Mailing List CGatePro@mail.stalker.com Message #106681
From: Technical Support support@stalker.com <CGatePro@mail.stalker.com>
Subject: Re: Lets Encrypt for CGP on WIndows
Date: Thu, 28 Dec 2017 12:29:05 +0300
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
Hello,

On 2017-12-27 08:39, Nicolas Hatier nicolas.hatier@niversoft.com wrote:

The script is designed for PKCS#1. You're using it with PKCS#8.

I'm not sure if CGP CLI commands support PKCS#8 import directly, I never tried.

The CLI command just sets the setting value that is expected to be PKCS#1. Only WebAdmin does conversion of PKCS#8 (and stores PKCS#1).

I suggest you get PKCS#1 keys from letsencrypt, maybe there's a config in the acme script you're using, or you can use openssl commands to convert the files.

Yes, in a script it's not a problem usually to call an openssl one-liner to convert PKCS#8 data to PKCS#1.

*Nicolas Hatier, ing.* <nicolas.hatier@niversoft.com <mailto:nicolas.hatier@niversoft.com>>
Niversoft idées logicielles - http://www.niversoft.com



On 2017-12-26 14:21, Eduard Chesnokov epchesnokov@doorhan.ru wrote:

Hello

I've just tested your script, and need help. All certificates installs correctly except private key. My private key from LetsEncrypt a little bit differs, it starts with -----BEGIN PRIVATE KEY----- and ends with -----END PRIVATE KEY-----.

I changed those lines in your script. It did not help. But when I install key manually from web admin console, it works fine. Any ideas how I can fix this?



28.09.2017 5:06, Nicolas Hatier nicolas.hatier@niversoft.com пишет:
Script is quite crude but works well for me:

https://pastebin.com/cN2ngVkG

*Nicolas Hatier, ing.* <nicolas.hatier@niversoft.com <mailto:nicolas.hatier@niversoft.com>>
Niversoft idées logicielles - http://www.niversoft.com



On 2017-09-27 22:00, Nicolas Hatier nicolas.hatier@niversoft.com wrote:

I wrote a Perl script that uses CLI.pm to configure the new certificate automatically in CGP.

*Nicolas Hatier, ing.* <nicolas.hatier@niversoft.com <mailto:nicolas.hatier@niversoft.com>>
Niversoft idées logicielles - http://www.niversoft.com



On 2017-09-27 20:56, Shaun Gamble listrdr@redco.com.au wrote:

Are you manually importing the certificate into CGP each time you renew or are you able to automate issuing the certificate to CGP each time you renew?


On 27/09/2017 4:18 AM, Nicolas Hatier nicolas.hatier@niversoft.com wrote:

I'm doing it with getssl, on windows with cygwin.

Using DNS testing, I had to write a script to update the DNS record at my DNS provider, and another one that update CGP certificates using CLI.pm

Took me about an hour to get it right, and now it's been running without issues for almost a year.

Setup on our linux servers was a lot easier since http testing could be used on those machines, and I simply reused the CGP script from the Windows installation.

Not "hard", but far from being plug and play.

*Nicolas Hatier, ing.* <nicolas.hatier@niversoft.com <mailto:nicolas.hatier@niversoft.com>>
Niversoft idées logicielles - http://www.niversoft.com



On 2017-09-25 22:40, Shaun Gamble listrdr@redco.com.au wrote:
CGP 6.1.16

Windows 2012R2

Has anyone managed to set-up Lets Encrypt keys and certificates for CGP? I'm trying to move away from self signed certificates as it is now becoming too hard with FireFox refusing to create a permanent exception.

I am testing with the le64.exe client. Due to the inability to use http testing, I am trying to use DNS testing. It's driving me nuts as the main ISP in Australia still isn't using IPv6 and doesn't allow us to change CAA records.



-- Shaun
Fitzroy Island<http://www.fitzroyisland.com>
Destination Darwin NT<http://www.destinationnt.com>
MOM Backpackers<http://www.momdarwin.com>
Value Inn Hotel<http://www.valueinn.com.au>
Please do not send any unsolicited email. It is not wanted.





--
Best regards,
Dmitry Akindinov

=======================================================================
When answering to letters sent to you by the tech.support staff, make
sure the original message you have received is included into your
reply.
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster