CREATE YOUR CSR AND OBTAIN CERTIFICATES VIA LET'S ENCRYPT
------------------------------------------------------------------------------
Systems Used: "Requirements" to make sure this tutorial works
a. Windows Server ( I am using 2019 )
b. Win-Acme Client ( ACMEv2 client for Windows)
c. GnuWin32 OpenSSL (Alternative you can install and use Linux Subsystem for Windows)
d. Of course - Poker Maven Pro or Gold
INSTALL POKER SOFTWARE
----------------------
Install your Briggsoft Poker Maven Software
INSTALL OPENSSL
---------------
1. Go to the website: http://gnuwin32.sourceforge.net/packages/openssl.htm
2. Download and install the "complete package, except sources" version.
3. Check for malware and viruses as normal
Note: I installed in the root right off of C:\ for ease of use during further steps
INSTALL WIN-ACME
----------------
1. Go to the website: https://www.win-acme.com/
2. From the download option on the menu choose trimmed.
3. Note: If you are on a 32-bit OS, the pluggable is recommended.
4. Check for malware and viruses as normal
5. Extract the contents of the zip by selecting the file and right-click --> Extract All
6. Copy the entire directory to the Program Files (x86)
Note: You can place it wherever you want.
MAKE SURE YOUR DNS ENTRY IS SETUP PROPERLY
------------------------------------------
Static IP:
If you have your own hosting provider and a static IP address, utilize whatever is necessary to have your
site's URL resolving correctly to your static IP address. This is beyond the scope of this tutorial because
of the limitless set of options.
Dynamic IP:
Most certicates are domain-name-based, so this should not be a problem...
Sign-up with a dynamic ip address service, there are free services offered for this.
I'm not promoting one over the other, so I will leave this up to you and your preferred
search engine to look it up and research.
How to set this up is (again) beyond the scope of this post because each service is different...
Basics
- Sign Up
- Choose DNS name
- Auto discover your IP address (usually a button or checkbox)
- Download an auto-renewal client.
- Etc.
WE ARE READY TO BEING, EVERYTHING IS IN PLACE
=============================================
CREATE NEW SSL CERTIFICATES
=============================================
FIRST CREATE A CERTIFICATE SIGNING REQUEST (CSR)
------------------------------------------------
Note: You can use Windows Server IIS Manager and create a CSR; however, with the necessity of a private
key, etc. : It just easier to use OpenSSL for everything. (see end of this post for extra instructions if
IIS is where you expect to create your CSR and you have a private key already.)
1. Open PowerShell as Administrator
2. Navigate to the GnuWin32 directory with the openssl binary: in our case
Code: Select all
C:\GnuWin32\bin
Code: Select all
$env:OPENSSL_CONF = "c:\GnuWin32\share\openssl.cnf"
4. Generate our private key...
I use a 4096 bit key, you can also use 2048 to avoid harder processor work on your system.
Code: Select all
.\openseel genrsa -out <your-site-name>.key 4096
Code: Select all
.\openssl.exe req -new -key <your-site-name>.key -out <your-site-name>.csr
6. Place our files in a common easy to access dedicated directory
- Open Explorer
- Navigate to C:\GnuWin32\bin\
- cut the .key and .csr file
- Naviage to C:\Documents\
- Create a directory \ssl-certs
- Paste our files into the ssl-certs directory
WE HAVE EVERYTHING CREATED WE NEED
TIME TO CREATE OUR CERTIFICATES
===================================
1. Start win-acme with administrator privileges.
- Go to the directory you unzipped the package into.
- Right-Click wacs.exe file... Run as Administrator.
M : Create new certificate (full options)
3 : CSR created by another program
Enter the full path to the file (including the .csr file)
Enter the full path to the key file (created in previous steps)
Accept the suggested friendly name
2 : [http-01] Serve verification files from memory
2 : PEM encoded files (Apache, nginx, etc.)
Enter the path to the location you want to save your pem files.
Code: Select all
c:\users\<your_user>\Documents\ssl-certs\
Choose 1 : IIS Central Certificate Store (.pfx domain)
Enter the path to the Central Certificate Store
Code: Select all
c:\users\<your_user>\Documents\ssl-certs\
2 : No (additional) store steps.
DONE! Your certificates should populate in the \ssl-certs directory
Code: Select all
= <your-site-name>.crt.pem
= <your-site-name>.key.pem
= <your-site-name>.chain.pem
PREPARE OUR POKER SERVER'S FRONT END WEBSITE (IF IIS)
=====================================================
1. Open Server Manager
2. Tools --> Internet Information Services (IIS) Manager (not 6.0 option)
3. From the Connections left side panel
4. Select the main server connection at the root (SERVER\whatever)
5. Server Certificates
6. From the right side menu --> Import
7. Navigate to your .pfx file
8. Password if you chose to add one (don't lose it)
9. Personal Store
Point our site to the certificate
---------------------------------
1. From the Connections left side panel
2. Under Sites
3. Choose your website
4. SSL settings
5. Require SSL checked
6. Ignore client certificates is fine
7. apply the settings from the right-side menu
8. Choose your website from left again
9. Right-Click and choose "edit binding"
10. Add
11. Type: HTTPS
12. IP address (All Unassigned) or whatever you need for your setup
13. Enter in the hostname (URL)
14. From the drop-down, select the certificate you imported.
15. Close
MOST IMPORTANT AND BEST PART!
APPLY OUR CERTIFICATES TO OUR POKER MAVEN SOFTWARE
==================================================
1. Open Poker Mavens
2. System Tab
3. Take the site off-line (Stop)
4. Choose the crt.pem for the certificate file
5. Choose the chain.pem for the root certificate file
6. Choose the key.pem for the key file
7. Bring the system back on-line (Start)
Hope this is helpful!
ConfigT
!enod