acme4j | Java client for ACME | TLS library
kandi X-RAY | acme4j Summary
kandi X-RAY | acme4j Summary
Java client for ACME (Let's Encrypt)
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
- Create a new Order
- Perform an OAuth request .
- Creates a JsonWebRequest .
- Create a new account .
- Creates a TLS certificate .
- Sign a key pair .
- Parses a string representing a timestamp .
- Returns a map of all service providers .
- Generate an ACME response .
- Returns a string representation of this problem .
acme4j Key Features
acme4j Examples and Code Snippets
Community Discussions
Trending Discussions on acme4j
QUESTION
Using the awesome library acme4j, I've created 3 files.
- domain.csr
- domain.key
- domain-chain.crt
The problem I have is when I convert those to a keystore.p12 I can't get Spring boot working with it. I've used the following command to create the keystore.p12 file:
...ANSWER
Answered 2019-May-02 at 22:59I'm not familiar with the configuration you're using, but I'd try to use key-store-password: secret in addition to key-password: secret (which you already have).
The Java keystore format (in general) allows for two passwords: one for the store, and one for the key itself.
For the p12 file you've generated, they should be the same. Whether both need to be specified depends on the tool that loads this configuration (some libraries would fall back on the keystore password if the key wasn't specified, for example).
If the store and key aren't unlocked, the certificate won't be in use, so it will try to use an anonymous cipher suite which is not advertised by the client and also likely to be disabled by default on the server.
QUESTION
I need to add a new Extension of OID 1.3.6.1.5.5.7.1.26 in my certificate. I got this OID extension in my certificate but with the following error:
Certificate Extensions: 10 [1]: ObjectId: 1.3.6.1.5.5.7.1.26 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 0C 30 0A 13 08 33 39 20 64 63 20 32 62 ..0...
39 dc 2b
I want this OID to be recognized similar to other extensions like AuthorityInfoAccess, etc.
Do I need to edit the jar of Bouncy Castle X509 class?
Im using ACME4j as a client and Letsencrypt Boulder as my server.
Here is the CSR Builder code for signing up the certificate.
...ANSWER
Answered 2017-Mar-28 at 12:58As the OID 1.3.6.1.5.5.7.1.26 is still a draft, I believe it's very unlikely that tools and systems like Let's Encrypt recognize this extension (they'll probably do it after this extension becomes official, and I really don't know the bureaucratic process behind such approvals).
Which means you'll probably have to code it. I've been using Bouncy Castle for a couple of years but never had to create a new ASN1 structure. But if I had to, I'd take a look at its source code as an initial guidance.
Considering the ASN1 structure of this extension:
QUESTION
I'm getting an error "Chain issues: Incorrect order, Extra certs" from https://www.ssllabs.com/ssltest/analyze.html?d=api.quotecrunchers.com when I test the SSL for my website.
I've built the https mechanism into a spring boot application using the following:
The acme4j library to communicate with the Let's Encrypt CA.
Java code to write the Let's Encrypt certificate to a java keystore.
Java code to cause the embedded Tomcat server to apply for a certificate from Let's Encrypt over HTTP and then restart using HTTPS once it has the certificate.
I'm planning on open sourcing this code once I've got it tidied up.
Currently though, I'm only achieving a B rating using ssllabs.com
See https://www.ssllabs.com/ssltest/analyze.html?d=api.quotecrunchers.com
There are several issues with my https, but the issue I am concerned about is where it says "Chain issues: Incorrect order, Extra certs".
Why am I getting this, and what should I be doing instead?
Any help is greatly appreciated!
...ANSWER
Answered 2018-Oct-17 at 15:03When one connects to your site, here is what is sent by it as seen by openssl s_client:
QUESTION
I have created a SSL certificate using acme client acme4j: https://github.com/shred/acme4j.
But while I'm generating a self signed certificate I'm facing an exception while parsing it. Here is the my generated certificate:
...ANSWER
Answered 2017-Apr-10 at 15:371.3.6.1.5.5.7.1.26 seems to be the OID for a Telephony Number (TN) Authorization List, which is only defined in a draft document (https://datatracker.ietf.org/doc/draft-ietf-stir-certificates/); BouncyCastle likely doesn't have a pretty printer for it, so it's showing you the raw encoded payload.
While I'm not an expert in telephony, I'm pretty sure that ('yuz8xxz', 'yuz8xxz') isn't a valid Service Provider Code list, and '123456'-'123456' is not a valid telephone number range. So it's pretty unclear what you're looking for with this certificate extension, and I'd be highly surprised if Let's Encrypt signed off on it.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install acme4j
You can use acme4j like any standard Java library. Please include the the jar files in your classpath. You can also use any IDE and you can run and debug the acme4j component as you would do with any other Java program. Best practice is to use a build tool that supports dependency management such as Maven or Gradle. For Maven installation, please refer maven.apache.org. For Gradle installation, please refer gradle.org .
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
