this will take time since this needs a whole key creation and signing ceremony which probably needs to be audited as well…
Could you tell me how setup ECC in windows 2012R2 IIS?
How I do submit CSR file to letsencrypt ?
Have you tried letsencrypt --help all
?
i am using windows 2012, i have no offical version. where find the help files?
I’m trying to create and sign an ECC cert to no avail. I keep on getting “Error unmarshaling certificate request” (error 400). Here’s what I’m doing (I have substituted out my domain for privacy):
openssl ecparam -genkey -param_enc explicit -name secp384r1 -out mydomain.com.pem
openssl req -new -sha512 -key mydomain.com.pem -subj "/" \
-reqexts SAN -config <(cat /etc/ssl/openssl.cnf \
<(printf "[SAN]\nsubjectAltName=DNS:mydomain.com")) > mydomain.com.csr
letsencrypt certonly --csr mydomain.com.csr --standalone-supported-challenges tls-sni-01 --test-cert
# Error: urn:acme:error:malformed :: The request message was malformed :: Error unmarshaling certificate request
Try ‘-sha256’ in the CSR generation command.
Also, as far as I know, -param_enc explicit
isn’t necessary.
@Osiris I figured it out. This is the revised command set (yes, I got secp384r1 and SHA512 to work!):
openssl ecparam -genkey -name secp384r1 -noout -out mydomain.com-param.pem
openssl ec -in mydomain.com-param.pem -aes256 -out mydomain.com.pem
openssl req -new -sha512 -key mydomain.com.pem -subj "/" -reqexts SAN -config <(cat /etc/ssl/openssl.cnf \
<(printf "[SAN]\nsubjectAltName=DNS:mydomain.com")) > mydomain.com.csr
./letsencrypt-auto certonly --csr mydomain.com.csr --standalone-supported-challenges tls-sni-01
Really? How is it possible to get a SHA-512 signed certificate? Yes, sure a SHA-512 signed CSR, but I think that certificate signatures by LE are still SHA-256 only. Can you check your certificate and report back here?
@Jason I just checked and you’re right. SSL Labs says EC 384 bits / SHA256withRSA
and so does the output of OpenSSL. That’s really annoying. Well, I’ll keep submitting it with SHA-512 when I renew until they start using it (it appeared to have worked).
Just found acme.sh
which can automate the whole spiel for me:
acme.sh --issue -w /home/wwwroot/mydomain.com -d mydomain.com --keylength ec-384
Well.. Why?
SHA-256 is considered to be secure and SHA-512 is AFAIK not really more secure. (at least no one has proven it...) SHA-2 generally is secure.
The hash in a CSR is just for validating said CSR… Your CSR generation software just hashes (some parts of) the CSR and signs it with your own private key, which can be validated with the public key in the same CSR: ergo, validating “itself”. It has nothing to do with the final issued certificate what so ever as far as I know Boulder just checks your CSR for validity with it and consequentely takes some of the info from it… CN… SAN… Other extensions… But it doesn’t use the used hash algo. The cert algo is hardcoded into Boulder at this moment:
https://github.com/letsencrypt/boulder/blob/master/ca/certificate-authority.go#L176
Well I’m really satisfied. I dumped my stupid self-signed CA and have a 100/100/100/90 A+ on SSLabs. All for free!
I honestly don’t mind if its SHA256 or SHA512. This server is low traffic, isn’t used publicly, and is really overpowered for what it does, so performance won’t be an issue. The only thing that I want now is for an OpenSSL release on Debian that includes CHACHA20 and POLY1305 (I don’t want to mess with any patches).
or u can compile nginx 1.9.15 + libreSSL 2.3.3