SSL Certificate Installation Guides

Now that you have received your EBIZID SSL Certificate the next step in the process is to install your SSL certificate, we have provided detailed installation instructions below and tried to make the process as easy and as simple as possible.

Click on the tab below for your server type to view detailed certificate installation procedures, if your server type is not listed please enter a support ticket for further assistance.

Please click on a menu below for your server type

 

Colapse Windows

Apache with Mod SSL

JavaScript tools

Installing your Certificate on Apache Mod_SSL / OpenSSL








Step One: Copy your certificate to a file on your apache server

You will receive an email from EBIZID with the certificate in the email. The certificate will be called 'yourDOMAINNAME.crt' and will be within a *.zip file you have received as an email from us.

Your certificate is also available for download from within the client administration center.

When viewed in a text editor, your certificate will look something like this:

-----BEGIN CERTIFICATE-----
MIAGCSqGSIb3DQEHAqCAMIACAQExADALBgkqhkiG9w0BBwGggDCCAmowggHXAhAF
UbM77e50M63v1Z2A/5O5MA0GCSqGSIb3DQEOBAUAMF8xCzAJBgNVBAYTAlVTMSAw
(.......)
E+cFEpf0WForA+eRP6XraWw8rTN8102zGrcJgg4P6XVS4l39+l5aCEGGbauLP5W6
K99c42ku3QrlX2+KeDi+xBG2cEIsdSiXeQS/16S36ITclu4AADEAAAAAAAAA
-----END CERTIFICATE-----

Copy your Certificate into the same directory as your Private Key. In this example we will use '/etc/ssl/crt/'. The private key used in the example will be labeled 'private.key' and the public key will be 'yourDOMAINNAME.crt'.



Note: It is recommended that you make the directory that contains the private key file only readable by root.

Step Two: Install the Root and Intermediate Certificates

You will need to install the Root and Intermediate CA certificates in order for browsers and devices to trust your certificate. The Root and Intermediate CA certificates are contained within the 'ca-bundle' file that was attached to your email in the *.zip file we sent you (this should be named 'yourSERVERNAME.ca-bundle'). In the relevant 'Virtual Host' section for your site, you will need to do the following to get this file correctly referenced:

a. First, copy the 'yourSERVERNAME.ca-bundle' file to the same directory as the certificate and key files. As a reminder, in this example we called the directory '/etc/ssl/crt/'.

b. Next, add the following line to the SSL section of the 'httpd.conf' file. Again we assume that '/etc/ssl/crt/' is the directory to where you have copied the intermediate CA file. If the line already exists amend it to read the following:

SSLCertificateChainFile /etc/ssl/crt/yourSERVERNAME.ca-bundle

c. If you are using a different location and different certificate file names, you will need to change the path and filename to reflect the path and filename that you are using. The SSL section of the updated config file should now read:

SSLCertificateFile /etc/ssl/crt/yourDOMAINNAME.crt
SSLCertificateKeyFile /etc/ssl/crt/private.key
SSLCertificateChainFile /etc/ssl/crt/yourSERVERNAME.ca-bundle
***

d. Save your 'config' file and restart Apache.

*** For Apache 1.x: Please use: SSLCACertificateFile /etc/ssl/crt/yourSERVERNAME.ca-bundle

Note: The SSL configuration file will always be referenced in the apache config file if the configuration is not included in it. Look for the lines starting 'include', which is the directive for including other files etc. For example, depending on the distribution, it might be called ssl.conf, httpd-ssl.conf etc

MicroSoft IIS 4.x

JavaScript tools

Installing your IIS SSL Certificate on Microsoft IIS 4.x






Step 1. Install the Server file certificate using Key Manager

Go to Key Manager.

Install the new IIS SSL Server certificate by clicking on the key in the www directory (usually a broken key icon with a line through it), and select "Install Key Certificate".

Enter the Password.

When you are prompted for bindings, add the IP and Port Number. "Any assigned" is acceptable if you do not have any other IIS SSL certificates installed on the web server.
Note: Multiple certificates installed on the same web server will require a separate IP Address for each because SSL does not support host headers.

Go to the Computers menu and select the option "Commit Changes", or close Key Manager and select "Yes" when prompted to commit changes.

The new IIS SSL Server certificate is now successfully installed.

Back up the Key in Key Manager by clicking on Key menu> Export -> Backup File. Store the backup file on the hard drive AND off the server.

Step 2: Installing the Root & Intermediate Certificates:

Your IIS SSL Certificate will have been emailed to you. The email will also contain two other Certificates: the ROOT certificate andIntermediate CA certificate .Save these Certificates to the desktop of the web server machine.

It is essential that you have installed these two Certificates on the machine running IIS 4. You may also download them from the support section of the website:

Once you have installed the Certificates, restart the machine running IIS 4. You must now complete one of the following procedures - the procedure you follow is dependent on the Service Pack that has been implemented on your machine running IIS4.

Service Pack 3:
Install the above certificates in your Internet Explorer by opening each certificate and clicking "Install Certificate". (see Microsoft Knowledge Base Q216339).

Service Pack 4:
Install the above certificates manually in a specific root store (you may also want to read (see Microsoft Knowledge Base Q194788):

  • Install the Rootcertificate by double clicking on the corresponding file this will start an installation wizard

  • select Place all certificates in the following store and click browse

  • select Show physical stores

  • select Trusted Root Certification Authorities

  • select Local Computer, click OK

  • back in the wizard, click Next, click Finish

Repeat the same for the Intermediate CA Certificatehowever choose to place the certificates in the Intermediate Certification Authoritiesstore.

Service Pack 5:
Same as SP4.

Service Pack 6:
Same as SP5.

Reboot the web server to complete the installation.

 

MicroSoft IIS 5.x and 6.x

JavaScript tools

Installing your IIS SSL Certificate on Microsoft IIS 5.x / 6.x






1. Select Administrative Tools

2. Start Internet Services Manager

IIS 6 CSR Instructions 1

3. Open the properties window for the website the CSR is for. You can do this by right clicking on the Default Website and selecting Properties from the menu

4. Open Directory Security by right clicking on the Directory Security tab

IIS 6 CSR Instructions 3

5. Click Server Certificate . The following Wizard will appear:

IIS 6 CSR Instructions 4

6. Choose to Process the Pending Request and Install the Certificate. Click Next

7. Enter the location of your IIS SSL certificate (you may also browse to locate your IIS SSL certificate), and then click Next

8. Read the summary screen to be sure that you are processing the correct certificate, and then click Next

9. You will see a confirmation screen. When you have read this information, click Next

10. You now have an IIS SSL server certificate installed

Important: You must now restart the computer to complete the install

MicroSoft IIS 5.x and 6.x Backing Up

JavaScript tools

Backing up the private key of the pending request



Click the Start Button, select Run, type mmc and select OK

MMC

Click File and select Add/Remove Snap in

MMC 1

Select Add

MMC 2

Select Certificates from the Add Standalone Snap-in box and click Add

MMC 3

Select Computer Account (NOTE: This step is very important. It must be the computer account and no other account) and click Next

MMC 4

Select Local Computer and select Finish

MMC 5

Close the Add Standalone Snap-in box, click OK in the Add/Remove Snap in
Return to the MMC


Look for a folder named Request or Certificate Enrolment Requests. Under this folder, you can see the Certificates folder. You can see the corresponding key for the certificate request key that you made earlier.

Select the key that you want to back up.

Right-click the key, click All Tasks, and then click Export.

IIS Backup Main

When the Certificate Export Wizard starts, click Next on the Welcome page.

IIS Backup 1

Select Yes, export the private key, and then click Next.

IIS Backup 2


On the Export File Format page, accept the default settings, and then click Next. Note that Enable strong protection (requires IE 5.0, NT 4.0 SP4 or above) is selected.

IIS Backup 3


Type and confirm a password for the private key, and then click Next.

IIS Backup 4


On the File to Export page, save the key (which is a .pfx file) on a set location, and then click Next. It is important to make a copy of the private key that does not reside on the actual server in case the server crashes.

IIS Backup 5

Click Finish. You receive a message that states that the export was successful.

IIS Backup 6

Note : If you do not have the backup of the private key of the pending request, you must make a new certificate request, because there is no way to install the certificate for the corresponding request once it is removed or lost.

Import the backup copy of the private key of the pending request



If you have a backup copy of the private key of the pending request, follow these steps to import the private key:

Click the Start Button, select Run, type mmc and select OK

MMC

Click File and select Add/Remove Snap in

MMC 1

Select Add

MMC 2

Select Certificates from the Add Standalone Snap-in box and click Add

MMC 3

Select Computer Account (NOTE: This step is very important. It must be the computer account and no other account) and click Next

MMC 4

Select Local Computer and select Finish

MMC 5

Close the Add Standalone Snap-in box, click OK in the Add/Remove Snap in
Return to the MMC.

Look for a folder named Request or Certificate Enrolment Requests. Under this folder, you can see the Certificates folder.

Right-click the Certificates folder, click All Tasks, and then click Import.

IIS Restore Main

When the Certificate Import Wizard starts, click Next.

IIS Restore 1


Locate and select the private key (.pfx) file of the pending request that you backed up, and then click Next.

IIS Restore 2


Type the password for the private key (this is the password that you specified when you backed up the private key for the pending request), and then select Mark the Private key as exportable. Click Next.

IIS Restore 3


Select Place all certificates in the following store. Make sure that the default certificate store is REQUEST, and then click Next.

IIS Restore 4


On the Completing the Certificate Import Wizard page, click Finish. You receive a message that tells you that the import was successful.

IIS Restore 5


The private key of your pending request is now restored.


MicroSoft IIS 7.x

JavaScript tools

Certificate Installation: IIS 7.x






1. Open Internet Information Services Manager (IISM) to the appropriate Server
Start -> Administrative Tools -> IISM -> Server Name

2. Open the Server Certificates icon.

ISMOpenCerts

3. Open 'Complete Certificate Request' Wizard

CompleteCertReq

From the 'Actions' Menu on the left select 'Complete Certificate Request'

4. Proceed to Complete Certificate Request' Wizard

CompleteCertReqWiz

Fill out all appropriate information. You may need to browse to the location of the certificate or you may enter it in the provided box. The friendly is not part of the certificate itself, but is used by the server administrator to easily distinguish the certificate.

Note: There is a known issue in IIS 7 giving the following error: "Cannot find the certificate request associated with this certificate file. A certificate request must be completed on the computer where it was created." You may also receive a message stating "ASN1 bad tag value met". If this is the same server that you generated the CSR on then, in most cases, the certificate is actually installed. Simply cancel the dialog and press "F5" to refresh the list of server certificates. If the new certificate is now in the list, you can continue with the next step. If it is not in the list, you will need to reissue your certificate using a new CSR (see our CSR creation instructions for IIS 7). After creating a new CSR, login to your Comodo account and click the 'replace' button for your certificate.

Assign to Website



1. Navigate back to the root of the appropriate website. The center of the window should say "Default Website Home" or whatever the name of the website is.

2. Select 'Bindings' from the 'Edit Site' sub menu.

SiteBindingsIIS7


3. Add Port 443



In the 'Site Bindings' window, click 'Add'. This will open the 'Add Site Binding' window.




Under 'Type' choose https. The IP address should be the IP address of the site or All Unassigned, and the port over which traffic will be secured by SSL is usually 443. The 'SSL Certificate' field should specify the certificate that was installed using the above steps.

Click 'OK' to save changes.

Note: There may already be an 'https' entry in this area. If so, click 'https' to highlight it. Then click 'Edit' and in the 'SSL certificate' area select the friendly name that was generated earlier. Click 'OK' to save changes.

WebSiteBindingsSSL

Click 'OK' on the 'Web Site Bindings' Window to complete the install.

Important: You must now restart IIS / the website to complete the install of the certificate.

Cpanel

cPanel Logo

Certificate Installation: WHM/cPanel 11













These instructions show how to install your certificate through the end user cPanel Control Panel.
You may need to contact your web host to have them enable the SSL Manager on your account.

1. Login to the cPanel 'Control Panel'

2. Click SSL/TLS Manager under the Security section.



3. Click on Generate, view, upload or delete SSL Certificates in the 'Certificates' section.



4. Import Domain/End Entity Certificate.

a. Copy and Paste the contents of 'yourDomainName.crt' into the text box labeled 'Paste the crt below' in the 'Upload a New Certificate' section.
- or -
b. Click 'Browse' and navigate to 'yourDomainName.crt' and then click 'Upload'.



5. Click Go Back.



6. Scroll down to the bottom of the page and click on Return to SSL Manager.



7. Click on Setup a SSL Certificate to work with your site.




8. Select the domain you are using from the Domain drop-down menu. The system will attempt to fetch the SSL Certificate and Private Key for you.
Note: You do have the option to copy and paste these files into their appropriate boxes at this time.

9. In the box labled CA Bundle, paste the contents of the CA Bundle file that was provided.

cPanel11 CA Bundle
10. Click on Install Certificate.

The certificate is now added to your server and assigned to the domain.

Ensim

cPanel Logo

Installing your Certificate on Apache via Ensim Webappliance 3.1.x

















Step one: Loading the Site Certificate

You will receive an email from EBIZID with the certificate in the email (yourdomainname.crt). When viewed in a text editor, your certificate will look something like:

-----BEGIN CERTIFICATE-----
MIAGCSqGSIb3DQEHAqCAMIACAQExADALBgkqhkiG9w0BBwGggDCCAmowggHXAhAF
(.......)
K99c42ku3QrlX2+KeDi+xBG2cEIsdSiXeQS/16S36ITclu4AADEAAAAAAAAA
-----END CERTIFICATE-----

Copy your Certificate into the directory that you will be using to hold your certificates. In this example we will use /etc/ssl/crt/. Both the public and private key files will already be in this directory. The private key used in the example will be labelled private.key and the public key will be yourdomainname.crt.

It is recommended that you make the directory that contains the private key file only readable by root.

Login to the Administrator console and select the site that the certificate was requested for.

Select Services, then Actions next to Apache Web Server and then SSL Settings. There should already be a 'Self Signed' certificate saved.

Self Signed

Select 'Import' and copy the text from the yourdomainname.crt file into the box

Import

Select 'Save', the status should now change to successful.

The status should now change to successful

Logout, do not select delete as this will delete the installed certificate.

Step two: Install the Intermediate

You will need to install the Intermediate CA certificate in order for browsers to trust your certificate. As well as your SSL two other certificates are also attached to the email from EBIZID. You will need to install the intermediate CA certificate.

In the Virtual Host settings for your site, in the virtual site file, you will need to add the following SSL directives. This may be achieved by:

1. Copy the intermediate CA file to the same directory as the certificate.

2. Add the following line to the virtual host file under the virtual host domain for your site (assuming /etc/ssl/crt is the directory mentioned in 1.), if the line already exists amend it to read the following:

SSLCertificateChainFile /etc/ssl/crt/ca.txt

If you are using a different location and certificate file names you will need to change the path and filename to reflect this.
The SSL section of the updated virtual host file should now read similar to this example (depending on your naming and directories used):

SSLCertificateFile /etc/ssl/crt/yourdomainname.crt
SSLCertificateKeyFile /etc/ssl/crt/private.key
SSLCertificateChainFile /etc/ssl/crt/ca.txt

Save your virtual host file and restart Apache.
You are now all set to start using your EBIZID certificate with your Apache Ensim configuration




IBM Web Server

IBM Server

Installing your Certificate on a IBM HTTP Server











Using IKEYMAN for Certificate Installation

In addition to the certificate for your server we will send an 2 additional certificates, the Intermediate CA Certificate (the Comodo chain certificate) and a Root CA Certificate. Before installing the server certificate, install both of these certificates. Follow the instructions in 'Storing a CA certificate'.

Note: If the Comodo CA root is not in the key database, you must first store the CA certificate and designate the CA as a trusted CA. Then you can receive your CA-signed certificate into the database. For instructions see 'Storing a CA certificate'.

Storing the CA Certificate:

  • Enter IKEYMAN on a command line on UNIX, or start the Key Management utility in the IBM HTTP Server folder on Windows.
  • Select Key Database File from the main User Interface, select Open.
  • In the Open dialog box, select your key database name. Click OK.
  • In the Password Prompt dialog box, enter your password and click OK.
  • Select Signer Certificates in the Key Database content frame, click the Add button.
  • In the Add CA Certificate from a File dialog box, select the certificate to add or use the Browse option to locate the certificate. Click OK.
  • In the Label dialog box, enter a label name and click OK..

Receive the CA-signed certificate into a key database:

  • Enter IKEYMAN on a command line on UNIX, or start the Key Management utility in the IBM HTTP Server folder on Windows.
  • Select Key Database File from the main User Interface, select Open.
  • In the Open dialog box, select your key database name. Click OK.
  • In the Password Prompt dialog box, enter your password, click OK.
  • Select Personal Certificates in the Key Database content frame and then click the Receive button.
  • In the Receive Certificate from a File dialog box, select the certificate file. Click OK.

IBM WebSphere

IBM

IBM WebSphere Advanced Single Server Edition 4.0









Installing a certificate chain
Before you can add your certificate into the keystore, you must first include the certificates chain. You must install the following public certificates:
Root AddTrustExternalCARoot.crt

PrimServer UTNAddTrustServerCA.crt

Starting ikeyman tool

You can add the certificates chain from the Signer Certificates screen as shown below:

CSR Generation with IBM WebSphere

Click on the Add button. A dialog box will appear where you have to enter the data, the Certificate file name (the certificate file you received) and its location. Once all of this information is entered click on OK.

Installing your site certificate

You can import the site certificate into your keystore easily. After opening the IBM Key Management console, please select the option 'Personal Certificates' in the drop down within the 'Key Database Content' area as shown in the following screen:

CSR Generation with IBM WebSphere

Once you've selected 'Personal Certificates', please click on the 'Receive' button. A dialog box will appear in which you must enter the data required, the certificate file name (the certificate file you received) and its location. Once all of this information is entered click 'OK'. This will configure your keystore correctly.

Enabling SSL
Once your keystore has been successfully configured with your certificate, you can enable SSL in WebSphere Application Server.

Java Based Web Servers

Java

Installing your Certificate on Java Based Web Servers











You will receive 3 files in a zip file from EBIZID.

These must be imported in the correct order:
Root
Intermediate CA
domain/site certificate

Please replace the example keystore name 'domain.key' with your keystore name

Use the keytool command to import the certificates as follows:
keytool -import -trustcacerts -alias root -file (ROOT CERTIFICATE FILE NAME) -keystore domain.key

Use the same process for the Comodo certificate using the keytool command:
keytool -import -trustcacerts -alias INTER -file (INTERMEDIATE CA FILE NAME) -keystore domain.key

Use the same process for the site certificate using the keytool command, if you are using an alias then please include the alias command in the string. Example:

keytool -import -trustcacerts -alias yyy (where yyy is the alias specified during CSR creation) -file domain.crt -keystore domain.key

EXAMPLE BELOW :

The password is then requested.
Enter keystore password: (This is the one used during CSR creation)
The following information will be displayed about the certificate and you will be asked if you want to trust it (the default is no so type 'y' or 'yes'):
Owner: CN= Root, O=Root, C=US
Issuer: CN=Root, O=Root, C=US
Serial number: 111111111111
Valid from: Fri JAN 01 23:01:00 GMT 1990 until: Thu JAN 01 23:59:00 GMT 2050
Certificate fingerprints:
MD5: D1:E7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58
SHA1: B6:GE:DE:9E:4C:4E:9F:6F:D8:86:17:57:9D:D3:91:BC:65:A6:89:64
Trust this certificate? [no]:

Then an information message will display as follows:
Certificate was added to keystore

All the certificates are now loaded and the correct root certificate will be presented.

 



When sending your CSR to EBIZID, you MUST copy and paste the entire CSR Request, including the beginning and ending lines as shown below.

-----BEGIN CERTIFICATE REQUEST-----
-----END CERTIFICATE REQUEST-----

Failure to do so will result in you having to resend your CSR in the correct format to EBIZID which will cause a prolonged delay in processing your order.
Backup the private key, as there is no means to recover it should it be lost. The private key is used as input in the command to generate a Certificate Signing Request (CSR). EBIZID will reissue certificates no more than 30 days from the time of purchase. If you do not backup your key and your server fails or other problems occur after the 30 days, you will then be required to purchase a new certificate. An ounce of prevention is all that is required to prevent this from happening.
If you are ordering a Wildcard Certificate, the Common Name field must be in the format of: * . yourdomain . com

Novell iChain Server

iChain

Installing your Certificate on Novell I-Chain








There are 2 possible views for installing your certificate, the alternative view is at the bottom of this page.

The first process is to create a combined file containing the intermediate and root certificates.
Open the intermediate certificate in Notepad.
Use 'Edit-Select All' then 'Edit-Copy'.
Open a new text file with Notepad and paste the contents of the intermediate certificate.
Open the root certificate in Notepad and Copy the entire contents.
Paste the contents of the root certificate into the new text document AFTER the intermediate certificate.
Save the new combined certificate

Open ConsoleOne and open the ICS container for the iChain server.
Open the certificate.

Novell I-Chain CSE Installation

Novell I-Chain CSE Installation

Select the 'Certificates' tab and press the "Import" button.
Click 'Read from file' and browse to the combined certificate created previously.
Press 'Next'.
Click 'Read from file' and browse to the new server certificate or paste it into the window supplied.
Click 'Finish' to install the certificate.

You may get an error stating that the subject in the certificate does not match the subject in the object (CSR). This will be due to additional OUs in the certificate. Accept the certificate anyway. If a validation is attempted on the certificate in ConsoleOne it will produce an error stating 'Unable to validate the certificate chain to a root certificate'.

On the iChain server click 'Apply'.
The certificate will be installed but will display an error stating '-1240 Certificate failed parsing - may need external certificate'.

Open the accelerator for the web site. The 'Certificate' drop down item in the Secure Exchange portion will now have the certificate available. Select the new certificate, click OK and then press 'Apply'.

When the Management display is refreshed the website will be secured with the new certificate.

Alternative View (Click image to enlarge)

Novell I-Chain CSE Installation

 

Novell ConsoleOne

ConsoleOne

Installing your Certificate on Novell ConsoleOne









To create a Certificate Signing Request (CSR) :

We will email you a zip file containing the following:

  • Root certificate

  • Intermediate CA certificate

  • server/domain certificate

The file must be in PKCS #7 format in order to be imported into a Server Certificate object. The file must contain all of the certificates to be imported into the object (the root-level CA certificate, the intermediate CA certificates, and the server certificate).

The method to view the subject is to double click the certificate that we sent you, then click on the 'Detail' tab and go to the 'Subject' area.

Steps to successfully install the Certificates:

  1. Import both the "Intermediate CA certificate" and "Root certificate" into Internet Explorer. Do this by double clicking on each of the certificates and choosing 'Import'.
    Note:/br>Please make sure they are imported into the correct stores -- the "Intermediate CA certificate" goes into the 'Intermediate' store, and the "Root certificate" goes into the 'Root' store.

  2. Double click the certificate that was signed by Comodo (which was the server/domain certificate you received from EBIZID), go to the 'Details' tab, then click on 'Copy to File'. Next, Select 'Cryptographic Message Syntax Standard - PKCS #7 Certificates (.P7B)' and select the 'Include all certificates in the certification path if possible' check box. Give it a file name, for example "c:\mycert". This step will put all three certificates -- the Trusted Root, Intermediate Root, and End Server Certificate -- into one certificate.

  3. Go to Console One and to the certificate that created the Certificate Signing Request (CSR). Go to the 'Public Key Certificate' Tab. Select 'Import', select 'No Trusted Root Certificate available', and then 'Next'. Import the Server Certificate that you created in step (2.) above which we gave the example name of "c:\mycert".

  4. After the import you should be able to validate the certificate and use the certificate.

  5. The certificate is now ready to use.

Lotus Domino 4.6x - 5.0x

Lotus

Installing your Certificate on a Lotus Domino Server versions 4.6x and up










For version 4.6x:

  • Installing the certificates on Lotus Domino Server requires the certificates to be merged into the Key Ring file.

    This process must be completed for both root certificates provided.

    • In Notes, from the administration panel, click System Databases and choose Open Domino Server Certificate Administration (CERTSRV.NSF) on the local machine.

    • Click Install trusted root Certificate into Key Ring (option 3).

    • Enter the file name for the Key Ring that will store this certificate. The Key Ring file was created when you created the server Certificate Signing Request.

    • Select the correct certificate file from the zip file that was sent to you by email.

    • Select File in the "Certificate Source" field. Enter the file name in the file name field.

    You will need to import the certificates in the below order

    1. Root Certificate (supplied in zip file)

    2. Intermediate CA Certificate (supplied in zip file)

    • Click "Merge Certificate into Key Ring."

    • Enter the password for the server key ring file and click OK to approve the merge.

    Once all of the root certificates are installed you will need to install the site certificate following the below instructions

    • Click Install Certificate into Key Ring (Option 4).

    • Enter the file name for the Key Ring that will store this certificate. The Key Ring file was created when you created the server Certificate Signing Request.

    • Detach the file from the email to your hard drive and unzip it.

    • Select File in the "Certificate Source" field. Enter the file name in the file name field.

    • Click "Merge Certificate into Key Ring."

    • Enter the password for the server key ring file and click OK to approve the merge.



    For additional information, refer to your server documentation.


Lotus Domino Go

Lotus

Lotus Domino Go 4.6.2.6+ Certificate Installation











IBM-Lotus Domino Go 4.6.2.6+ Certificate Installation

Installing your Web Server Certificate

Upon validation of your certificate order EBIZID will send you an email which contains your certificate files. You will need to save the attached zip file from the email we send you when we issue your certificate.

Extract the zip file to your desktop and open the files and rename and save each file as a text file to your desk top you can name this file "Server.txt".

Installing the Root and Intermediate Certificates

Create 2 text files. The first file should be the Root Certificate. Name this file "root.txt". The second file should be the Intermediate CA Name this file "inter.txt".

Note:Be sure to include the -----BEGIN CERTIFICATE----- line and the ------END CERTIFICATE----- line. < p password. the for prompted be will You keyfile.kyr). (usually file of name Type file. ring key existing an open to O Select mkkf typing by utility MKKF Start>

Note:If you start the 'mkkf' utility from the directory that contains your certificates you will not need to include the path.

Select R to receive a certificate into the Key Ring File
You will be prompted for the file name. Enter root.txt
Enter Root certificate name (the file name supplied on the file) for the label
Press 'Enter' to continue
Select W to work with Keys and Certificates
Select L to List/Select the key to work with
Find the entry you made above (the file name supplied on the file) and select S to select this menu
Select T to mark this as a 'Trusted' root
Select Y - Yes, to confirm this request
Press 'Enter' to return to the pervious menu
Select X to exit the menu

Repeat from 'Select R' using the Comodo Intermediate certificate
Substitute root.txt with intermediate.txt
Substitute Root certificate name (the file name supplied on the file) with Intermediate CA certificate name (the file name supplied on the file)

Installing your Web Server Certificate

From the main menu of the mkkf utility, select R to Receive a certificate into a Key Ring File
Enter the server certificate file name (eg. "server.txt")
Select W to Work with keys and certificates
Select L to List/Select the key to work with. Select N until you find the required file
Select S to Select this certificate
Select F to mark this key as the selected default key
Select X to exit this menu
Select C to Create a 'stash file' for the key ring
Note: This is an important step, which is often overlooked
Select X to exit the menu
Select Y - Yes, to save all changes to the key file and confirm the update

Enabling SSL on your Domino Go Web Server

Access the web server via your browser. Select 'Configuration and Administration Forms'
Scroll down to security. Select Security Configuration
Ensure 'Allow SSL connections using port 443' is selected
Ensure that the correct Key Ring file is listed
Apply the changes

You will then need to restart your Web Server

iPlanet Web Server 4.x - SunONE Application 6.x

Sun One

Installing your Certificate on on I-Planet Web Server






When you receive your certificates from Comodo there will be your site certificate (named yourdomain.crt) plus 2 others (a Root certificate and an intermediate CA certificate), these 2 must be installed as a certificate chain.

Sign onto the Webserver and select the server to manage.

Select the Security tab and then Install Certificate.

  • Open the Root in a text editor.

Select Trusted Certificate Authority, enter the password and copy the text from the Root certificate to the Message Text box (including the BEGIN and END lines), then click OK.

Accept the certificate.

NOTE: Do not shutdown or restart the server until all steps have been completed.

Repeat the steps from * above using the text from the Intermediate CA certificate and select Server Certificate Chain.

For the site certificate again repeat the steps from * above, but this time choosing This Server instead of Server Certificate Chain. At this stage all the certificates are installed and SSL now needs to be activated.

Select the Preferences tab and then Encryption On/Off

.

Set encryption to 'On' and Port to 443, click OK, then Save and Apply.

Now shutdown and restart the server.




F5 Big IP

F5 Big IP Server

F5 Big IP Controller Certificate Installation









Installing certificates from the certificate authority
After you obtain an x509 certificate from a certificate authority for the SSL Accelerator, you must copy it onto each BIG-IP Controller in the redundant configuration. You can configure the accelerator with certificates using the Configuration utility or from the command line.

To install certificates using the Configuration utility
In the navigation pane, click Proxies. The Proxies screen opens.
On Proxies screen, click the Install SSL Certificate Request tab. The Install SSL Certificate screen opens.
In the Certfile Name box, type the fully qualified domain name of the server with the file extension .crt. If you generated a temporary certificate when you submitted a request to the certificate authority, you can select the name of the certificate from the drop down list. This allows you to overwrite the temporary certificate with the certificate from the certificate authority.
Paste the text of the certificate into the install SSL Certificate window. Make sure you include the BEGIN CERTIFICATE line and the END CERTIFICATE line.
Click the Write Certificate File button to install the certificate.

To install certificates from the certificate authority using the command line
Copy the certificate into the following directory on each BIG-IP Controller in a redundant system:

/config/bigconfig/ssl.crt/

Note:The certificate you receive should overwrite the temporary certificate generated by genkey or gencert.

If you used the genkey or gencert utilities to generate the request file, a copy of the corresponding key should already be in the following directory on the BIG-IP Controller:

/config/bigconfig/ssl.key/

To install the intermediate certificate using the command line
Copy the intermediate CA certificate into each BIG-IP Controller in a redundant system. Open the intermediate CA certificate sent to you in the zip file attached to your email with a text editor.
Cut and paste the entire text of the certificate, including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines, into a file named intermediate-ca.crt. Be careful not to include any leading or trailing whitespace before the beginning and ending hyphens.
Place the intermediate-ca.crt file in the directory /config/bigconfig/ssl.crt/
Note:The ssl.crt directory is used to store certificates and certificate authorities.

WARNING:In a redundant system, the keys and certificates must be in place on both controllers before you configure the SSL Accelerator. You must do this manually; the configuration synchronization utilities do not perform this function.

BEA Web Logic

BEW Web Logic Server

BEA Weblogic Certificate Signing Request (CSR) Generation









When you receive your certificates you need to store them in the mydomain directory.

Note: If you obtain a private key file from a source other than the Certificate Request Generator servlet, verify that the private key file is in PKCS#5/PKCS#8 PEM format.

To use a certificate chain, append the additional PEM-encoded digital certificates to the digital certificate that issued for the WebLogic Server (the intermediate CA certificate). The last digital certificate in the file chain will be the Root certificate that is self-signed. (example below:)

-----BEGIN CERTIFICATE-----
MIIB+jCCAWMCAgGjMA0GCSqGSIb3DQEBBAUAMEUxCzAJBgNVBAYTAlVTMRgwFgYD
.....(your Intermediate CA certificate).....
bW1EDp3zdHSo1TRJ6V6e6bR64eVaH4QwnNOfpSXY
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

MIIE0DCCA7igAwIBAgIQMKeebbHpGVqxyFDTln1j1TANBgkqhkiG9w0BAQUFADBv

.....(your Root CA certificate).....

WjEZgqr9NaoNZCZpyfZxPsOFYzoxLYEmJs3AJHxkhIHg6YQU

-----END CERTIFICATE-----

Configure WebLogic Server to use the SSL protocol, you need to enter the following information on the SSL tab in the Server Configuration window:
In the Server Certificate File Name field, enter the full directory location and name of the digital certificate for WebLogic Server.
In the Trusted CA File Name field, enter the full directory location and name of the digital certificate for Comodo who signed the digital certificate of WebLogic Server. In the Server Key File Name field, enter the full directory location and name of the private key file for WebLogic Server.
Use the following command-line option to start WebLogic Server. -Dweblogic.management.pkpassword=password where password is the password defined when requesting the digital certificate.

Storing Private Keys and Digital Certificates
Once you have a private key and digital certificate, copy the private key file generated by the Certificate Request Generator servlet and the digital certificate you received into the mydomain directory. Private Key files and digital certificates are generated in either PEM or Definite Encoding Rules (DER) format. The filename extension identifies the format of the digital certificate file. A PEM (.pem) format private key file begins and ends with the following lines, respectively:

-----BEGIN ENCRYPTED PRIVATE KEY-----
-----END ENCRYPTED PRIVATE KEY-----
A PEM (.pem) format digital certificate begins and ends with the following lines, respectively:
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

Note: Typically, the digital certificate file for a WebLogic Server is in one file, with either a .pem or .der extension, and the WebLogic Server certificate chain is in another file. Two files are used because different WebLogic Servers may share the same certificate chain.

The first digital certificate in the certificate authority file is the first digital certificate in the WebLogic Server's certificate chain. The next certificates in the file are the next digital certificates in the certificate chain. The last certificate in the file is a self-signed digital certificate that ends the certificate chain. A DER (.der) format file contains binary data. WebLogic Server requires that the file extension match the contents of the certificate file.

Note: If you are creating a file with the digital certificates of multiple certificate authorities or a file that contains a certificate chain, you must use PEM format. WebLogic Server provides a tool for converting DER format files to PEM format, and visa versa.

OS X Server 10.5 & 10.6

OS X Server

SSL Certificate Installation: Apple Mac OS X Server











1. Log into your server as root.
2. If it doesn't already exist on your server, create a folder with this name:
/etc/httpd/ssl.crt/
3. Copy the cert.crt into the folder.

b. Install your certificate

Important: Back up the certificate to a removable disk. It will save time if there is a server failure you can restore your certificate.

To enable SSL on the site follow the instructions below:
1. In Server Admin, click Web and choose Configure Web Service.
2. Make sure Enable SSL support is selected for the entire site.
3. Click Sites, then select the site where you plan to use the certificate, and click Edit.
4. Select Enable Secure Socket Layer (SSL)
5. Click Edit Certificate File and paste the text from your certificate file in the text field, then click Save.
6. Click Edit Key File and paste the text from your key file (mykey.key, set up earlier) in the text field, then click Save.
7. Press tab to move to the phrase field and type the pass phrase from your CSR in the text field, then click OK.
8. Set the location of the log file
9. Stop and then start Web service.

Note: Web Performance Cache is not compatible with SSL. You should not enable both Web Performance Cache and SSL for a specific site. Doing so keeps Apache from starting. For more information please view Mac OS X Server 10.2 and Later

SonicWall

SonicWall

SSL Certificate Installation: Dell SonicWall SSL Offloader






Chained Certificates

All SonicWALL SSL Offloaders support chained certificates. Once the certificates are unzipped into multiple certificates prior to importing into the SonicWALL SSL Offloader, the certificate will need to be imported using the chained certificate commands. The certificates will have a root certificate, and an intermediate CA certificate in addition to the server/domain certificate.

EXAMPLE - Instructions for using OpenSSL

Now that you have received the certificate, you will need to unzip the certificates up into the root, intermediate and the server certificates so that you can enter them into the SonicWALL SSL Offloader.

Start by unzipping the 3 certificates, you will only need the Intermediate CA file and your Site/Domain certificates.

Launch openssl.exe. This application was installed at the same time and in the same location as the SonicWALL configuration manager. You can also run the install and just install OpenSSL by choosing the 'Custom Installation' option.

Once launched, open the Intermediate CA file and Site/Domain certificates in a text editor

You will need to copy and paste the entire text including
-----BEGIN CERTIFICATE-----
and
-----END CERTIFICATE-----

The Site/Domain certificate is the server certificate.
The intermediate CA file is the intermediary certificate.

Save these files (e.g. C:\server.pem and C:\inter.pem)

Verify the certificate information with openssl:
x509 -in C:\server.pem -text
(and)
x509 -in :C\inter.pem -text

EXAMPLE - Setting Up the Chained Certificates

Now that you have the proper certificates, you start by loading the certificates into certificate objects. These separate certificate objects are then loaded into a certificate group. This example demonstrates how to load two certificates into individual certificate objects, create a certificate group, and enable the use of the group as a certificate chain. The name of the Transaction Security device is myDevice. The name of the secure logical server is server1. The name of the PEM-encoded, CA generated certificate is server.pem; the name of the PEM-encoded certificate is inter.pem. The names of the recognized and local certificate objects are trustedCert and myCert, respectively. The name of the certificate group is CACertGroup.

Start the configuration manager as described in the manual.

Attach the configuration manager and enter Configuration mode. (If an attach or configurationlevel password is assigned to the device, you are prompted to enter any passwords.)
inxcfg> attach myDevice
inxcfg> configure myDevice
(config[myDevice])>

Enter SSL Configuration mode and create an intermediary certificate named CACert, entering into Certificate Configuration mode. Load the PEM-encoded file into the certificate object, and return to SSL Configuration mode. (config[myDevice])> ssl
(config-ssl[myDevice])> cert myCert create
(config-ssl-cert[CACert])> pem inter.pem
(config-ssl-cert[CACert])> end
(config-ssl[myDevice])>

Enter Key Association Configuration mode, load the PEM-encoded CA certificate and private key files, and return to SSL Configuration mode.
(config-ssl[myDevice])> keyassoc localKeyAssoc create
(config-ssl-keyassoc[localKeyAssoc])> pem server.pem key.pem
(config-ssl-keyassoc[localKeyAssoc])> end
(config-ssl[myDevice])>

Enter Certificate Group Configuration mode, create the certificate group CACertGroup, load the certificate object CACert, and return to SSL Configuration mode.
(config-ssl[myDevice])> certgroup CACertGroup create
(config-ssl-certgroup[CACertGroup])> cert myCert
(config-ssl-certgroup[CACertGroup])> end
(config-ssl[myDevice])>

Enter Server Configuration mode, create the logical secure server server1,assign an IP address, SSL and clear text ports, a security policy myPol, the certificate group CACertGroup, key association localKeyAssoc, and exit to Top Level mode. (config-ssl[myDevice])> server server1 create
(config-ssl-server[server1])> ip address 10.1.2.4 netmask 255.255.0.0
(config-ssl-server[server1])> sslport 443
(config-ssl-server[server1])> remoteport 81
(config-ssl-server[server1])> secpolicy myPol
(config-ssl-server[server1])> certgroup chain CACertGroup
(config-ssl-server[server1])> keyassoc localKeyAssoc
(config-ssl-server[server1])> end
(config-ssl[myDevice])> end
(config[myDevice])> end
inxcfg>

Save the configuration to flash memory. If it is not saved, the configuration is lost during a power cycle or if the reload command is used.
inxcfg> write flash myDevice
inxcfg>

Resources

Additional documents and technical notes on SonicWALL SSL can be found online athttp://www.sonicwall.com/

 

Plesk

Plesk

InstantSSL Certificate Installation: Plesk 6









Uploading certificate parts

If you have already obtained a certificate containing private key and certificate part (and may be CA certificate), follow these steps to upload it:

  1. At the certificate repository page, click on the ADD button. You will be taken to the SSL certificate creation page.

  2. In the Upload certificate files section of the page, use the Browse button to locate the appropriate certificate file or a required certificate part.

  3. Click SEND FILE. This will upload your certificate parts to the repository.

You can upload an existing certificate in two ways:

  1. Choose a file from the local network and click on the SEND FILE button (.TXT files only).

  2. Type in or paste the certificate text and private key into the text fields and click on the SEND TEXT button.

Uploading a CA certificate

The Intermediate CA Certificate or Rootchain certificate is used to appropriately identify and authenticate the certificate authority, which has issued your SSL certificate. To upload your CA Certificate, follow these steps:

  1. At the certificate repository page, select a certificate from the list. You will be taken to the SSL certificate properties page.

  2. Use the Browse button, within the section related to the certificate uploading, to locate the appropriate Intermediate CA Certificate file.

  3. Click SEND FILE. This will upload your CA Certificate to the repository.

You can upload an existing certificate in two ways:

  1. Choose a file from the local network and click on the SEND FILE button (.TXT files only).

  2. Type in or paste the CA certificate text into the text field and click on the SEND TEXT button.

NOTE:When you add a certificate, it is not installed automatically onto the domain or assigned to an IP address, but only added to the Certificate repository. You can assign a certificate to an IP address at the Client's IP pool, at the IP aliasing management page, and during hosting creation on an exclusively granted IP.

Outlook Communication Server

Office Communication Server

Install SSL Certificate on Microsoft Office Communications Server 2007









Open the ZIP file containing your certificate. Copy your_domain_name.cer the Office Communications Server where you you generated the CSR.

1. On the server click Start, then Programs, then Administrative Tools, and then click Office Communications Server 2007.

2. Expand the snap-in until you find the Enterprise Edition Server.

3. Right click on the Office Communications Server where the CSR was generated previously, and click Certificates.

4. Click "Next", then chose to "Process the pending request and install the certificate".

5. Browse to your_domain_name.cer and click Next. This will install the certificate. You can view the certificate and close the certificate wizard.

Your SSL Certificate is now installed and ready to use.

For more information, see Microsoft's official Office Communications Server documentation

Alternative Validation Methods

JavaScript tools

Apache Mod SSL









There are 2 mechanisms for DCV:

    eMail-based DCV (Traditional)

  1. You will be sent an email to an administrative contact for your domain. The email will contain a unique validation code and link. Clicking the link and entering the code will prove domain control.

    Valid email addresses are:
    Any email address which our system can scrape from a port 43 whois check;

    The following generic admin type email addresses @ the domain for which the certificate is being applied:
    admin@
    administrator@
    postmaster@
    hostmaster@
    webmaster@

  2. HTTP-based DCV

  3. The CSR you submit to EBIZID will be hashed. The hash values are provided to you and you must create a simple plain-text file and place this in the root of your webserver and served over HTTP-only!

    The file and it's content should be as follows:
    http://yourdomain.com/<Upper case MD5 hash of CSR>.txt>

    Content (as a plain text file):

    <SHA1 hash of CSR>
    ebizidca.com

    Note: Serving the page over HTTPS or using an HTTP 302 redirect to an HTTPS will cause a failure of verification. Please use HTTP only for this procedure!



Code Signing Certificate Backup

The following process describes how to backup certificates and once you have completed this step click the link below this tab to covert yout your code signing certificate "Code Sign Certificate Converter"



1. Start Internet Explorer, select Tools, Internet Options, Content, Certificates

Code Sign Backup 1

2. On the Personal Certificates tab, select the certificate to export and Select Export

Code Sign Backup 2

3. When requested, select 'Yes, export the private key'
NOTE: the default is set to No, so will need changing

Code Sign 1

4. And 'Include all certificates in the certification path, if possible'

Code Sign 2

5. Type a password which you can remember later

Code Sign 4

6. Then select the 'save' location and give the file a name

Code Sign 5

7. Leave the 'Type' as 'Personal Information Exchange (*.pfx)'

Once finished the certificate and associated private key is saved as a pfx file

 

Can not export private key because the option is greyed out.

If you have successfully installed your certificate, however you wish to make a backup with the private key, if you do not have full admin rights, Windows will not allow it.
You must give your self access to the MachineKeys Folder:

Open Microsoft Windows Explorer.

Locate the "%SystemDrive%\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys" (assuming you have a clean install) folder.

There are several files located in this folder. Each file in this folder corresponds to a key container. Try to open each with Notepad.

If you receive an Access Denied error message when you try to open a file, open the properties of the file, and then take ownership of it. Reassign the Administrator account Full access.
Repeat step four for each file in this folder. You should then be able to start the System Attendant service.

If you cannot find the above folder, insure you can view hidden files and folders.

Note: This will only work for SSL certificates on Windows XP and lower. This also does not apply to e-mail certificates.

 


Code Sign Certificate Converter


Export Certificate with Private Key.

Use the export wizard with the following options:


  1. Export Private Key (Yes)

  2. DO NOT TICK include all certificates in the certification path if possible

  3. TICK enable strong protection

  4. DO NOT TICK delete private key

Prerequisite: OpenSSL 0.9.8 or better. OpenSSL 1.x preferred.

Note: If you are running Windows you may download OpenSSL here. Otherwise, you can find compiled binaries directly from the OpenSSL Website or consult your Operating System's package management feature.

Private Key (PVK)

  1. Extract your Private Key from the PFX/P12 file to PEM format.
    openssl pkcs12 -in PFX_FILE -nocerts -nodes -out PEM_KEY_FILE

    Note: The PFX/P12 password will be asked. This is the password you gave the file upon exporting it.

  2. Convert PEM Private Key to PVK format.

    OpenSSL 0.9.8 series:
    pvk -in PEM_KEY_FILE -topvk -out PVK_FILE

    OpenSSL 1.x series:
    openssl rsa -in PEM_KEY_FILE -outform PVK -pvk-strong -out PVK_FILE

    Note #1: In order to use pvk for OpenSSL 0.9.8 series, you must download PVK Transform

    Note #2: A PEM passphrase may be asked. This will be the password/passphrase that you will use to sign your code.


Software Publisher's Certificate (SPC)

  1. Extract Certificate from P12/PFX file.
    openssl pkcs12 -in PFX_FILE -nokeys -out CERT_PEM_FILE

  2. Convert Certificate to SPC format.
    openssl crl2pkcs7 -nocrl -certfile CERT_PEM_FILE -outform DER -out SPC_FILE

Note: If you have exported your certificate from another browser outside of IE, then please ensure in the CERT_PEM_FILE that ONLY your certificate exists or else code signing will NOT WORK!

Example Conversion

PVK
openssl pkcs12 -in my_pfx_file.pfx -nocerts -nodes -out rsa.pem
openssl rsa -in rsa.pem -outform PVK -pvk-strong -out mykey.pvk

SPC
openssl pkcs12 -in my_pfx_file.pfx -nokeys -nodes -out cert.pem
cert.pem-outform DER -out cert.spc



Code Sign 2

5. Type a password which you can remember later

Code Sign 4

6. Then select the 'save' location and give the file a name

Code Sign 5

7. Leave the 'Type' as 'Personal Information Exchange (*.pfx)'

Once finished the certificate and associated private key is saved as a pfx file

 

Can not export private key because the option is greyed out.

If you have successfully installed your certificate, however you wish to make a backup with the private key, if you do not have full admin rights, Windows will not allow it. You must give your self access to the MachineKeys Folder:

Open Microsoft Windows Explorer.

Locate the "%SystemDrive%\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys" (assuming you have a clean install) folder.

There are several files located in this folder. Each file in this folder corresponds to a key container. Try to open each with Notepad.

If you receive an Access Denied error message when you try to open a file, open the properties of the file, and then take ownership of it. Reassign the Administrator account Full access. Repeat step four for each file in this folder. You should then be able to start the System Attendant service.

If you cannot find the above folder, insure you can view hidden files and folders.

Note: This will only work for SSL certificates on Windows XP and lower. This also does not apply to e-mail certificates.

 


IMPORTANT

Now is a great time to remember to backup your certificate and private key!

BACK UP.

It is important that you make a backup of your Private Key and Certificate!

About 50% of our support requests involve questions about backing up or moving the certificate to a new server, the most important thing you can do during the CSR generation process is to backup and store your CSR, Private key and once you receive your permanent certificate from EBIZID is to store these on a CD or DVD or some other storage drive such as a USB device and keep these in a safe place.

You could also purchase the Certificate Vault Service from EBIZID which will ensure the safe keeping of your certificate should you move your server and loose your backup or in the instance of a catastrophic event.

Installing your new certificate requires a few steps, and should only take a few minutes in most cases. Please follow our instructions precisely as we have investigated and searched out the best procedures for installing your certificate for the server types you see in the right navigation column this page (Under SSL Installation), if your server type is not listed please contact support to find out if your server platform is supported.

General Installation Information

Before you can Order or install your SSL Certificate you will need to generate a CSR If you have not yet generated the CSR Please Proceed Here First

Basic SSL Installation Information EBIZID will send your certificate through email or you will need to pick up your certificate in your certificate download area which is located in the Client Services Center.

Once you have your certificate you will be required to either paste your certificate to a note pad or other text editor, You may name this file anything you wish, then upload or copy to a directory on your server, or you will be required to paste the certificate into a text box on your server which would be through a GUI or server interface program such as Cpanel, Ensim or Plesk.

When you are emailed your SSL certificates, two other certificates will also be attached to the email. you may also download these certificates individually or collectively as a bundled file below

Root and Intermediate Certificates
The root certificates will be attached with the zip file you receive in the issuance email or they can also be downloaded through your Client Administration Area. All certificates are included as part of the signed certificate package from EBIZID.
IIS Servers using the PKCS#7 format will only receive 1 certificate as a bundle.

Configurations
On some servers you will be required to modify the HTTPD.CONF file which you will need ROOT access to the server, or have your server administrator or hosting company do this for you.

IIS Servers
On most Windows IIS4 & IIS5 servers you will need to assign the port for which the SSL will secure, this port is typically port 443 as it is on most servers. This is the port that is assigned when you go to your domain using the HTTPS.

Restarting your Server
Remember once you have finished completing your certificate installation it is very important that you RESTART your server so that the new settings can take effect.

Each server type has its own procedures for installing a certificate so please follow the instructions for your server type carefully.

Support
Most information for installing your certificates can be found within this support section, if you have exhausted all of the support guides here and arestill having trouble installing your certificate you can contact our support department for installation help by logging a support ticket in the Client Services Center. When submitting a ticket please let us know any of the procedures you may have already have tried.