I have generated CSR file and would like to request CA certificate for my app client to be able to communicate with https:// myfreedomaintest.website which is also my domain hosted server at linode.
I am beginner handling TLS certificate. How do I obtain this CA certificate for my client app side?
I am new and beginner, therefore need your attention and advise please.
Awaiting your reply.
Edit: actually, it seems like your website already has an SSL certificate. What are you trying to do?
If you want an actual CA certificate (that can issue other certificates), Let's Encrypt won't give you one. That's not part of their mission. You will need to create your own CA if you want to do that.
Ya my website/server https:// myfreedomaintest.website already has ssl certificate but im curiuos what's all about this CA certificate I must get in order for it to be installed in my client development app.
Again, my client dev app need to specify local path to this CA certificate so that it can talk with my server via REST APIs.
I already have CSR file which I believe need to be submitted to the CA provider to obtain this CA certificate. Am I in a correct path what should be my next step actually? Curious. Pls support me because i'm really new in this field. It's really confusing and I need guide.
Ya you are right. There are built-in cert store available which dedicated only for advanced client microcomputer with OS like raspberry pi and so on. But for my case the client side is a primitive 32-bit microcontroller. I need to specify path to a valid signed certificate as its reference.
ARM based MCU may sounds nice but mine here is only based on PIC32mx. The code has integration with ssl framework by WOLFSSL. So far I need to test its communication with my server https://myfreedomaintest.website using TLSv1.2 (or 1.3). The only requirement left, it needs the SSL certificate signed by the Certificate Authority (CA) where Let's Encrypt is my choice.
So why do I need certificate_request.csr? Is it really necessary to get that CA certificate?
But how bout the expiry date? Does it mean if this cert to be used my client app can operate forever with this cert without need to aware the expiry?
If I really want to make my app private app to app. How about the generated CSR file? Because It pairs with my generated key which is private to app right. It must hv somethin to do with this CSR file to let the communication really private and comes with expiry date set by the key or the CSR right?
ACME clients generate CSRs to submit to the CA in order to get the certificate, but that's generally (with the exception of idiotic design decisions in TrueNAS) done behind the scenes with no direct involvement from you. A CSR has nothing at all to do with getting the CA certificate itself.