This guide describes the process for setting up ACME Pro with the TRUSTZONE configured simple-acme client on Windows for IIS with a wildcard certificate. The validation used in this guide is manual pre-validation

1. To download the pre-configured client please go to tcp.trustzone.com and log into your account. Then go to the “ACME Pro” tab and select “IIS Server” to download to your server.

2. Start wacs.exe as Administrator

3. Press M to select “Create Certificate (Full options)”

4. To use pre-validation with simple-acme select “9: [any] Domain(s) are pre-authorized outside of simple-acme”.

5. You will then be asked to accept the Subscriber agreement. When the Subscriber agreement has been accepted you will need to input credentials from your TRUSTZONE ACME PRO account.

Please go to tcp.trustzone.com to find your credentials

6. Click “Select”

7. Double-click “6ab692b3d56fe120”

8. Click this icon.

Ensure that your credentials are still valid by looking at “Remaining Days”. If the Simple-acme client receives expired or incorrect credentials it will close without issuing the certificate

If your credentials are not valid please click the “Request a new MAC” to receive new credentials

9. The KEY ID corresponds to “Key Identifier” and the ACME MAC to your “Key (base64 encoded) in Simple-acme

10. After inputting your credentials you will now be able to get your wildcard certificate issued and you should see the client issue the certificate as the picture below.

After the issuance you will be asked if you want to specify the user the Scheduled Task uses to renew the wildcard certificate. If you do not have a specific service account you want to use for this purpose type “n”.

11. The wildcard certificate should now be available for use in IIS. Please go to your bindings an set them to the new wildcard certificate

12. Then ensure that the option “Automatic Rebind of Renewed Certificate” is enabled. This will ensure that when the wildcard certificate is renewed that all the bindings are updated as well