search

PKISharp / ACMESharpCore

An ACME v2 client library for .NET Standard (Let's Encrypt)
MIT License
325 stars 72 forks source link

Intermediate cert #44

Closed hognevevle closed 4 years ago

hognevevle commented 4 years ago

I'm experiencing a weird issue where in the example app, GetAsync(order.Payload.Certificate) will give me a PEM containing both the domain cert and the intermediate cert. However, in my real app, where I consume the ACMESharp nuget package, the PEM does not contain the intermediate cert. I might be missing something, but it seems really weird.

Does the payload from the ACME API contain both certs, or is there some special work being done inside ACMESharp in this area?

hognevevle commented 4 years ago

I definitely missed something :)

In my real app, I was doing the following:

                    var certBytes = await certResp.Content.ReadAsByteArrayAsync();

                    using (var x509Cert = new X509Certificate2(certBytes))
                    {
                        var pkiCert = PkiCertificate.From(x509Cert);

                        var certBuf = pkiCert.Export(PkiEncodingFormat.Pem);
                        var certString = Encoding.ASCII.GetString(certBuf);

                        [...] (At this point I was expecting to see the intermediate inside certString)
                    }

In this process, the intermediate cert was discarded. I see now, however, that it's indeed present in the ACME server response. so I need to go about this differently.

PEBCAK :)