Thumbprint : D4CFAC3B2980549102A50A18D278066AE34F9513
Signature : D4CFAC3B2980549102A50A18D278066AE34F9513
SignatureAlgorithm : sha256RSA

schoen · 2017-01-18 20:34:47 UTC

@kyletenacit, I’m not familiar with the Windows side so I don’t know exactly what to suggest that you do, but I want to point out that you might have a conceptual confusion about what will happen. Although we talk about “renewing” a certificate in a way that might make it sound like the certificate authority can extend the validity of an old certificate, at a technical level this is always implemented by issuing a new certificate. The certificate is really a digital document that needs to be installed and presented to users by your web site.

So, when a certificate is “renewed”, you should receive a new certificate which is intended to be used to replace the old one. It doesn’t “take effect” at some point, but instead has to be installed on your server somehow in place of the old one.

The certificate you mention, https://crt.sh/?q=D4CFAC3B2980549102A50A18D278066AE34F9513, already exists and is already valid; there is nothing else that you need to wait for. It just needs to be installed somehow on your server in place of the old one.

system · 2017-02-17 20:45:52 UTC

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.