Install OpenSSL
You need to install OpenSSL to generate a private key. Your private key should be stored in a secure place. You will need to use your private key to generate Stir/Shaken Certificate and to sign calls.
Here is instruction on how to install OpenSSL.
Generate Private Key
The preferred way to do this is with OpenSSL (supported by almost every platform out there including Windows, Linux & Mac). To install on Windows, you can view installers at the OpenSSL Binary Wiki page or go to Shining Light Productions page (also listed on the Wiki); or most installations, you need Win64 - the Light (drastically smaller download) version will be fine (either 1.1.1 or 1.0.2).
Now, let's generate an unencrypted private key:
Copy openssl ecparam -name prime256v1 -genkey -noout -out private_key.pem
Download Peeringhub's ACME Client
You can download Peeringhub's ACME Client from:
https://github.com/peeringhub/Windows-ACME-Client
You can download all the files as one ZIP file by using the Download ZIP button:
You can save the ZIP file in a directory and unzip the file. You should see all these files in your folder:
Open command line windows
You can read this articles to use one of the suggested methods to open a command line window.
Create a acme_client.conf file
You need to create a ACME_client.conf file with the following content:
Copy
## Production ACME client configuration## ACME server URLserver_url
https://stica.peeringhub.io/acme
# Public key
IDkid ICX
## Iconectiv configuration#
user_id <your iConnectiv username>
password <your iConnectiv password>
pa_staging false
pa_trace false
# EOF
Generate SPC Token
You can run the following command to generate SPC token:
Copy acme_cli_client.exe -c acme_client.conf gen_spc private_key_path my_ocn
The response of "gen_spc" command is as follows:
Copy 2022-10-01 02:47:16 INFO Using configuration file: 'acme_client.conf'
2022-10-01 02:47:16 INFO
eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsIng1dSI6Imh0dHBzOi8vYXV0aGVudGljYXRlLWFwaS1zdGcuaWNvbmVjdGl2LmNvbS9kb3dubG9hZC92MS9jZXJ0aWZpY2F0ZS9jZXJ0aWZpY2F0ZUlkXzEwMDAxMS5jcnQifQ.eyJleHAiOjE3Mjc2ODk2NDksImp0aSI6IjM4NWNhMWM2LWNhM2ItNGM5Zi1hODY4LWJmMTAzZTZhNmEwNyIsImF0YyI6eyJ0a3R5cGUiOiJUTkF1dGhMaXN0IiwidGt2YWx1ZSxk1BaWdCaFlFT0RJd1NnPT0iLCJjYSI6ZmFsc2UsImZpbmdlcnByaW50IjoiU0hBMjU2IDQzOjIzOkI1Ojg4OjkwOjE1OkI3OjhGOjU5OjVFOkZEOjUxOjg5OkI5OjJCOjlGOkMxOkRDOkZCOkM0OkREOjYzOjc5OjE5OjA0OjE0Ojg3OjAxOjg4OjA1OjhBOkJDIn19.1fC2Jnc0u5Q-SnGp6h0bhpQc_j3yhPkFTPTxtDWZy2QfhaDIx8w8TjJgWykSx_GdhYOZTyfAX8QXkHLfYEi-Dw
Generate Stir/Shaken Certificate
Copy acme_cli_client.exe -c acme_client.conf --spc <path_to_spc_token_file> new_order <path_to_private_key_file> <ocn> 0 0 C=US S=AZ L=Phoenix O="<organization anem>" CN="orig_name SHAKEN OCN"
The result you get should be as follows:
Copy 2022-10-01 02:05:48 INFO Using configuration file: 'acme_client.conf'
2022-10-01 02:05:48 INFO
2022-10-01 02:05:48 INFO ACME server 'https://stica-dev.peeringhub.io/acme':
> new nonce: https://stica-dev.peeringhub.io/acme/new-nonce
> new account: https://stica-dev.peeringhub.io/acme/new-account
> key change: https://stica-dev.peeringhub.io/acme/key-change
> new order: https://stica-dev.peeringhub.io/acme/new-order
2022-10-01 02:05:48 INFO
2022-10-01 02:05:50 INFO Order 'https://stica-dev.peeringhub.io/acme/order/D67985F16A8D49EEA8514870B4D90942'
> expires: '2022-10-01T23:05:51Z'
> TNAuthList: 'MAigBhYEODIwSg=='
> OCN: '820J'
> notBefore: 'n/a'
> notAfter: 'n/a'
> status: 'pending'
> error: ''
> authz: 'https://stica-dev.peeringhub.io/acme/authz/8962916A9CB74AF6BAB7953787B92599'
> finalize: 'https://stica-dev.peeringhub.io/acme/order/D67985F16A8D49EEA8514870B4D90942/finalize'
> certificate: ''
2022-10-01 02:05:50 INFO
2022-10-01 02:05:50 INFO Challenge 'https://stica-dev.peeringhub.io/acme/authz/8962916A9CB74AF6BAB7953787B92599'
> submit url: 'https://stica-dev.peeringhub.io/acme/authz/8962916A9CB74AF6BAB7953787B92599/0'
> status: 'pending'
> error: ''
> validated: 'n/a'
2022-10-01 02:05:50 INFO
2022-10-01 02:05:50 INFO Using SPC token file: 'icx.spc.txt'
2022-10-01 02:05:50 INFO
2022-10-01 02:05:53 INFO Challenge 'https://stica-dev.peeringhub.io/acme/authz/8962916A9CB74AF6BAB7953787B92599'
> submit url: 'https://stica-dev.peeringhub.io/acme/authz/8962916A9CB74AF6BAB7953787B92599/0'
> status: 'valid'
> error: ''
> validated: '2022-09-30T23:05:53Z'
2022-10-01 02:05:53 INFO
2022-10-01 02:05:53 INFO Challenge passed
2022-10-01 02:05:53 INFO
2022-10-01 02:05:54 INFO Order 'https://stica-dev.peeringhub.io/acme/order/D67985F16A8D49EEA8514870B4D90942'
> expires: '2022-10-01T23:05:51Z'
> TNAuthList: 'MAigBhYEODIwSg=='
> OCN: '820J'
> notBefore: 'n/a'
> notAfter: 'n/a'
> status: 'ready'
> error: ''
> authz: 'https://stica-dev.peeringhub.io/acme/authz/8962916A9CB74AF6BAB7953787B92599'
> finalize: 'https://stica-dev.peeringhub.io/acme/order/D67985F16A8D49EEA8514870B4D90942/finalize'
> certificate: ''
2022-10-01 02:05:54 INFO
2022-10-01 02:05:55 INFO Order 'https://stica-dev.peeringhub.io/acme/order/D67985F16A8D49EEA8514870B4D90942'
> expires: '2022-10-07T23:05:51Z'
> TNAuthList: 'MAigBhYEODIwSg=='
> OCN: '820J'
> notBefore: 'n/a'
> notAfter: 'n/a'
> status: 'valid'
> error: ''
> authz: 'https://stica-dev.peeringhub.io/acme/authz/8962916A9CB74AF6BAB7953787B92599'
> finalize: 'https://stica-dev.peeringhub.io/acme/order/D67985F16A8D49EEA8514870B4D90942/finalize'
> certificate: 'https://stica-dev.peeringhub.io/acme/cert/1562B94280A04A76899AA6E467BEC01B'
2022-10-01 02:05:55 INFO
2022-10-01 02:05:55 INFO Certificate created
2022-10-01 02:05:55 INFO
2022-10-01 02:05:55 INFO Successfully issued a new End Entity certificate for 810K
2022-10-01 02:05:55 INFO
-----BEGIN CERTIFICATE-----
MIIDFTCCArygAwIBAgIRANnA0y2rL9vePtscT/Edyy8wCgYIKoZIzj0EAwIwgYAx
CzAJBgNVBAYTAlVTMRcwFQYDVQQKDA5QZWVyaW5naHViIEluYzEiMCAGA1UECwwZ
Q2VydGlmaWNhdGlvbiBBdXRob3JpdGllczE0MDIGA1UEAwwrUGVlcmluZ2h1YiBJ
bmMgU0hBS0VOIEludGVybWVkaWF0ZSBDQSBERVYgMTAeFw0yMjEwMDEwOTA1NTZa
Fw0yMzEwMDEwOTA1NTZaMFQxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJBWjEQMA4G
A1UEBwwHUGhvZW5peDEMMAoGA1UECgwDSUNYMRgwFgYDVQQDDA9JQ1ggU0hBS0VO
IDgyMEowWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQl6Llcx1C9nyCg9OvOWJhj
dfbTyyU2jcyIHFaSr/62Fy8iP9TZV6nkILbE2vFtondqqIc1Tcd42nwxprG1gDv5
o4IBQDCCATwwDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYE
FAr1Mn8Um8BY5l48bgu470CExKY0MB8GA1UdIwQYMBaAFCLedT7UXghq/wEc6n3j
xzlTQpcFMBcGA1UdIAQQMA4wDAYKYIZIAYb/CQEBATAWBggrBgEFBQcBGgQKMAig
BhYEODIwSjCBqgYDVR0fBIGiMIGfMIGcoD6gPIY6aHR0cHM6Ly9hdXRoZW50aWNh
dGUtYXBpLXN0Zy5pY29uZWN0aXYuY29tL2Rvd25sb2FkL3YxL2NybKJapFgwVjEU
MBIGA1UEBwwLQnJpZGdld2F0ZXIxCzAJBgNVBAgMAk5KMRMwEQYDVQQDDApTVEkt
UEEgQ1JMMQswCQYDVQQGEwJVUzEPMA0GA1UECgwGU1RJLVBBMAoGCCqGSM49BAMC
A0cAMEQCIH9Jna1FOmHK6FIsZZcaoHdyV/AT9Q544EY7V8sgYPLCAiAhC7kQOIFn
M97IAsN6phEKvgs0+lLHbYon5Mm3gx8X3w==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDHzCCAsSgAwIBAgIQcuK74nt/PaLZWsRJjaJ2KTAKBggqhkjOPQQDAjB2MQsw
CQYDVQQGEwJVUzEXMBUGA1UECgwOUGVlcmluZ2h1YiBJbmMxIjAgBgNVBAsMGUNl
cnRpZmljYXRpb24gQXV0aG9yaXRpZXMxKjAoBgNVBAMMIVBlZXJpbmdodWIgSW5j
IFNIQUtFTiBST09UIENBIERFVjAeFw0yMjA0MjUyMzQ4MjBaFw0zMjA0MjIyMzQ4
MjBaMIGAMQswCQYDVQQGEwJVUzEXMBUGA1UECgwOUGVlcmluZ2h1YiBJbmMxIjAg
BgNVBAsMGUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxNDAyBgNVBAMMK1BlZXJp
bmdodWIgSW5jIFNIQUtFTiBJbnRlcm1lZGlhdGUgQ0EgREVWIDEwWTATBgcqhkjO
PQIBBggqhkjOPQMBBwNCAARydOBhM+X8nK9TqzW57TVn+ulVnSLWERRAlYCWQGkA
jMBsmQYI5Aw3ULim76WEzyZUJKOyCYLPcyaiqKa7It/Qo4IBJzCCASMwDgYDVR0P
AQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFCLedT7UXghq/wEc
6n3jxzlTQpcFMB8GA1UdIwQYMBaAFCdr86ngPMbyxZYnJzBTcRR6B5CvMBcGA1Ud
IAQQMA4wDAYKYIZIAYb/CQEBATCBpgYDVR0fBIGeMIGbMIGYoDqgOIY2aHR0cHM6
Ly9hdXRoZW50aWNhdGUtYXBpLmljb25lY3Rpdi5jb20vZG93bmxvYWQvdjEvY3Js
olqkWDBWMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTkoxFDASBgNVBAcMC0JyaWRn
ZXdhdGVyMQ8wDQYDVQQKDAZTVEktUEExEzARBgNVBAMMClNUSS1QQSBDUkwwCgYI
KoZIzj0EAwIDSQAwRgIhAKuc7n7u9ukR+BnJFtNUt3y0nAsxaBjZ06CWfneMmtvp
AiEA//1yCI+VNLXLnmutrq83R3x3m8bJnobZj7A0/PM3ZQI=
-----END CERTIFICATE-----
Host Stir/Shaken Certificate in a CR
You need to store this following part of the result from the new_order command to a file:
Copy -----BEGIN CERTIFICATE-----
MIIDFTCCArygAwIBAgIRANnA0y2rL9vePtscT/Edyy8wCgYIKoZIzj0EAwIwgYAx
CzAJBgNVBAYTAlVTMRcwFQYDVQQKDA5QZWVyaW5naHViIEluYzEiMCAGA1UECwwZ
Q2VydGlmaWNhdGlvbiBBdXRob3JpdGllczE0MDIGA1UEAwwrUGVlcmluZ2h1YiBJ
bmMgU0hBS0VOIEludGVybWVkaWF0ZSBDQSBERVYgMTAeFw0yMjEwMDEwOTA1NTZa
Fw0yMzEwMDEwOTA1NTZaMFQxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJBWjEQMA4G
A1UEBwwHUGhvZW5peDEMMAoGA1UECgwDSUNYMRgwFgYDVQQDDA9JQ1ggU0hBS0VO
IDgyMEowWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQl6Llcx1C9nyCg9OvOWJhj
dfbTyyU2jcyIHFaSr/62Fy8iP9TZV6nkILbE2vFtondqqIc1Tcd42nwxprG1gDv5
o4IBQDCCATwwDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYE
FAr1Mn8Um8BY5l48bgu470CExKY0MB8GA1UdIwQYMBaAFCLedT7UXghq/wEc6n3j
xzlTQpcFMBcGA1UdIAQQMA4wDAYKYIZIAYb/CQEBATAWBggrBgEFBQcBGgQKMAig
BhYEODIwSjCBqgYDVR0fBIGiMIGfMIGcoD6gPIY6aHR0cHM6Ly9hdXRoZW50aWNh
dGUtYXBpLXN0Zy5pY29uZWN0aXYuY29tL2Rvd25sb2FkL3YxL2NybKJapFgwVjEU
MBIGA1UEBwwLQnJpZGdld2F0ZXIxCzAJBgNVBAgMAk5KMRMwEQYDVQQDDApTVEkt
UEEgQ1JMMQswCQYDVQQGEwJVUzEPMA0GA1UECgwGU1RJLVBBMAoGCCqGSM49BAMC
A0cAMEQCIH9Jna1FOmHK6FIsZZcaoHdyV/AT9Q544EY7V8sgYPLCAiAhC7kQOIFn
M97IAsN6phEKvgs0+lLHbYon5Mm3gx8X3w==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDHzCCAsSgAwIBAgIQcuK74nt/PaLZWsRJjaJ2KTAKBggqhkjOPQQDAjB2MQsw
CQYDVQQGEwJVUzEXMBUGA1UECgwOUGVlcmluZ2h1YiBJbmMxIjAgBgNVBAsMGUNl
cnRpZmljYXRpb24gQXV0aG9yaXRpZXMxKjAoBgNVBAMMIVBlZXJpbmdodWIgSW5j
IFNIQUtFTiBST09UIENBIERFVjAeFw0yMjA0MjUyMzQ4MjBaFw0zMjA0MjIyMzQ4
MjBaMIGAMQswCQYDVQQGEwJVUzEXMBUGA1UECgwOUGVlcmluZ2h1YiBJbmMxIjAg
BgNVBAsMGUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxNDAyBgNVBAMMK1BlZXJp
bmdodWIgSW5jIFNIQUtFTiBJbnRlcm1lZGlhdGUgQ0EgREVWIDEwWTATBgcqhkjO
PQIBBggqhkjOPQMBBwNCAARydOBhM+X8nK9TqzW57TVn+ulVnSLWERRAlYCWQGkA
jMBsmQYI5Aw3ULim76WEzyZUJKOyCYLPcyaiqKa7It/Qo4IBJzCCASMwDgYDVR0P
AQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFCLedT7UXghq/wEc
6n3jxzlTQpcFMB8GA1UdIwQYMBaAFCdr86ngPMbyxZYnJzBTcRR6B5CvMBcGA1Ud
IAQQMA4wDAYKYIZIAYb/CQEBATCBpgYDVR0fBIGeMIGbMIGYoDqgOIY2aHR0cHM6
Ly9hdXRoZW50aWNhdGUtYXBpLmljb25lY3Rpdi5jb20vZG93bmxvYWQvdjEvY3Js
olqkWDBWMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTkoxFDASBgNVBAcMC0JyaWRn
ZXdhdGVyMQ8wDQYDVQQKDAZTVEktUEExEzARBgNVBAMMClNUSS1QQSBDUkwwCgYI
KoZIzj0EAwIDSQAwRgIhAKuc7n7u9ukR+BnJFtNUt3y0nAsxaBjZ06CWfneMmtvp
AiEA//1yCI+VNLXLnmutrq83R3x3m8bJnobZj7A0/PM3ZQI=
-----END CERTIFICATE-----
This file would be your Stir/Shaken certificate. You will also need to host your certificate to a Certificate Repository. A Certificate Repository can be deployed using AWS S3 or Google Storage service.