> For the complete documentation index, see [llms.txt](https://doc.peeringhub.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://doc.peeringhub.io/guides/generating-certificate/windows-command-line-client.md).

# Windows Command Line Client

### Install OpenSSL

You need to install OpenSSL to generate a private key.  Your private key should be stored in a secure place.  You will need to use your private key to generate Stir/Shaken Certificate and to sign calls.&#x20;

Here is [instruction](https://www.xolphin.com/support/OpenSSL/OpenSSL_-_Installation_under_Windows) on how to install OpenSSL.

### Generate Private Key

The preferred way to do this is with OpenSSL (supported by almost every platform out there including Windows, Linux & Mac). To install on Windows, you can view installers at the [OpenSSL Binary Wiki](https://wiki.openssl.org/index.php/Binaries) page or go to [Shining Light Productions](https://slproweb.com/products/Win32OpenSSL.html) page (also listed on the Wiki); or most installations, you need Win64 - the Light (drastically smaller download) version will be fine (either 1.1.1 or 1.0.2).\
&#x20;\
Now, let's generate an **unencrypted** private key:

```
openssl ecparam -name prime256v1 -genkey -noout -out private_key.pem
```

\
![](https://support.cerberusftp.com/attachments/token/FvS1CNCmzEjjnoQ1JtPVr46hj/?name=inlineImage.png)

### Download Peeringhub's ACME Client

You can download Peeringhub's ACME Client from:

> <https://github.com/peeringhub/Windows-ACME-Client>

You can download all the files as one ZIP file by using the Download ZIP button:

![](/files/utKPD7K10uPz6esVGWxP)

You can save the ZIP file in a directory and unzip the file.  You should see all these files in your folder:

![](/files/bjhtKxW9Wt5bBzq2Cz4Z)

### Open command line windows

You can read this [articles](https://www.howtogeek.com/235101/10-ways-to-open-the-command-prompt-in-windows-10/) to use one of the suggested methods to open a command line window.

### Create a acme\_client.conf file

You need to create a ACME\_client.conf file with the following content:

```

## Production ACME client configuration## ACME server URLserver_url	
https://stica.peeringhub.io/acme
# Public key 
IDkid		ICX

## Iconectiv configuration#

user_id		        <your iConnectiv username>
password		<your iConnectiv password>
pa_staging		false
pa_trace		false

# EOF
```

### Generate SPC Token

You can run the following command to generate SPC token:

{% code overflow="wrap" %}

```
acme_cli_client.exe -c acme_client.conf gen_spc  private_key_path my_ocn
```

{% endcode %}

The response of "gen\_spc" command is as follows:

{% code overflow="wrap" %}

```
2022-10-01 02:47:16  INFO Using configuration file: 'acme_client.conf'
2022-10-01 02:47:16  INFO

eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsIng1dSI6Imh0dHBzOi8vYXV0aGVudGljYXRlLWFwaS1zdGcuaWNvbmVjdGl2LmNvbS9kb3dubG9hZC92MS9jZXJ0aWZpY2F0ZS9jZXJ0aWZpY2F0ZUlkXzEwMDAxMS5jcnQifQ.eyJleHAiOjE3Mjc2ODk2NDksImp0aSI6IjM4NWNhMWM2LWNhM2ItNGM5Zi1hODY4LWJmMTAzZTZhNmEwNyIsImF0YyI6eyJ0a3R5cGUiOiJUTkF1dGhMaXN0IiwidGt2YWx1ZSxk1BaWdCaFlFT0RJd1NnPT0iLCJjYSI6ZmFsc2UsImZpbmdlcnByaW50IjoiU0hBMjU2IDQzOjIzOkI1Ojg4OjkwOjE1OkI3OjhGOjU5OjVFOkZEOjUxOjg5OkI5OjJCOjlGOkMxOkRDOkZCOkM0OkREOjYzOjc5OjE5OjA0OjE0Ojg3OjAxOjg4OjA1OjhBOkJDIn19.1fC2Jnc0u5Q-SnGp6h0bhpQc_j3yhPkFTPTxtDWZy2QfhaDIx8w8TjJgWykSx_GdhYOZTyfAX8QXkHLfYEi-Dw
```

{% endcode %}

### Generate Stir/Shaken Certificate

{% code overflow="wrap" %}

```
acme_cli_client.exe -c acme_client.conf  --spc <path_to_spc_token_file> new_order <path_to_private_key_file>  <ocn> 0 0 C=US S=AZ L=Phoenix O="<organization anem>" CN="orig_name SHAKEN OCN"
```

{% endcode %}

The result you get should be as follows:

{% code overflow="wrap" %}

```
2022-10-01 02:05:48  INFO Using configuration file: 'acme_client.conf'
2022-10-01 02:05:48  INFO

2022-10-01 02:05:48  INFO ACME server 'https://stica-dev.peeringhub.io/acme':
  > new nonce: https://stica-dev.peeringhub.io/acme/new-nonce
  > new account: https://stica-dev.peeringhub.io/acme/new-account
  > key change: https://stica-dev.peeringhub.io/acme/key-change
  > new order: https://stica-dev.peeringhub.io/acme/new-order
2022-10-01 02:05:48  INFO

2022-10-01 02:05:50  INFO Order 'https://stica-dev.peeringhub.io/acme/order/D67985F16A8D49EEA8514870B4D90942'
  > expires: '2022-10-01T23:05:51Z'
  > TNAuthList: 'MAigBhYEODIwSg=='
  > OCN: '820J'
  > notBefore: 'n/a'
  > notAfter: 'n/a'
  > status: 'pending'
  > error: ''
  > authz: 'https://stica-dev.peeringhub.io/acme/authz/8962916A9CB74AF6BAB7953787B92599'
  > finalize: 'https://stica-dev.peeringhub.io/acme/order/D67985F16A8D49EEA8514870B4D90942/finalize'
  > certificate: ''
2022-10-01 02:05:50  INFO

2022-10-01 02:05:50  INFO Challenge 'https://stica-dev.peeringhub.io/acme/authz/8962916A9CB74AF6BAB7953787B92599'
  > submit url: 'https://stica-dev.peeringhub.io/acme/authz/8962916A9CB74AF6BAB7953787B92599/0'
  > status: 'pending'
  > error: ''
  > validated: 'n/a'
2022-10-01 02:05:50  INFO

2022-10-01 02:05:50  INFO Using SPC token file: 'icx.spc.txt'
2022-10-01 02:05:50  INFO

2022-10-01 02:05:53  INFO Challenge 'https://stica-dev.peeringhub.io/acme/authz/8962916A9CB74AF6BAB7953787B92599'
  > submit url: 'https://stica-dev.peeringhub.io/acme/authz/8962916A9CB74AF6BAB7953787B92599/0'
  > status: 'valid'
  > error: ''
  > validated: '2022-09-30T23:05:53Z'
2022-10-01 02:05:53  INFO

2022-10-01 02:05:53  INFO Challenge passed
2022-10-01 02:05:53  INFO

2022-10-01 02:05:54  INFO Order 'https://stica-dev.peeringhub.io/acme/order/D67985F16A8D49EEA8514870B4D90942'
  > expires: '2022-10-01T23:05:51Z'
  > TNAuthList: 'MAigBhYEODIwSg=='
  > OCN: '820J'
  > notBefore: 'n/a'
  > notAfter: 'n/a'
  > status: 'ready'
  > error: ''
  > authz: 'https://stica-dev.peeringhub.io/acme/authz/8962916A9CB74AF6BAB7953787B92599'
  > finalize: 'https://stica-dev.peeringhub.io/acme/order/D67985F16A8D49EEA8514870B4D90942/finalize'
  > certificate: ''
2022-10-01 02:05:54  INFO

2022-10-01 02:05:55  INFO Order 'https://stica-dev.peeringhub.io/acme/order/D67985F16A8D49EEA8514870B4D90942'
  > expires: '2022-10-07T23:05:51Z'
  > TNAuthList: 'MAigBhYEODIwSg=='
  > OCN: '820J'
  > notBefore: 'n/a'
  > notAfter: 'n/a'
  > status: 'valid'
  > error: ''
  > authz: 'https://stica-dev.peeringhub.io/acme/authz/8962916A9CB74AF6BAB7953787B92599'
  > finalize: 'https://stica-dev.peeringhub.io/acme/order/D67985F16A8D49EEA8514870B4D90942/finalize'
  > certificate: 'https://stica-dev.peeringhub.io/acme/cert/1562B94280A04A76899AA6E467BEC01B'
2022-10-01 02:05:55  INFO

2022-10-01 02:05:55  INFO Certificate created
2022-10-01 02:05:55  INFO

2022-10-01 02:05:55  INFO Successfully issued a new End Entity certificate for 810K
2022-10-01 02:05:55  INFO

-----BEGIN CERTIFICATE-----
MIIDFTCCArygAwIBAgIRANnA0y2rL9vePtscT/Edyy8wCgYIKoZIzj0EAwIwgYAx
CzAJBgNVBAYTAlVTMRcwFQYDVQQKDA5QZWVyaW5naHViIEluYzEiMCAGA1UECwwZ
Q2VydGlmaWNhdGlvbiBBdXRob3JpdGllczE0MDIGA1UEAwwrUGVlcmluZ2h1YiBJ
bmMgU0hBS0VOIEludGVybWVkaWF0ZSBDQSBERVYgMTAeFw0yMjEwMDEwOTA1NTZa
Fw0yMzEwMDEwOTA1NTZaMFQxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJBWjEQMA4G
A1UEBwwHUGhvZW5peDEMMAoGA1UECgwDSUNYMRgwFgYDVQQDDA9JQ1ggU0hBS0VO
IDgyMEowWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQl6Llcx1C9nyCg9OvOWJhj
dfbTyyU2jcyIHFaSr/62Fy8iP9TZV6nkILbE2vFtondqqIc1Tcd42nwxprG1gDv5
o4IBQDCCATwwDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYE
FAr1Mn8Um8BY5l48bgu470CExKY0MB8GA1UdIwQYMBaAFCLedT7UXghq/wEc6n3j
xzlTQpcFMBcGA1UdIAQQMA4wDAYKYIZIAYb/CQEBATAWBggrBgEFBQcBGgQKMAig
BhYEODIwSjCBqgYDVR0fBIGiMIGfMIGcoD6gPIY6aHR0cHM6Ly9hdXRoZW50aWNh
dGUtYXBpLXN0Zy5pY29uZWN0aXYuY29tL2Rvd25sb2FkL3YxL2NybKJapFgwVjEU
MBIGA1UEBwwLQnJpZGdld2F0ZXIxCzAJBgNVBAgMAk5KMRMwEQYDVQQDDApTVEkt
UEEgQ1JMMQswCQYDVQQGEwJVUzEPMA0GA1UECgwGU1RJLVBBMAoGCCqGSM49BAMC
A0cAMEQCIH9Jna1FOmHK6FIsZZcaoHdyV/AT9Q544EY7V8sgYPLCAiAhC7kQOIFn
M97IAsN6phEKvgs0+lLHbYon5Mm3gx8X3w==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDHzCCAsSgAwIBAgIQcuK74nt/PaLZWsRJjaJ2KTAKBggqhkjOPQQDAjB2MQsw
CQYDVQQGEwJVUzEXMBUGA1UECgwOUGVlcmluZ2h1YiBJbmMxIjAgBgNVBAsMGUNl
cnRpZmljYXRpb24gQXV0aG9yaXRpZXMxKjAoBgNVBAMMIVBlZXJpbmdodWIgSW5j
IFNIQUtFTiBST09UIENBIERFVjAeFw0yMjA0MjUyMzQ4MjBaFw0zMjA0MjIyMzQ4
MjBaMIGAMQswCQYDVQQGEwJVUzEXMBUGA1UECgwOUGVlcmluZ2h1YiBJbmMxIjAg
BgNVBAsMGUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxNDAyBgNVBAMMK1BlZXJp
bmdodWIgSW5jIFNIQUtFTiBJbnRlcm1lZGlhdGUgQ0EgREVWIDEwWTATBgcqhkjO
PQIBBggqhkjOPQMBBwNCAARydOBhM+X8nK9TqzW57TVn+ulVnSLWERRAlYCWQGkA
jMBsmQYI5Aw3ULim76WEzyZUJKOyCYLPcyaiqKa7It/Qo4IBJzCCASMwDgYDVR0P
AQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFCLedT7UXghq/wEc
6n3jxzlTQpcFMB8GA1UdIwQYMBaAFCdr86ngPMbyxZYnJzBTcRR6B5CvMBcGA1Ud
IAQQMA4wDAYKYIZIAYb/CQEBATCBpgYDVR0fBIGeMIGbMIGYoDqgOIY2aHR0cHM6
Ly9hdXRoZW50aWNhdGUtYXBpLmljb25lY3Rpdi5jb20vZG93bmxvYWQvdjEvY3Js
olqkWDBWMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTkoxFDASBgNVBAcMC0JyaWRn
ZXdhdGVyMQ8wDQYDVQQKDAZTVEktUEExEzARBgNVBAMMClNUSS1QQSBDUkwwCgYI
KoZIzj0EAwIDSQAwRgIhAKuc7n7u9ukR+BnJFtNUt3y0nAsxaBjZ06CWfneMmtvp
AiEA//1yCI+VNLXLnmutrq83R3x3m8bJnobZj7A0/PM3ZQI=
-----END CERTIFICATE-----
```

{% endcode %}

### Host Stir/Shaken Certificate in a CR

You need to store this following part of the result from the new\_order command to a file:

```
-----BEGIN CERTIFICATE-----
MIIDFTCCArygAwIBAgIRANnA0y2rL9vePtscT/Edyy8wCgYIKoZIzj0EAwIwgYAx
CzAJBgNVBAYTAlVTMRcwFQYDVQQKDA5QZWVyaW5naHViIEluYzEiMCAGA1UECwwZ
Q2VydGlmaWNhdGlvbiBBdXRob3JpdGllczE0MDIGA1UEAwwrUGVlcmluZ2h1YiBJ
bmMgU0hBS0VOIEludGVybWVkaWF0ZSBDQSBERVYgMTAeFw0yMjEwMDEwOTA1NTZa
Fw0yMzEwMDEwOTA1NTZaMFQxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJBWjEQMA4G
A1UEBwwHUGhvZW5peDEMMAoGA1UECgwDSUNYMRgwFgYDVQQDDA9JQ1ggU0hBS0VO
IDgyMEowWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQl6Llcx1C9nyCg9OvOWJhj
dfbTyyU2jcyIHFaSr/62Fy8iP9TZV6nkILbE2vFtondqqIc1Tcd42nwxprG1gDv5
o4IBQDCCATwwDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYE
FAr1Mn8Um8BY5l48bgu470CExKY0MB8GA1UdIwQYMBaAFCLedT7UXghq/wEc6n3j
xzlTQpcFMBcGA1UdIAQQMA4wDAYKYIZIAYb/CQEBATAWBggrBgEFBQcBGgQKMAig
BhYEODIwSjCBqgYDVR0fBIGiMIGfMIGcoD6gPIY6aHR0cHM6Ly9hdXRoZW50aWNh
dGUtYXBpLXN0Zy5pY29uZWN0aXYuY29tL2Rvd25sb2FkL3YxL2NybKJapFgwVjEU
MBIGA1UEBwwLQnJpZGdld2F0ZXIxCzAJBgNVBAgMAk5KMRMwEQYDVQQDDApTVEkt
UEEgQ1JMMQswCQYDVQQGEwJVUzEPMA0GA1UECgwGU1RJLVBBMAoGCCqGSM49BAMC
A0cAMEQCIH9Jna1FOmHK6FIsZZcaoHdyV/AT9Q544EY7V8sgYPLCAiAhC7kQOIFn
M97IAsN6phEKvgs0+lLHbYon5Mm3gx8X3w==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDHzCCAsSgAwIBAgIQcuK74nt/PaLZWsRJjaJ2KTAKBggqhkjOPQQDAjB2MQsw
CQYDVQQGEwJVUzEXMBUGA1UECgwOUGVlcmluZ2h1YiBJbmMxIjAgBgNVBAsMGUNl
cnRpZmljYXRpb24gQXV0aG9yaXRpZXMxKjAoBgNVBAMMIVBlZXJpbmdodWIgSW5j
IFNIQUtFTiBST09UIENBIERFVjAeFw0yMjA0MjUyMzQ4MjBaFw0zMjA0MjIyMzQ4
MjBaMIGAMQswCQYDVQQGEwJVUzEXMBUGA1UECgwOUGVlcmluZ2h1YiBJbmMxIjAg
BgNVBAsMGUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxNDAyBgNVBAMMK1BlZXJp
bmdodWIgSW5jIFNIQUtFTiBJbnRlcm1lZGlhdGUgQ0EgREVWIDEwWTATBgcqhkjO
PQIBBggqhkjOPQMBBwNCAARydOBhM+X8nK9TqzW57TVn+ulVnSLWERRAlYCWQGkA
jMBsmQYI5Aw3ULim76WEzyZUJKOyCYLPcyaiqKa7It/Qo4IBJzCCASMwDgYDVR0P
AQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFCLedT7UXghq/wEc
6n3jxzlTQpcFMB8GA1UdIwQYMBaAFCdr86ngPMbyxZYnJzBTcRR6B5CvMBcGA1Ud
IAQQMA4wDAYKYIZIAYb/CQEBATCBpgYDVR0fBIGeMIGbMIGYoDqgOIY2aHR0cHM6
Ly9hdXRoZW50aWNhdGUtYXBpLmljb25lY3Rpdi5jb20vZG93bmxvYWQvdjEvY3Js
olqkWDBWMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTkoxFDASBgNVBAcMC0JyaWRn
ZXdhdGVyMQ8wDQYDVQQKDAZTVEktUEExEzARBgNVBAMMClNUSS1QQSBDUkwwCgYI
KoZIzj0EAwIDSQAwRgIhAKuc7n7u9ukR+BnJFtNUt3y0nAsxaBjZ06CWfneMmtvp
AiEA//1yCI+VNLXLnmutrq83R3x3m8bJnobZj7A0/PM3ZQI=
-----END CERTIFICATE-----
```

This file would be your Stir/Shaken certificate.  You will also need to host your certificate to a Certificate Repository.  A Certificate Repository can be deployed using AWS S3 or Google Storage service.&#x20;
