Wildcard SSL Certificate Installation

Wildcard SSL Certificate Export/Import Explained

Wildcard Certificate Installation Introduction

Wildcard SSL Certificates from DigiCert^TM come with a Free Unlimited Server License. This means that the Certificate can be installed on unlimited additional servers after the Certificate is initially installed on the first server.

The process of installing the same Wildcard Certificate on your servers requires the following steps:

1) Install the ssl certificate files to the server where the CSR was generated.
2) Export the ssl certificate files from the server to backup files ( include private key)
3) Import the ssl certificate files and private key to your additional servers and configure your sites to use them.

Exporting and Importing in Windows IIS Server

Exporting/Backing up your Certificate/Private Key in IIS (.pfx file format)

1.) Start > Run
2.) Type in MMC and click OK
3.) Go into the File Tab > select Add/Remove Snap-in...
4.) Click on Add > Double Click on Certificates and click on Add > OK
5.) Select Computer Account
6.) Select Local Computer
7.) Click the + to Expand the Certificates Console Tree
8.) Look for the Personal directory/folder and expand Certificates.
9.) Right Click on the Certificate you would like to backup and choose > ALL TASKS > Export
10.) Follow the Certificate Export Wizard to backup your certificate to a .pfx file
11.) Choose to 'Yes, export the private key'
12.) Choose to include all certificates in certificate path if possible. (do NOT select the delete Private Key option)
13.) Leave default settings > Enter Password (if required)
14.) Choose to save file on a set location
15.) Finish
16.) You will receive a message > Export Successful
17.) The .pfx file backup is now saved in the location you selected.
18.) If you have a CD-Rom burner we suggest that you backup the pfx file, a copy of the Intermediate Root Certificate (DigiCertCA.crt) & Root Certificate (TrustedRoot.crt) to a CD.

Importing your Certificate/Private Key in IIS (from .pfx file format)

1.) Start > Run
2.) Type in MMC and click GO
3.) Go into the Console Tab (or File) > select Add/Remove Snap-in
4.) Click on Add > Double Click on Certificates and click on Add > OK
5.) Select Computer Account
6.) Select Local Computer
7.) Click the + to Expand the Certificates Consol Tree
8.) Right click on the Personal Certificates Store (folder)
9.) Choose > ALL TASKS > Import
10.) Follow the Certificate Import Wizard to import your Primary Certificate from the .pfx file. When prompted, choose to automatically place the certificates in the certificate stores based on the type of the certificate.
11.) Close the MMC console. In the case that you are prompted, it is not necessary to save the changes made to the MMC console.
12.) In your IIS manager, right-click on the site that you would like to use the certificate and select properties.
13.) Click on the Directory Security Tab and hit the Server Certificate Button. This will start the server certificate wizard.
14.) If you are asked what you want to do with the current certificate on the site, choose to remove it, finish the wizard, and click the server certificate button to run the wizard again.
15.) Choose to 'Assign an existing certificate' to the site and choose the new certificate that you just imported.
16.) Finish the certificate wizard.
17.) Restart the server.

Importing an IIS .pfx file certificate into Apache or other non-Windows-based servers.

Most servers use plaintext certificate files. The certificate files that you download from your digicert account are already in this format. However, the private key that was generated on your IIS server is not yet in this format. This same private key is required for your certificate to function properly on your non-Windows-based server. To export the private key from the Windows IIS server to your non-windows-based machine, you must extract the private key from a Windows .pfx backup certificate. To do this you will use the OpenSSL utility to extract the private key from the .pfx backup file:

openssl pkcs12 -in mypfxfile.pfx -out outputfile.txt -nodes

where mypfxfile.pfx is the certificate backup from your IIS server.

3.) The above command would have created a text file named outputfile.txt. Open this file with a text editor and you will see the private key listed first:

-----BEGIN RSA PRIVATE KEY-----
(Block of Random Text)
-----END RSA PRIVATE KEY-----

Moving a Certificate from Apache to a Windows IIS Server.

To import your certificate to Windows, you will first need to combine your primary certificate, Intermediate (CA) Certificate, and your private key file into a .pfx type backup file. To do this, use the following command:

openssl pkcs12 -export -out DigiCertBackup.pfx -inkey your_private_key_file.txt -in your_domain_name.crt -certfile DigiCertCA.crt

This creates a backup of your primary certificate called DigiCertBackup.pfx. Copy this file to your IIS Server.

Moving a Certificate between iPlanet Servers.

After you have successfully installed the certificate to your first iPlanet Server, go to the directory for the alias (site) the certificate was installed to: [installDirectory]/alias -- Inside this directory you will find the files that contain the certificate and the private key. These files are usually named cert7.db and key3.db

Copy these files to a backup disk.

Installing your SSL Wildcard Certificate

How to install your Wildcard SSL Digital Certificate.

If you are ready to purchase your next Wildcard SSL Certificate, click the button ...