Comments (6)
Thanks Rick, the issue here is that we currently don't support SAN (Subject Alternative Name) - where you can associate a bunch of dns names with one cert. I just need to think about the right UI - you may have existing, even non-free, certs for other bindings that you might want to keep etc.
from certify.
FWIW, I can create two separate certs one for www. and one for the non-www binding and that works. But that adds a bit of overhead in managing the connection.
So are you saying that it's possible to do this with ACME but not with Certify (currently)?
Normally when you register a domain and you register for www. you automatically get the non-www version of the cert as well. I think the UI for that would be simple enough - a checkbox for base domain would do the trick (enabled only if you're specifically targeting a subdomain).
I'd help but frankly I don't know enough about the details of the cert process - I'm more like an end user who's excited about being able to more easily automate the certificate management and run all of my sites under SSL.
from certify.
Yes it's possible to do this with the command line - you perform individual authorizations (challenge/response) for each variation to be used in the same cert, then specify all of those identifiers when requesting the final cert. https://github.com/ebekker/ACMESharp/wiki/Quick-Start#7-request-and-retrieve-the-certificate.
The challenge for me is that I don't just want to handle www.domain.com and non-www, I want to do www.domain.com, domain.com, api.domain.com, api.domain.io etc in one cert, because older (non-SNI) versions of IIS need a single IP per SSL cert binding. But I agree we should just present all domains bound for a specific IIS site and provide the option to authorise and certify them all in one operation. The UI also needs proper progress/background worker setup as multi domains sites could take a while to process.
from certify.
Poking around in the Vault I see this:
{
"$type": "ACMESharp.PKI.CsrDetails, ACMESharp",
"CommonName": "www.foxcentral.net",
"AlternativeNames": null,
"Country": null,
"StateOrProvince": null,
"Locality": null,
"Organization": null,
"OrganizationUnit": null,
"Description": null,
"Surname": null,
"GivenName": null,
"Initials": null,
"Title": null,
"SerialNumber": null,
"UniqueIdentifier": null,
"Email": null
}
Seems to me that there is explicit support for AlternativeName.
I think it's much less important to get all the domain prefixes to work, but www. and the base domain is such a common scenario.
from certify.
@RickStrahl could you find a solution for this? I am having the same problem. thanks
from certify.
This (SAN support plus UI to select which domains to combine cert for) is being addressed currently in a new branch. See also the SAN tracking issue #28
from certify.
Related Issues (20)
- Application constantly creating/exiting threads, bogomips (ApplicationInsightsDiagnostics.json)? HOT 8
- Mark Certify.Web service depends on HTTP service HOT 1
- Certify the Web does not send a request to the ACME server to deactivate the account when an account is deleted HOT 1
- Deployment Task - Stop Start or Restart a Service not able to restart service on remote machine HOT 1
- Certify.Core-1.0.0: 1 vulnerabilities (highest severity is: 7.5)
- How to run development environment? HOT 5
- Deployment Tasks - Run a program, batch file or custom script on windows HOT 1
- add support for Vultr DNS API HOT 1
- AutoUpdate.ps1 script is broken HOT 4
- DNS Validation Fails for IONOS DNS API HOT 2
- acme-dns DNS API failed HOT 2
- Propagation timer not being preserved when using Constellix API (posh-acme) script HOT 1
- Save button abnormalities HOT 3
- AcmeDNS Provider Error for API Update HOT 4
- Export does not exports whole chain HOT 7
- Feature Request: ARM64 Support HOT 5
- Export to .pfx with password HOT 5
- PowerShell script - with space in path / new process HOT 4
- azure.identity.1.7.0.nupkg: 1 vulnerabilities (highest severity is: 8.8)
- Error when using Export Certificate task HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from certify.