Create Certificate using ssh_keygen and letsEncrypt for IIS

by heyNow   Last Updated October 09, 2019 23:00 PM - source

I am pretty new to public-private key and creating certificates so I wanted to write out my thinking and see if I have the correct approach.

1) Use ssh_keygen to create a key pair.
I have basic git-bash on my Windows machine which allows me to run this command.

2) Use a CA like to wrap the public key in a certificate.
I want try something like this as I want to learn beyond the self signed certificate that a lot of forums keep suggesting.

3) Import Certificate in Windows, to be used by IIS

If this is the correct approach, could someone point me to more details on Step 2)?
(I figured out most of Steps 1 and 3)

EDIT: Apologies if something is missing in this process. I would want to learn that as well.

Answers 1

1) You typically not use ssh-keygen for ssl certificates and You do not create a key-pair but a key and a csr (certificate signing request) where the latter contains the public key with the help of typically openssl (but the RSA key created with ssh-keygen could also be used as private key for an x509 cert)

2) If You want to use letsencrypt You normally skip step 1 and install one of the ACME tools instead that are doing that things for You and additionally hand the csr over to letsencrypt and get the resulting certificate back (after it helps You prooving Your ownership of domain(s) the certificate is requested for) - thought You can do it manually if You read specs, docs and the sources of he tools - or probably there is a tool that allows You to do many steps the manual way assisting You just with some basics (check the list on letsencrpyt site)

3) Import Private Key and Certificate to be used by IIS

October 09, 2019 22:28 PM

Related Questions

Let's encrypt nginx server tls-sni-01 challenge

Updated January 28, 2018 14:00 PM