Simplify Certificate Management and Installation on Windows Servers
The DigiCert Certificate Utility for Windows is an invaluable tool for anyone that manages SSL and Code Signing Certificates. As a Certificate Authority and leader in digital certificate support, DigiCert created this tool to specifically target our customer's pain points.
With features like automatic CSR creation and SSL Certificate installation, easy code signing, and certificate troubleshooting and management you're probably thinking "how much does this tool cost?" Luckily DigiCert created this utility to make managing digital certificates easier—so we let you download it for free. And you don't have to be a DigiCert customer to use it. Our goal is to provide a great utility, not force you to buy certificates from us.
About the Certificate Utility
Easily Sign Files and Batches of Code
Formerly, signing your software with a code signing certificate was an arcane and time-consuming process. Depending on the code you were signing, you would need to research how to sign the code, track down all the necessary assets, and labor through a clunky command line process. Fortunately, DigiCert’s utility for Windows turns this process into a smooth and easy procedure. Simply open the utility, navigate to the file you want to sign, and click a button. If you are signing a piece of kernel code, the utility can automatically ensure that the correct intermediate certificates are being used, saving you from the frustrating troubleshooting that can result from broken certificate chains. After signing your code, the utility can verify if it was signed correctly and let you know what certificates were used. It can also give you information about the time stamp and whether any errors occurred during the process.
Painless Troubleshooting and Management
Unless you work with certificates every day, managing them on Windows servers isn't easy. Root certificates, intermediate certificates, private keys... the list goes on. Sometimes it can feel like you have to do brain surgery on your server to fix a certificate problem. But with this utility you can manage, troubleshoot, and fix the certificates on your server—all without opening command prompt to run special certutil commands or dig through the MMC Certificate Snap-in!
One-Click CSR Generation and Certificate Installation
Like most people who deal with SSL Certificates, DigiCert knows that the CSR creation and installation process is a hassle. That’s why we added automated CSR generation and certificate installation features to our utility. After you buy a certificate and it's validated, download the utility and log in using your regular account credentials. Then click Install. The utility will create the private key and CSR, send the CSR to DigiCert, issue the certificate, and install the issued certificate. It’s that easy.
Please note that though this tool can be used by anyone, the CSR generation and certificate installation features are only available to DigiCert customers.
The DigiCert Certificate Utility lets you:
- Create a private key and CSR, send the CSR to DigiCert, issue the certificate, and install the issued certificate in just one click
- Generate and upload a CSR before a certificate is validated
- Install certificates that already have CSRs in one click
- Track the status of pending orders and view the associated SANs for each certificate
- See all of the SSL Certificates installed on your server
- View details for each certificate
- Copy SSL Certificates between servers
- Renew SSL Certificates
- Fix intermediate certificate problems
- Edit your certificate's friendly name
- Show the SSL Certificate chain that a server is sending to clients (great for internal networks)
- Install a certificate to a pending request
- Test a certificate's private key and revocation status
- Delete old certificates and stay organized
- Sign or re-sign multiple pieces of code in just one step
- Sign code with the click of a button
- Automatically check to make sure the correct certificate is being used for kernel-mode signing
- Prevent broken certificate chains
- Verify signed code
- Check for errors during the code signing process
- Look at time stamp information
- Repair a certificate that is not associated correctly to a private key
- Run the code signing portion of the utility through a command prompt
Using the Certificate Utility
The following articles contain instructions on using parts of the utility.
- Running the utility through a command prompt
- Creating a CSR on a Microsoft Windows server
- Copying SSL Certificates between servers
- Copying an SSL Certificate from Windows to Apache Servers
- Editing a certificate's friendly name
- Copying driver signing certificates to other computers
- Copying Authenticode certificates to other computers
- Renewing an SSL Certificate
- Showing the SSL Certificate chain that a server is sending to clients
- Testing a certificate's private key and revocation status
- Repairing a certificate that is not associated correctly with a private key
- Deleting old certificates
- Installing a certificate to a pending request
- Testing revocation checking and proxy issues on servers
- Repairing intermediate certificate problems
- After you download the DigiCert® Certificate Utility for Windows, right-click DigiCertUtil.exe and click Properties.
- In the DigiCertUtil.exe Properties window, on the Digital Signatur tab, you should see a signature from DigiCert, Inc.
- Select DigiCert, Inc., and then click Details.
- In the Digital Signature Details window, click View Certificate.
- The Code Signing Certificate in the DigiCert Certificate Utility should be issued to DigiCert, Inc. and issued by DigiCert.
- DigiCert SSL Installation Diagnostics Tool - Connects to your server and tells you if your certificate is installed correctly.
- DigiCert SSL Discovery Tool – Finds SSL Certificates in your network and helps you manage them.
- Exchange 2007 / Exchange 2010 CSR Wizard - Lets you create a New-ExchangeCertificate command without having to dig through a manual.
- DigiCert Internal Name Tool for Microsoft Exchange - Helps you reconfigure Exchange servers to eliminate internal names.