mirror of
https://github.com/ridercz/AutoACME.git
synced 2026-04-25 15:15:53 +03:00
[GH-ISSUE #47] Save CRT and PEM certificates #35
Labels
No labels
pull-request
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/AutoACME#35
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @mmsw-git on GitHub (Mar 23, 2020).
Original GitHub issue: https://github.com/ridercz/AutoACME/issues/47
Hello,
I was using your example in previous ACMEv1 with pleasure.
I need separate certificate and private key in CRT and PEM files for Unreal Media Server.
It worked fine with this code:
Dim pemFileName = Path.Combine(My.Settings.pemFolder, dr.Hostname & ".pem") Using f = File.Create(pemFileName) acmeCert.Key.Save(f) End Using Dim cert = New Security.Cryptography.X509Certificates.X509Certificate2(acmeCert.Raw) Dim crtFileName = Path.Combine(My.Settings.pemFolder, dr.Hostname & ".crt") Using f = File.CreateText(crtFileName) f.WriteLine("-----BEGIN CERTIFICATE-----") f.WriteLine(Convert.ToBase64String(cert.GetRawCertData(), Base64FormattingOptions.InsertLineBreaks)) f.WriteLine("-----END CERTIFICATE-----") End UsingNow I upgraded the code for ACMEv2 and I am not able to export correct PEM and CRT files.
PFX for IIS is working well.
Would you be so kind to help me?
Thank you very much
Mirek
@avonwyss commented on GitHub (Mar 23, 2020):
Can you give more information about the problem? What does AutoACME output (maybe with the
--verboseswitch)?@mmsw-git commented on GitHub (Mar 23, 2020):
Thanks for fast response.
AutoAcme exports files, but Unreal Media Server doesn't accept them.
PEM file:
Dim pemFileName = Path.Combine(My.Settings.pemFolder, dr.Hostname & ".pem")
Using f = File.CreateText(pemFileName)
f.Write(cert.ToPem(privateKey))
End Using
PEM file in new version contains three certificates, while old version contained one only.
CRT file:
Dim derData = New Security.Cryptography.X509Certificates.X509Certificate2(cert.Certificate.ToDer)
Dim crtFileName = Path.Combine(My.Settings.pemFolder, dr.Hostname & ".crt")
Using f = File.CreateText(crtFileName)
f.WriteLine("-----BEGIN CERTIFICATE-----")
f.WriteLine(Convert.ToBase64String(derData.GetRawCertData, Base64FormattingOptions.InsertLineBreaks))
f.WriteLine("-----END CERTIFICATE-----")
End Using
I am not sure with this code.
I also don't know which one from certificates is wrong (maybe both).
Mirek
@avonwyss commented on GitHub (Mar 23, 2020):
Ah, that makes sense then. This is not related to V1/V2 but was separate issue #24 which asked for a full chain. Currently there is no setting to control the behavior, maybe this should be added in order to fix your problem.
@mmsw-git commented on GitHub (Mar 23, 2020):
I will check noticed issue #25
Thank you
Mirek
@mmsw-git commented on GitHub (Mar 24, 2020):
I have checked issue #25 and it didn't help me a lot.
It is so difficult for me.
As I have PFX file, I tried to export CRT and PEM from it - https://www.markbrilman.nl/2011/08/howto-convert-a-pfx-to-a-seperate-key-crt-file/.
I was successful doing this with AlpiroSSL certificate, but I was unsuccessful doing this with LetsEncrypt PFX. I got error in last step:
C:\WINDOWS\system32>"C:\Program Files\OpenSSL-Win64\bin\openssl" rsa -in C:\CertStore\PFX\admin.xxx.cz.key -out C:\CertStore\PFX\admin.xxx.cz.pem Enter pass phrase for C:\CertStore\PFX\admin.xxx.cz.key: 72788:error:0607907F:digital envelope routines:EVP_PKEY_get0_RSA:expecting an rsa key:crypto\evp\p_lib.c:469:Would you be so kind to point me to right information sources to solve this task?
Thank you
Mirek
@avonwyss commented on GitHub (Mar 24, 2020):
@mmsw-git Note that you seem to have looked into the wrong issue, it's #24 and not
#25.The very first certificate in the CRT file is the one you're after, e.g. everything up to and including the first
----END CERTIFICATE-----in the CRT file. Can you delete everything after that line, save the CRT file, and test whether that CRT/PEM can then be imported by Unreal Media Server?@mmsw-git commented on GitHub (Mar 24, 2020):
I have seen #24. It was only written mistake :-).
Thank you very much for advice about CRT - I can try it.
But I am afraid I have more serious problem exporting RSA Private Key.
@avonwyss commented on GitHub (Mar 24, 2020):
The PEM file is unchanged, the certificate chain is only there to allow checking the certificate (e.g. intermediate certificates up to the root certificate). FOr more information you can read https://en.wikipedia.org/wiki/X.509#Certificate_chains_and_cross-certification
In older versions AutoACME would generate the same PEM and CER file, the new version just appends the intermediate certificates to the CER file, nothing else.
@mmsw-git commented on GitHub (Mar 24, 2020):
I used this code to export Private Key:
acmeCert.Key.Save(file)I don't see similar possibility in new version.
@avonwyss commented on GitHub (Mar 24, 2020):
I must admit that I'm having trouble following you. Why and where would you have used
acmeCert.Key.Save? The key is saved here:github.com/ridercz/AutoACME@0b4864e4d4/Altairis.AutoAcme.Core/CertificateRequestResult.cs (L38)That being said, I don't see a problem with AutoACME right now, so I'm closing the issue (you may still comment on it of course).
@mmsw-git commented on GitHub (Mar 24, 2020):
Thank you very much for your help.
Mirek