Windows Command Line Client

Install OpenSSL

You need to install OpenSSL to generate a private key. Your private key should be stored in a secure place. You will need to use your private key to generate Stir/Shaken Certificate and to sign calls.

Here is instruction on how to install OpenSSL.

Generate Private Key

The preferred way to do this is with OpenSSL (supported by almost every platform out there including Windows, Linux & Mac). To install on Windows, you can view installers at the OpenSSL Binary Wiki page or go to Shining Light Productions page (also listed on the Wiki); or most installations, you need Win64 - the Light (drastically smaller download) version will be fine (either 1.1.1 or 1.0.2). Now, let's generate an unencrypted private key:

openssl ecparam -name prime256v1 -genkey -noout -out private_key.pem

Download Peeringhub's ACME Client

You can download Peeringhub's ACME Client from:

https://github.com/peeringhub/Windows-ACME-Client

You can download all the files as one ZIP file by using the Download ZIP button:

You can save the ZIP file in a directory and unzip the file. You should see all these files in your folder:

Open command line windows

You can read this articles to use one of the suggested methods to open a command line window.

Create a acme_client.conf file

You need to create a ACME_client.conf file with the following content:

Generate SPC Token

You can run the following command to generate SPC token:

The response of "gen_spc" command is as follows:

Generate Stir/Shaken Certificate

The result you get should be as follows:

Host Stir/Shaken Certificate in a CR

You need to store this following part of the result from the new_order command to a file:

This file would be your Stir/Shaken certificate. You will also need to host your certificate to a Certificate Repository. A Certificate Repository can be deployed using AWS S3 or Google Storage service.