Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
INTRAWEB ACME
#1
Hi,

I would like to use the ACME protocol for my web server application and have a number of questions on this topic.
Does ATOZED have corresponding documentation on this topic?

Best Regards
Juergen
Reply
#2
https://www.atozed.com/2018/09/15-0-11-h/
Reply
#3
OK,

here are my questions:

Does my SA application become a full ACME client (certificate management agent) by setting ServerController-> SSLOptions-> EnableACME = true or do I need additional software for this?
What additional steps are necessary to configure automatic certificate management using the ACME protocol?

Deviating from the statements on https://letsencrypt.org/docs/challenge-types/ I found in another forum post that the acme-challenge directory must be created below the application directory and parallel to the wwwroot directory.
As a service, my application directory is in the corresponding Windows program directory of the system drive.
The directory wwwroot is however on another drive and is specified accordingly in ServerController-> ContentPath.
Where do I have to create the acme-challenge directory here?

I use HTTPSYS with URL reservation according to the following example:

https://example1.com/Reservation1
https://example2.com/Reservation2

Both domains are addressed via the same port.
For the first domain, a certificate has been installed manually and bound to the port.
For the second domain, certificate management is to be implemented using the ACME protocol.
There is no application that responds to https://example2.com.
How can the ACME protocol for https://example2.com/Reservation2 be configured for this variant?


Best Regards
Juergen
Reply
#4
Automatic certificate management is being developed and it is not yet fully implemented.
IW apps are able to respond to the challenge, but the certificate request must be done manually for now, until we finish our implementation. If you create the certificate request manually now, hopefully before it expires we will have a working version. That's the expectation.

Regarding your https://example2.com issue:

If you want your IW application to be able to respond to that, you will need to create a content handler mapped to

http://example2.com/.well-known/acme-challenge

and also register this URL with your http.sys IW application (it can be done using the ServerController's OnBind event, for instance, which should be quite straighforward). The content handler should be able to open the text file, read it and write the response back. There are a couple of demos that show how to do something similar ( https://github.com/Atozed/IntraWeb/tree/...ntHandlers ).

the content handler is required in this case because the application won't usually respond to this URL, otherwise you wouldn't need it.
Reply
#5
Hi Alexandre,

Thank you for the information.
I will create the certificate manually and continue the topic when development is complete.

Best Regards
Juergen
Reply
#6
Hi Alexandre,

i have created an ACME content handler mapped to

http://myserver.com/.well-known/acme-challenge

that serves the files from the challenge directory of the Intraweb Certificate Manager.

It works so far.

Do I still need the TIWServerController -> SSLOptions -> EnableACME flag and what does it do?


Regards
Juergen
Reply
#7
In case you server the file yourself via Content handlers, EnableACME should be *disabled*. Otherwise IntraWeb will handle the request itself and bypass your content handler.
Reply
#8
Hi Alexandre,

Is the Intraweb Certificate Manager only intended for developers or can it be delivered completely to the end customer.
I couldn't find any license terms or transfer conditions anywhere.


Regards
Juergen
Reply
#9
Hi Jurgen,

We will include a license file in the next release. This application can be freely used and distributed even to 3rd parties.

We will also create a page and a separate download for it. AFAIK, there is no similar tool on the market, at least not one that can do all that our tool can.
Reply
#10
(07-10-2020, 08:00 AM)JuergenS Wrote: Hi Alexandre,

i have created an ACME content handler mapped to

http://myserver.com/.well-known/acme-challenge

that serves the files from the challenge directory of the Intraweb Certificate Manager.

It works so far.

Do I still need the TIWServerController -> SSLOptions -> EnableACME flag and what does it do?


Regards
Juergen
I'm struggling with this. Can you point to the right direction?
Where did you create the .well-known/acme-challenge folder? Inside wwwroot of the application or at the same folder of the application?
How did you create the content handler?
I can't get iwCertificateManager to create my Let's Encrypt certificate!!
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)