Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Certify The Web instructions to ACME clients tutorial #255

Merged
merged 3 commits into from
Jul 25, 2023
Merged

Add Certify The Web instructions to ACME clients tutorial #255

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
c4f9f54
Add Certify The Web instruction to ACME client tutorial
webprofusion-chrisc Jul 24, 2023
761be71
Apply suggestions from code review
webprofusion-chrisc Jul 24, 2023
26ab31d
Merge branch 'smallstep:main' into main
webprofusion-chrisc Jul 25, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions tutorials/acme-protocol-acme-clients.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,7 @@ Choose a renewal period that is two-thirds of the entire certificate's lifetime,
* [Golang](#golang)
* [Python](#python)
* [Traefik](#traefik)
* [Certify The Web](#certify-the-web)

### Certbot

Expand Down Expand Up @@ -628,3 +629,16 @@ $ curl https://foo.internal --cacert $(step path)/certs/root_ca.crt

Hello TLS!
```

### Certify The Web

Certify The Web is a popular ACME Certificate Manager for Windows. It provides a full UI for managing thousands of certificates, supports a wide range of built in deployment tasks and integrates with many DNS API providers. Commercial licensing and support is also available.

To use with `step-ca`:
- Add your CA root certificate to *Local Machine > Trusted Certificate Authorities* and your CA intermediate to *Local Machine > Intermediate Certification Authorities*. This will make your endpoint certificate (and the other ACME certificates you issue from your CA) trusted on this machine.
- Add your `step-ca` instance details as a new Certificate Authority under *Settings > Certificate Authorities*. You can set the Production and Staging API urls either to the same directory endpoint or point them to different instances if you are operating a split staging and production configuration.
- Add a CA account for your new CA under *Settings > Certificate Authorities > New Account*, selecting your new CA from the list.
- Select *New Certificate* to begin ordering a new certicate from your CA. Make sure to set your CA preference under Certificate > Advanced > Certificate Authority (or you can set this as a global setting). You can use HTTP or DNS validation. Select *Request Certificate* to perform your certificate order. Subsequent renewals are automatic.
- By default the certificate will be added to the local machine certificate store. It can also be automatically deployed to IIS sites on the same machine, or you can use [Deployment Tasks](https://docs.certifytheweb.com/docs/deployment/tasks_intro) to push certificates to secrets vaults or to remote machines via SFTP (windows or linux etc) or to UNC shares etc.

[Certify The Web]:https://certifytheweb.com