I’m very new to encryption. I had never configured lets encrypt or any other encryption service before, until my new boss wants me to solve following issue:
He send me a file, which starts with “-----BEGIN NEW CERTIFICATE REQUEST-----”.
Now I’m supposed to create kind of “opposite” file for a Windows IIS. So far so good.
After reading the documentary and some other tutorials I asked him for shell access and root permissions, but both aren’t availible. My plan to use one of the ACME tools won’t work, therefore.
I searched hours and hours threw the internet, maybe for the false topic.
Is there somebody who know what I’m searching for / can help me?
A manually created and processed CSR will not take into account the real benefit that LE provides…
AUTOMATION.
If you are going to manually process CSR files every <90 days, you are missing out.
[presuming you can even get that done correctly]
Your first option should be to look for a client that can run on the system that needs a certificate and set it up to run automatically.
If that is not possible, bring that problem to this forum.
Are you able to decode the file with openssl req -noout -text < cert_request_sent_by_the_boss.csr
command? Check what domain(s) is/are in the Subject and in the Subject Alternate Names fields. You have to have some kind of control for those domains, via DNS or via web service to rely on Let'sencrypt in order to sign the certificate request.
Thanks for your answers. CSR was the missing point I didn’t know, cause my boss sent me a txt file and I never heard of CSR before.
I told him the two option and so on … now shell usage is possible. Maybe he didn’t wan’t me to have access on his customer server, because I’m still studying.