public async Task <ProcessStepResult> PerformCertificateRequestProcess(string primaryDnsIdentifier, string[] alternativeDnsIdentifiers, CertRequestConfig config) { // create our new certificate var orderContext = _currentOrders[config.PrimaryDomain]; //update order status var order = await orderContext.Resource(); // order.Generate() var csrKey = KeyFactory.NewKey(KeyAlgorithm.RS256); var csr = new CsrInfo { CommonName = config.PrimaryDomain }; //alternative to certes IOrderContextExtension.Finalize var builder = new CertificationRequestBuilder(csrKey); foreach (var authzCtx in await orderContext.Authorizations()) { var authz = await authzCtx.Resource(); if (!builder.SubjectAlternativeNames.Contains(authz.Identifier.Value)) { if (config.PrimaryDomain != $"*.{authz.Identifier.Value}") { //only add domain to SAN if it is not derived from a wildcard domain eg test.com from *.test.com builder.SubjectAlternativeNames.Add(authz.Identifier.Value); } } } // if main request is for a wildcard domain, add that to SAN list if (config.PrimaryDomain.StartsWith("*.")) { //add wildcard domain to san builder.SubjectAlternativeNames.Add(config.PrimaryDomain); } builder.AddName("CN", config.PrimaryDomain); /* foreach (var f in csr.AllFieldsDictionary) * { * builder.AddName(f.Key, f.Value); * }*/ if (string.IsNullOrWhiteSpace(csr.CommonName)) { builder.AddName("CN", builder.SubjectAlternativeNames[0]); } var certResult = await orderContext.Finalize(builder.Generate()); var pem = await orderContext.Download(); var cert = new CertificateInfo(pem, csrKey); var certFriendlyName = config.PrimaryDomain + "[Certify]"; var certFolderPath = _settingsFolder + "\\assets\\pfx"; if (!System.IO.Directory.Exists(certFolderPath)) { System.IO.Directory.CreateDirectory(certFolderPath); } string certFile = Guid.NewGuid().ToString() + ".pfx"; string pfxPath = certFolderPath + "\\" + certFile; System.IO.File.WriteAllBytes(pfxPath, cert.ToPfx(certFriendlyName, "")); return(new ProcessStepResult { IsSuccess = true, Result = pfxPath }); }