Issues finalising certificates

I’m trying to write a client for a custom integration with some specific software and I’ve gotten most of the way through the issuance workflow but the finalisation step is stumping me. I’m currently trying to mock it out using an openssl generated CSR but I can’t get LetsEncrypt to accept the CSR. I’ve tried DER and PEM formats for the CSR and neither seem to work. I’m testing against LE staging currently.

The commandline I’m using to generate the CSR:

openssl req -config atequiem.com.cnf -newkey rsa:2048 -keyout atequiem.com.key -nodes -outform DER -out atequiem.com.csr

With that configuration file being as follows:

[ req ]
default_bits		= 2048
distinguished_name	= req_distinguished_name
attributes		= req_attributes

prompt			= no
req_extensions		= v3_req

[ req_distinguished_name ]
countryName=            AU
stateOrProvinceName=    Equiem Services Pty Ltd
localityName=           Melbourne
organizationName=       Equiem Services Pty Ltd
organizationalUnitName= Product
commonName=             atequiem.com
#emailAddress=

[ req_attributes ]

[ v3_req ]

# What the key can/cannot be used for:
basicConstraints = CA:FALSE
#keyUsage = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth

subjectAltName = @alt_names

# List of all the other DNS names that the certificate should work for.
[ alt_names ]
DNS.1 = atequiem.com
DNS.2 = www.atequiem.com

The error I get with the DER form is:

{
  type: "urn:ietf:params:acme:error:malformed", 
  detail: "Error parsing certificate request: asn1: structure error: length too large", 
  status: 400
}

Could you post an example CSR, in any format?

Here’s the PEM format since DER is binary:

-----BEGIN CERTIFICATE REQUEST-----
MIIDMDCCAhgCAQAwgY4xCzAJBgNVBAYTAkFVMSAwHgYDVQQIDBdFcXVpZW0gU2Vy
dmljZXMgUHR5IEx0ZDESMBAGA1UEBwwJTWVsYm91cm5lMSAwHgYDVQQKDBdFcXVp
ZW0gU2VydmljZXMgUHR5IEx0ZDEQMA4GA1UECwwHUHJvZHVjdDEVMBMGA1UEAwwM
YXRlcXVpZW0uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtSUp
NjZtmiC+r2me25fawKFD4QGWAIwIx5mCKvK69JT2y3j62KTjMAUt6EG6rI8o6HSS
NwxASBk1GhrvAuSayYRRYxfsQ3Wk08BUWwYm7veAoQ5DbffbdLF31LasbLStd/bO
BlKwhodx8fwlPYLlN8iheXgh0RfSbTu422gUUCCCYqCHJduB0w4Gt/zBLqa1c6kf
u9TPQZMtqW9WTq8Dcw/hyAGCqQHwISDYqCprQrxcr6sMHZ+PJN9SEXizVqSgQ4hT
HVYDopF/vF5ZP6YcUEqOMBDMikRL+LFHxxPYpahMQkK32KmOUE1yp4nRVW/D1huj
u9aiAIyX3KVo7BIl3QIDAQABoFwwWgYJKoZIhvcNAQkOMU0wSzAJBgNVHRMEAjAA
MBMGA1UdJQQMMAoGCCsGAQUFBwMBMCkGA1UdEQQiMCCCDGF0ZXF1aWVtLmNvbYIQ
d3d3LmF0ZXF1aWVtLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAPM4rTpn1Au5394Ff
L4GCXJ0GJc/XZ3u5vPhtd1Mt0H+l+8b+fcGpUlbO4kY9CzNQbnsD+2MXIU8Nh4w/
W5nemZdBVZgXVrbiwI4HH0hWotPRp/fe/BNOooqKZYDjUiebswcW1BdSPq3Ghpod
M7sziSB1Qgk+KnaD4BYVy0BQe6sreUJBvi2v7972xBbb1iz0Q6/8PJW/QRv3TO1d
D0cguFpGHaZnktpJEv7wWp8DbzffRZCK8UIHmhwaTtrkGnVPHpxALegisXUcm75i
TVtfvdRDCuqPXY3U+lxOclkLP4vfsxaWeBS8Ryexy+HCpzQoM7cniEmaOHzFIjU9
pE4evA==
-----END CERTIFICATE REQUEST-----

The error I get submitting PEM format is:

Error parsing certificate request: asn1: structure error: tags don't match (16 vs {class:0 tag:13 length:45 isCompound:true}) {optional:false explicit:false application:false private:false defaultValue:\\u003cnil\\u003e tag:\\u003cnil\\u003e stringType:0 timeType:0 set:false omitEmpty:false} certificateRequest @2

The CSR is perfectly fine. Here’s approximately the same code that Let’s Encrypt uses, which shows that it works: https://play.golang.org/p/S0AOGqu5i2C

You are most likely messing up the encoding or something when sending your {"csr": "...."} JWS payload.

Keep in mind you have to encode using base64url, not regular base64.

Edit: If you like, post your raw JWS and we can try see what’s wrong with it.

The general JWS wrapper should be fine since it’s working for every other request leading up to this, and the specific payload here is { csr: base64url(csr) } in my code, where the csr variable is the PEM file read off the filesystem (with a trailing newline and the header and footer if that’s an issue). similarly the base64url function is provided by a library and has worked perfectly fine for other uses in other requests.

Here’s an example JWS with the PEM file:

{"protected":"eyJhbGciOiJSUzI1NiIsImtpZCI6Imh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNTAxNDkyNiIsIm5vbmNlIjoiMDAwMWNqaG45Q2puTFI3QU43RDRMM3F2ZkRIVThBZEhtOU5TSmg4TC12YVpLUWsiLCJ1cmwiOiJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2ZpbmFsaXplLzE1MDE0OTI2LzEyNjYxMTM3OSJ9","payload":"eyJjc3IiOiJMUzB0TFMxQ1JVZEpUaUJEUlZKVVNVWkpRMEZVUlNCU1JWRlZSVk5VTFMwdExTMEtUVWxKUkUxRVEwTkJhR2REUVZGQmQyZFpOSGhEZWtGS1FtZE9Wa0pCV1ZSQmEwWldUVk5CZDBobldVUldVVkZKUkVKa1JtTllWbkJhVnpCblZUSldlUXBrYld4cVdsaE5aMVZJVWpWSlJYZ3dXa1JGVTAxQ1FVZEJNVlZGUW5kM1NsUlhWbk5aYlRreFkyMDFiRTFUUVhkSVoxbEVWbEZSUzBSQ1pFWmpXRlp3Q2xwWE1HZFZNbFo1Wkcxc2FscFlUV2RWU0ZJMVNVVjRNRnBFUlZGTlFUUkhRVEZWUlVOM2QwaFZTRXAyV2toV2FtUkVSVlpOUWsxSFFURlZSVUYzZDAwS1dWaFNiR05ZVm5CYVZ6QjFXVEk1ZEUxSlNVSkpha0ZPUW1kcmNXaHJhVWM1ZHpCQ1FWRkZSa0ZCVDBOQlVUaEJUVWxKUWtOblMwTkJVVVZCTW5CNmFRcDZUazVhZERkdFQwUlFMekZXWlUwMlJVMHpiRTFVUlZaRFQzRkVOSFp2ZVhkNmEzRndjRTlqYURaR2VHaHlOR2M1VERCUlZFUnRTazh2ZVRscmRYQm9Da2REWkUxaVpEUk5lRmcwVVRkNU5VOHJTemQwWmxKclVXNVJTMUJpT0U5bFdUbG1ibVUyT1dkT0szVTRhazUwZVcwclRFMXlTQzl3UnpsMVZubGlRbmtLVVV4M1NsSlNWbWhZT0RKV09XWnVXa1JXWTBsalFuQkpLMmswWmpOWVZGbzJLMEU0VVhGSlRUSkZNa2NyU1U0M1EwaFdVMFUxVmtSRE5UZFJiRlZ4VndwMWF5c3JVVVZoUW1zMGJIbEhNazlITjJ0ck4zZGhWRTUyUTNreWFWRnVXVE53TmpCd2NuaFROamhYVml0dldESmtPR2hHUjI0M2FrZFlRa1JLWmxsYUNsbzNiRzEzU1ZwVk9UUmpjR1JEWmtNMFMydFJlUzlOVTB3cmRTdFpibmxHVkVScE15dGFZVWhMT0hsR00yVjZTMEozVVhOdmQydDNSWFJKU0VSTlRYVUtORzVWTXpWM1RXWnNXSHByZDFNemNqSlJTVVJCVVVGQ2IwWjNkMWRuV1VwTGIxcEphSFpqVGtGUmEwOU5WVEIzVTNwQlNrSm5UbFpJVWsxRlFXcEJRUXBOUWsxSFFURlZaRXBSVVUxTlFXOUhRME56UjBGUlZVWkNkMDFDVFVOclIwRXhWV1JGVVZGcFRVTkRRMFJIUmpCYVdFWXhZVmRXZEV4dFRuWmlXVWxSQ21RelpETk1iVVl3V2xoR01XRlhWblJNYlU1MllsUkJUa0puYTNGb2EybEhPWGN3UWtGUmMwWkJRVTlEUVZGRlFYaDVVbU4xU21oM01VbE9Wa3BsYW5ZS1NXRmFLMDFJWTBwV1ZHWkpjR0ZvVnlzd1owWTRiRmhGTjI5MmJrUjBiRkZQT0VOd1dtMHpNbXRLVERkTVR6ZE1kMWc1Y3pWMWQyTTNRMDlrZVZCbWJBb3pkSEIwZUZwcE5EWTRlSE5hVmt4dFRYQnNVelJ1Y0hGVU1FSjZkRVZETjJ0RGRXbE1aamhIYmxWWFZqUTROR2hyUnpNdlZTOXpRM0JMUzFsR1pUUk9DbVI0V0VWRldUZEdVbk52YlVGNGVuSlNaM3AxUjBzMlpUWlpObk5XYWtwclQwWlpWVmxMT1dFMmJWTTVTVGRLTVRneVduRlBTR1pEWjB0TFJEQTNZVWdLVWs1eGRYUkJjVTlJTUROWldEWXdjalZHYkRaeFEwWnpRWFpoT1hkVFMyOUlSbWhIT0Rrd2RsWlRaMGhrUlRNMlVtMUdja2g2VldZMlUyTnJVMVZsYkFwbGQxb3JaMkZITXpoWVpsYzVOblZXTmpWdVFtODVhMnBxY0VNd1MwaEpNakJpVkhWTWJpOXZSbmxvWTFod1pFd3ZaR1ZhZG00MVUwZDJURlp4U2xaaUNuTlFiV2wzVVQwOUNpMHRMUzB0UlU1RUlFTkZVbFJKUmtsRFFWUkZJRkpGVVZWRlUxUXRMUzB0TFFvIn0","signature":"GcCRRx4Sybsguq7Q4OfW62TgflHKdBHG8pmi0AyGwQpWVTSqYKrc6JiV_vN3aiVdO9KPOlUNOr9PvF1iP6wgD53jf4-ipVUn6V70C_y-N4zbrqzjkxq5Hq6KLvtYx1PgxUDqLZQJL1W6FkbIhZ1H8xhdbXwVbkCsOvgMtVCfQ1gIie43-FH4utbOwqvqaXe0tdDAts37GQkm0yMl3VoeZ3KNXznzbH39dhvpIsYbQqnxZUuKW7S_RIzWWjF12_UfG_bSRZAd1RPGY3z58sDMGBN1yh8VkH7xEAV6aH6OmsOmJ6OCI287kOemDd521_edSWHRq7fplBy3JadIcoHJhUksb2LkuPQD6gBcE9EeXR-IpfF6KYhkHkBZu8O02f_caCx-ZBTwPwQcKVWnhl1g4G1M0JrkQXvWFtFOgiirBGH-HjeIjKQCrokGE191pZnPhOiD31YI9a0HwdVgLzCdP6Y5Tj2xfx4BjPsZz1bKsvKBpq3BfK59816C1gnBuOOhKfVrItROOy6kfnRzCxb6eJ6ECHyz9qZof2lK33u2LVj5Bt5NIcX8AIErtyZTZwq-uIyYv2M2CNlPjM-qyER5Zc9mftR7k2t1NytQQgro5mWjMaxXrnHlTsH-4dcA7kvFJR-ckhaE27Ekj4r9GNukGnp34pqmVVDOP2NYKWpI750"}

And an example JWS using DER:

{"protected":"eyJhbGciOiJSUzI1NiIsImtpZCI6Imh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNTAxNDkyNiIsIm5vbmNlIjoiMDAwMWZsODhFbXZYWm52NTRFaFJVYjdLMmJVVWxrT3laS180Qk1DaGtLZnJMbXciLCJ1cmwiOiJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2ZpbmFsaXplLzE1MDE0OTI2LzEyNjYxMTM3OSJ9","payload":"eyJjc3IiOiJNTy1fdlFNd01PLV92UUlZQWdFQU1PLV92ZS1fdlRFTE1Ba0dBMVVFQmhNQ1FWVXhJREFlQmdOVkJBZ01GMFZ4ZFdsbGJTQlRaWEoyYVdObGN5QlFkSGtnVEhSa01SSXdFQVlEVlFRSERBbE5aV3hpYjNWeWJtVXhJREFlQmdOVkJBb01GMFZ4ZFdsbGJTQlRaWEoyYVdObGN5QlFkSGtnVEhSa01SQXdEZ1lEVlFRTERBZFFjbTlrZFdOME1SVXdFd1lEVlFRRERBeGhkR1Z4ZFdsbGJTNWpiMjB3NzctOUFTSXdEUVlKS3UtX3ZVanZ2NzN2djcwTkFRRUJCUUFENzctOUFROEFNTy1fdlFFS0F1LV92UUVCQU8tX3ZlLV92ZS1fdldkeU9PLV92V2tUNzctOU9BWUQ3Ny05Q0IxeWVEODI3Ny05V3UtX3ZlLV92Vmp2djcxSTVvbWI3Ny05NzctOUNrX3Z2NzBONzctOTc3LTlaM2hqM3F0a1F5RHZ2NzN2djczdnY3MWU3Ny05THUtX3ZXbnZ2NzE2V3hzWjc3LTlFdS1fdmUtX3ZWUG10YlpzNzctOU9TN3Z2NzBQNzctOU1DYnZ2NzBsNzctOVN1LV92U0lKSHdveGVsNUpIVXp2djczdnY3MEw3Ny05NzctOWEtLV92UUxYdlVRMTc3LTljUXh2NzctOWJUVVZhLS1fdmUtX3ZTSXNiTy1fdlIzdnY3M3Z2NzN2djczdnY3M3Z2NzN2djcwMzc3LTk3Ny05TmdGT0t3WWE3Ny05Q3UtX3ZlLV92Vnd5QVdGV2FBSW83Ny05Yi0tX3ZWSHZ2NzB1ZGlMdnY3MU03Ny05NzctOUktLV92ZS1fdlZndDc3LTlYTy1fdlJYdnY3MVE3Ny05NzctOTc3LTlYRXBzNzctOTc3LTlOTy1fdmUtX3ZWRHZ2NzFvNUl1YWJBdG03Ny05NzctOUVlLV92V2NPNzctOWMtLV92ZS1fdmUtX3ZVRHZ2NzN2djcxeDc3LTllUjFlNzctOU5jUzJNdS1fdlhZbkZlLV92VTV2M1lsREx1LV92ZS1fdmUtX3ZRNWE3Ny05RS0tX3ZkbTQ3Ny05NzctOVdPLV92V2dMNzctOTc3LTk3Ny05Tng5dEt1LV92ZS1fdlJWeWEtLV92U2tDQXdFQUFlLV92Vnd3V2dZSkt1LV92VWp2djczdnY3ME5BUWtPTVUwd1N6QUpCZ05WSFJNRUFqQUFNQk1HQTFVZEpRUU1NQW9HQ0NzR0FRVUZCd01CTUNrR0ExVWRFUVFpTUNEdnY3ME1ZWFJsY1hWcFpXMHVZMjl0NzctOUVIZDNkeTVoZEdWeGRXbGxiUzVqYjIwd0RRWUpLdS1fdlVqdnY3M3Z2NzBOQVFFTEJRQUQ3Ny05QVFFQVluSHZ2NzBKUHUtX3ZlLV92ZS1fdlNScjc3LTlXd2xSZS0tX3ZlLV92ZS1fdlVNT014OXNjMEV1NzctOTc3LTlMZzN2djcwVU5ra2E3Ny05T3o1MkpSZnZ2NzN2djcwMzc3LTk0YW14NzctOTc3LTk3Ny05ZXUtX3ZlLV92VzRkNzctOTc3LTk3Ny05YS0tX3ZScnZ2NzBzNzctOTc3LTlKeEZOUy0tX3ZRZGdJZS1fdlJCclE4U3pKVGdhNzctOTNMenZ2NzBnUTgtNTc3LTk3Ny05UDBIbnVLZnZ2NzN2djczdnY3M3Z2NzN2djcwMlMtLV92ZS1fdlhBNDc3LTk3Ny05YU8tX3ZTZGs3Ny05NzctOTc3LTkzS3BNUFJnc1llLV92VkR2djcxZVJPLV92VzN2djcxQjc3LTk3Ny05NzctOU56ZF83Ny05MjRQdnY3M3Z2NzN2djczdnY3MHU3Ny05VWUtX3ZlLV92ZS1fdmUtX3ZSVHZ2NzFqV0hVdTc3LTk3Ny05NzctOVpSM3Z2NzFUNzctOTc3LTk3Ny05NzctOUgtLV92U3d4Tk8tX3ZXWHZ2NzFNQ2R1TWFENWY3Ny05eTYzdnY3MUdZd0kyNzctOUwyaEdHM2d5Ri0tX3ZRVHZ2NzFRNzctOUd3UkE3Ny05WWUtX3ZUVXpUdS1fdlFQdnY3M3Z2NzN2djcxZTc3LTlJTy1fdmUtX3ZlLV92ZS1fdmUtX3ZlLV92ZS1fdmUtX3ZSaHlYZzVwZi0tX3ZWWVdDbngxZGUtX3ZlLV92UVh2djcwNWNlLV92U0R2djcwIn0","signature":"lSFiIxMXf8VDyFQXLDYGJhEKFgxqUY1dTtrvweZMAWMi4pDYFDF7H9wLT_QMmlwf6xXS6miwZBg5w0CCyvAGlnYpbxpM4CwAEPdoNFk-s1ccmVyyxViuw6US28LiHV5yAk_Hg3p1feKMVROtOtjac6kujDASxEjyU9ozt43veV818F9MVW3KJJ8yMgOHKYvFWbJVf7gQxTeZDoOeKawv-66GeB4uFXRHU9gbFwRXigo9iDnJ09t17LXFEjwBkBmflIvBIDu1wWJnPQOBalBf6jC6oaFSS1WyqsCyAIgnDgdjJCFVAtJ495kk7S6fomB-R_aFapGRafugrj2dUrZxGxy-GWsAVyOGLwAjQYmuBVsJUk7lKZKzw91Jg_3cUzCcBNAdrADBZ5I4ElgkfC2-4fACongvTffc7Nhu9gZNTPq-6HoSwvfygZnLkrPk4tPyK0Wtks1FQIgynywDIkZMXTbSBDdmOJomzdxhi5yFlucg3817OmxBRYHCh7VoEkMD2zjd1Tcq1OPjYjY395hgZQMixz57OoofnatWXNXuFqhY9glwaH8A86mHUGpJbUis1HqodeHEiikza5OuIhL0dUBPBktL47vmDj8TXpjo-zqqxfYxI562G9C0j4rKuS4DShZMBWDFJAPffAcZS_aI2W4oVDBwuEbsTzLjCKcu7Yk"}

That payload comes out to:

{"csr":"MO-_vQMwMO-_vQIYAgEAMO-_ve-_vTELMAkGA1UEBhMCQVUxIDAeBgNVBAgMF0VxdWllbSBTZXJ2aWNlcyBQdHkgTHRkMRIwEAYDVQQHDAlNZWxib3VybmUxIDAeBgNVBAoMF0VxdWllbSBTZXJ2aWNlcyBQdHkgTHRkMRAwDgYDVQQLDAdQcm9kdWN0MRUwEwYDVQQDDAxhdGVxdWllbS5jb20w77-9ASIwDQYJKu-_vUjvv73vv70NAQEBBQAD77-9AQ8AMO-_vQEKAu-_vQEBAO-_ve-_ve-_vWdyOO-_vWkT77-9OAYD77-9CB1yeD8277-9Wu-_ve-_vVjvv71I5omb77-977-9Ck_vv70N77-977-9Z3hj3qtkQyDvv73vv73vv71e77-9Lu-_vWnvv716WxsZ77-9Eu-_ve-_vVPmtbZs77-9OS7vv70P77-9MCbvv70l77-9Su-_vSIJHwoxel5JHUzvv73vv70L77-977-9a--_vQLXvUQ177-9cQxv77-9bTUVa--_ve-_vSIsbO-_vR3vv73vv73vv73vv73vv73vv70377-977-9NgFOKwYa77-9Cu-_ve-_vVwyAWFWaAIo77-9b--_vVHvv70udiLvv71M77-977-9I--_ve-_vVgt77-9XO-_vRXvv71Q77-977-977-9XEps77-977-9NO-_ve-_vVDvv71o5IuabAtm77-977-9Ee-_vWcO77-9c--_ve-_ve-_vUDvv73vv71x77-9eR1e77-9NcS2Mu-_vXYnFe-_vU5v3YlDLu-_ve-_ve-_vQ5a77-9E--_vdm477-977-9WO-_vWgL77-977-977-9Nx9tKu-_ve-_vRVya--_vSkCAwEAAe-_vVwwWgYJKu-_vUjvv73vv70NAQkOMU0wSzAJBgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMCkGA1UdEQQiMCDvv70MYXRlcXVpZW0uY29t77-9EHd3dy5hdGVxdWllbS5jb20wDQYJKu-_vUjvv73vv70NAQELBQAD77-9AQEAYnHvv70JPu-_ve-_ve-_vSRr77-9WwlRe--_ve-_ve-_vUMOMx9sc0Eu77-977-9Lg3vv70UNkka77-9Oz52JRfvv73vv70377-94amx77-977-977-9eu-_ve-_vW4d77-977-977-9a--_vRrvv70s77-977-9JxFNS--_vQdgIe-_vRBrQ8SzJTga77-93Lzvv70gQ8-577-977-9P0HnuKfvv73vv73vv73vv73vv702S--_ve-_vXA477-977-9aO-_vSdk77-977-977-93KpMPRgsYe-_vVDvv71eRO-_vW3vv71B77-977-977-9Nzd_77-924Pvv73vv73vv73vv70u77-9Ue-_ve-_ve-_ve-_vRTvv71jWHUu77-977-977-9ZR3vv71T77-977-977-977-9H--_vSwxNO-_vWXvv71MCduMaD5f77-9y63vv71GYwI277-9L2hGG3gyF--_vQTvv71Q77-9GwRA77-9Ye-_vTUzTu-_vQPvv73vv73vv71e77-9IO-_ve-_ve-_ve-_ve-_ve-_ve-_ve-_vRhyXg5pf--_vVYWCnx1de-_ve-_vQXvv705ce-_vSDvv70"}

Decoding that inner csr string with base64url comes out to … something strange. It’s binary, but it’s not valid ASN.1.

The program using that string reproduces the same error that Let’s Encrypt does: https://play.golang.org/p/R4DdxoEgXGd

Don’t think it’s a problem with Go, as nobody else wants to parse it either:

$ dumpasn1 -t -l foo.der

Error: Invalid data encountered at position 2: 30 EF.

$ openssl req -in foo.der -inform der -noout -text
unable to load X509 request
140376692335936:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:../crypto/asn1/asn1_lib.c:101:
1 Like

Oops, my bad, I was reading the CSR file as UTF-8 instead of binary which was somehow miraculously not failing. This has fixed the DER submission now. Not sure about PEM, but since the ACME spec calls for DER anyway I guess that solves that.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.