Use the DigiCert® Certificate Utility for Windows to create a CSR and
install your SSL certificate for your AWS instance

These instructions explain how to use the DigiCert® Certificate Utility for Windows to create your CSR and to install your SSL certificate.

DigiCert® Certificate Utility for Windows

For a simpler way to create your CSRs (Certificate Signing Requests) and install and manage your SSL certificates, we recommend that you use the DigiCert Certificate Utility. For more information about our utility, see DigiCert® Certificate Utility for Windows.

Use the instructions on this page to create your certificate signing request (CSR) and to install your SSL certificate.

If you don't have access to a Microsoft server or workstation, prefer not to use the DigiCert Utility, or for some reason cannot use the utility, see Amazon Web Services: Create CSR and Install SSL Certificate (OpenSSL).

 

I. DigiCert Utility: How to Create Your CSR

  1. On your Windows server/workstation, download and save the DigiCert® Certificate Utility for Windows executable (DigiCertUtil.exe).

  2. Run the DigiCert® Certificate Utility for Windows.

    Double-click DigiCertUtil.

  3. In the DigiCert Certificate Utility for Windows©, click SSL (gold lock), and then, click Create CSR.

    Utility Create CSR

  4. On the Create CSR page, enter the following information:

    Certificate Type: Select SSL.
     
    Common Name: Enter the fully qualified domain name (i.e. www.example.com).
    You may also enter the IP address.
     
    Subject Alternative If you are requesting a Multi-Domain (SAN) Certificate, enter any SANs that you want to include
    Names: (e.g., www.example.com, www.example2.com, and www.example3.net).
     
    Organization: Enter your company's legally registered name (e.g., YourCompany, Inc.).
     
    Department: (Optional) Enter the department within your organization that you want to appear on the SSL certificate.
     
    City: Enter the city where your company is legally located.
     
    State: In the drop-down list, select the state where your company is legally located.
    If your company is located outside the USA, you can enter the applicable name in the box.
     
    Country: In the drop-down list, select the country where your company is legally located.
     
    Key Size: In the drop-down list, select 2048.
     
    Provider: In the drop-down list, select Microsoft RSA SChannel Cryptographic Provider,
    unless you have a specific cryptographic provider.

    Enter CSR Details

  5. Click Generate.

  6. On DigiCert Certificate Utility for Windows© - Create CSR page, do one of the following, and then, click Close:

    Click Copy CSR. Copies the certificate contents to the clipboard.
    If you use this option, we recommend that you paste the CSR into a tool such as Notepad.
    If you forget and copy some other item, you still have access to the CSR, and you don't have to go back and recreate it.
     
    Click Save to File. Saves the CSR as a .txt file to the Windows server.
    We recommend that you use this option.

    Copy CSR

  7. Use a text editor (such as Notepad) to open the file. Then, copy the text, including the -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST----- tags, and paste it into the DigiCert order form.

    Ready to order your SSL certificate.

    Learn More Buy Now

  8. After you receive your SSL certificate from DigiCert, you can use the DigiCert Certificate Utility to install it.

 

II. AWS: Installing Your SSL Certificate

If you haven't created your CSR with the DigiCert Certificate Utility and ordered your SSL certificate, see DigiCert Utility: How to Create Your CSR.

To install your AWS SSL certificate, complete the steps below.

  1. Import your SSL certificate to your Windows server using the DigiCert® Certificate Utility for Windows.

    How to Import an SSL Certificate Using the DigiCert Certificate Utility

  2. Export the SSL certificate in Apache compatible format (separate .key and .crt files) using the DigiCert® Certificate Utility for Windows.

    How to Export an SSL Certificate in Apache Compatible Format Using the DigiCert Certificate Utility

  3. Upload and implement your SSL certificate using the AWS Management Console.

    AWS: Installing Your SSL Certificate

 

i. How to Import an SSL Certificate Using the DigiCert Certificate Utility

After DigiCert issues your SSL certificate, you can use the DigiCert Certificate Utility, to import the file to your Microsoft server/workstation.

  1. On the server/workstation where you created the CSR, save the SSL certificate .cer file (e.g., your_domain_com.cer) that DigiCert sent to you.

  2. Run the DigiCert® Certificate Utility for Windows.

    Double-click DigiCertUtil.

  3. In DigiCert Certificate Utility for Windows©, click SSL (gold lock) and then, click Import.

    Import Certificate

  4. In the Certificate Import window, under File Name, click Browse, browse to and select the .cer certificate file (e.g., your_domain_com.cer) that DigiCert sent you, click Open, and then, click Next.

    Import Certificate

  5. In the Enter a new friendly name or you can accept the default box, type a friendly name for the certificate.

    Note: The friendly name is not part of the certificate; instead, it is used to identify the certificate.

    We recommend that you add DigiCert and the expiration date to the end of your friendly name, for example: yoursite-digicert-(expiration date). This information helps identify the issuer and expiration date for each certificate. It also helps distinguish multiple certificates with the same domain name.

    Friendly Name

  6. To import the SSL certificate to your server, click Finish.

  7. You should receive a message that the certificate was successfully imported. You should now see your SSL certificate in the DigiCert Certificate Utility for Windows©.

 

ii. How to Export an SSL Certificate in Apache Compatible Format Using the DigiCert Certificate Utility

To make an SSL connection, your server needs two parts, a private key file and the certificate file. Apache (and many other server types) separate these two certificate parts into separate .key file and .crt files.

  1. On the server/workstation where you imported the SSL Certificate .cer file that DigiCert sent to you, run the DigiCert® Certificate Utility for Windows.

    Double-click DigiCertUtil.

  2. In DigiCert Certificate Utility for Windows©, click SSL (gold lock), select the certificate that you want to export, and then, click Export.

    Export Certificate

  3. In the Export Certificate window, select Yes, export the private key, select key file (Apache compatible format), and then, click Next.

    Apache Key File Export

  4. In the File name box, click to browse for and select the location and file name where you want to save the certificate .key file and then, click Finish.

    This creates the following files that you will need to upload and implement using your AWS Management Console:

    • Private Keyyour_domain_com.key
    • Server Certificateyour_domain_com.crt
    • Intermediate CertificateDigiCertCA.crt

    File Location

  5. After you receive the "Your certificate and key have been successfully exported"f; message, click OK.

 

iii. AWS: Installing Your SSL Certificate

  1. Upload Your SSL Certificate

    You need to upload the certificate files (your_domain_com.key, your_domain_com.crt, and DigiCertCA.crt) to your AWS account.

  2. Implement the SSL Certificate

    To implement your SSL certificate for your instance of AWS, consult the AWS Documentation.

    Because all instances of Amazon Web Service (AWS) are unique, it is best to consult the Amazon documentation for instructions on how to install and configure your SSL certificate for you AWS instance.

Test Installation

If your website is publicly accessible, our DigiCert® SSL Installation Diagnostic Tool can help you diagnose common problems.