-2

I am pretty new to public-private key and creating certificates so I wanted to write out my thinking and see if I have the correct approach.

1) Use ssh_keygen to create a key pair.
I have basic git-bash on my Windows machine which allows me to run this command.

2) Use a CA like letsEncrypt.org to wrap the public key in a certificate.
I want try something like this as I want to learn beyond the self signed certificate that a lot of forums keep suggesting.

3) Import Certificate in Windows, to be used by IIS

If this is the correct approach, could someone point me to more details on Step 2)?
(I figured out most of Steps 1 and 3)

EDIT: Apologies if something is missing in this process. I would want to learn that as well.

heyNow
  • 97
  • 1
  • You should be more explicit on your goals. All approaches can do something for you, but if you want the certificate for development/testing or for production that purpose itself can rule out certain options. – Lex Li Oct 12 '19 at 17:24

1 Answers1

2

1) You typically not use ssh-keygen for ssl certificates and You do not create a key-pair but a key and a csr (certificate signing request) where the latter contains the public key with the help of typically openssl (but the RSA key created with ssh-keygen could also be used as private key for an x509 cert)

2) If You want to use letsencrypt You normally skip step 1 and install one of the ACME tools instead that are doing that things for You and additionally hand the csr over to letsencrypt and get the resulting certificate back (after it helps You prooving Your ownership of domain(s) the certificate is requested for) - thought You can do it manually if You read specs, docs and the sources of he tools - or probably there is a tool that allows You to do many steps the manual way assisting You just with some basics (check the list on letsencrpyt site)

3) Import Private Key and Certificate to be used by IIS

EOhm
  • 815
  • 3
  • 7