Windows IIS with existing certificate

Hello,

I’m very new to encryption. I had never configured lets encrypt or any other encryption service before, until my new boss wants me to solve following issue:

He send me a file, which starts with “-----BEGIN NEW CERTIFICATE REQUEST-----”.
Now I’m supposed to create kind of “opposite” file for a Windows IIS. So far so good.

After reading the documentary and some other tutorials I asked him for shell access and root permissions, but both aren’t availible. My plan to use one of the ACME tools won’t work, therefore.

I searched hours and hours threw the internet, maybe for the false topic.
Is there somebody who know what I’m searching for / can help me?

Hi @DReimers

that’s not how Letsencrypt works.

Tell your boss, he should pay a certificate if he want that.

Using Letsencrypt:

Read some basics:

Then - if you have root access - select a client.

Nothing else.

No root access -> your options are limited, your hoster must support Letsencrypt.

A manually created and processed CSR will not take into account the real benefit that LE provides…
AUTOMATION.
If you are going to manually process CSR files every <90 days, you are missing out.
[presuming you can even get that done correctly]
Your first option should be to look for a client that can run on the system that needs a certificate and set it up to run automatically.
If that is not possible, bring that problem to this forum.

1 Like

Are you able to decode the file with
openssl req -noout -text < cert_request_sent_by_the_boss.csr
command? Check what domain(s) is/are in the Subject and in the Subject Alternate Names fields. You have to have some kind of control for those domains, via DNS or via web service to rely on Let’sencrypt in order to sign the certificate request.

1 Like

Thanks for your answers. CSR was the missing point I didn’t know, cause my boss sent me a txt file and I never heard of CSR before.
I told him the two option and so on … now shell usage is possible. Maybe he didn’t wan’t me to have access on his customer server, because I’m still studying. :wink:

Hi,

now my boss called me again with some more information:

  • it’s a Windows IIS with a software which needs ssl
  • the server is connect to the internet
  • shell and root is availible
    -> BUT the domain is only an intern (windows) domain

Is there an option to get a certificate for an intern domain? Hopefully an automatic resigning solution?

Then you have to use dns validation:

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.