Getting Raw Certificate for Stand-Alone Application


#1

Hi everybody!
As far as I’ve seen on this site, it is only possible to issue certificates for web servers.
I need to create a webserver only using c#/mono (I’m using SSLStream for the encryption), so I need a “raw” (X509) certificate. However, this has to be connected to a given domain.
How can I get such a certificate signed by let’s encrypt?
This c#-server is going to run on a webserver which can be accessed from the internet.

I would be happy if someone could answer me.


#2

Hi @TRoskop,

I don’t think the distinction that you’re mentioning actually exists. All of the certificates issued by Let’s Encrypt at X.509 certificates and all of them are usable for any kind of TLS server application.

Or did you mean something like “only possible to issue certificates using existing web servers listening for incoming connections”?


#3

I think I explained it wrong.

I mean it like this:
When going to https://letsencrypt.org/getting-started/ I only see the option to use this cert-bot etc… But this is not suited for me.
I need a way to just enter my domain then download the raw cert file without a bot or something like this.

Is there any way to do so?


#4

@TRoskop, you need to prove that you control the domain before the certificate can be issued. But if you don’t want to install client software on your computer, there are web-based clients that replicate much of the experience of other CAs’ issuance process, without the payment step. They will tell you to create a specific file on your web site at a specific time to prove that you control the domain.

https://gethttpsforfree.com/

Remember that you will have to get a new certificate every 90 days.


#5

Thank you! This seems to be what I was looking for!
However, it makes more work. For the http-verification I need to implement something in my server application which responses with the verification file. This means more work for me…
However, thank you a lot.


#6

If the file-based authentication won’t work for you, there is a way to verify by using DNS records.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.