The Digicert Certificate Utility is probably one of the best certificate encryption tool out on the net.
A lot of people become scared with key-pair encryption but key-pairs/certificates are actually fundamental easy to figure out. You have a secret private key that rests on a system or application, and that system/application gives to another system/application the public key. From there they scrabble and authentication communication. That’s about it.
The struggles with Encryption, and SSL certificates is associated with the systems/applications that use them. Different applications from different venders tend to want things their own way, in certain formats, extensions, files, etc..
Key features of the Digicert Certificate Utility that can help with the SSL Management are..
- Install certificates with a single click
- Generate a CSR for your order
- Install certificates to pending requests
- Re-install certificates in one click
- Find SSL Certificates on your server
- View certificate details
- Copy certificates between servers
- Convert certificate into various formats
- Renew certificates
- Fix intermediate certificate chain errors
- Edit certificate friendly names
- Verify certificate chains
- Test certificates
- Delete certificates
Things to know:
- If you use the utility to generate a CSR for an SSL Certificate then once the certificate is issued you will have to import your SSL Certificate using the utility to successfully configure your SSL certificate for binding into IIS, exporting as pfx format, exporting it as a .pem format, etc..
- The Digicert Certificate Utility for SSL Certificates Automatically refers to the Windows account certificate stores on the Windows system.
- After installation you can export the certificate in an Apache .pem, .crt-.key format or a Windows pkcs12 .pfx format. Appling the certificate to what ever systems require it.
Downloading and Installing The Digicert Certificate Utility.
- On your Windows server or workstation, download and save the Digicert Certificate Utility for Windows executable (DigiCertUtil.exe). Click HERE to download.
- Run the Digicert Certificate Utility for Windows by Double-click DigiCertUtil.
Congrats you have downloaded and installed the Digicert Certificate Utility.
How to Install Your New SSL Certificate Into The Digicert Certificate Utility:
After you have enrolled for your SSL Certificate using a CSR generated from the utility you will then have to Import/Install the SSL Certificate after it gets issued. The CA should give you a pkxs7 format certificate also known as a .p7b. The way they give you this certificate will vary.
If your CA gives supplies the pkcs7 format SSL Certificate in the body of the email perform he following.
Copy the SSL certificate and make sure to copy the —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– header and footer Ensure there are no white spaces, extra line breaks or additional characters. Use a plain text editor such as Notepad, paste the content of the certificate and save it with extension .p7b (When performing this on a Windows system the Icon of the file should change into a certificate icon)
Save and move this .p7b file to the system where you have created the CSR using the Utility on.
To complete and install your SSL Certificate perform the following.
- Run the Digicert Certificate Utility by Double-clicking the DigicertUtil.exe.
- In the Digicert Certificate Utility, Click SSL.
- Click Import.
- In the Certificate Import window click Browse.. and Open to specify the location and path of your SSL Certificate.
Note: In the browse window change the file type to either PKCS#7 Certificates (*.p7b) or All Certificate Types (.pfx, .p12, .cer, .crt, .p7b) from the drop down to find your certificate.
- After specifying the location and path of the file click Next.
- You will see information about the certificate you have selected to import. In the Enter a new friendly name or you can accept the default field type a friendly name for the certificate. Something unique so that you can quickly identify this certificate.
- Click Finish.
- You should get confirmation that the certificate has been successfully install and see it within your list of code signing certificates.
Note: If you get an error that states “Private Key Missing” this is due to the following causes…
- You did not create the CSR/Private key on this machine:
- Make sure you are on the correct system that has the Digicert Certificate Utility installed where you generated the CSR from.
- If you lost your private key or if the system where the CSR was generated using the Utility blew up then you will have to start from scratch by generating a new CSR, and performing a reissue/rekey of your SSL Certificate.
- You are installing the a wrong certificate:
- Make sure you are installing the correct certificate. Typically once the certificate is on your desktop as a .p7b file you can double click on it to read the information. make sure the certificate or one of the certificates in its chain is issued to your organization with the correct dates.
- You did not create the CSR/Private key on this machine:
Congrats you have just installed your SSL Certificate using the Digicert Certificate Utility for SSL.
Since the Digicert Utility for SSL uses the systems Computer Account Local Computer Personal Certificate store for certificates. Your SSL Certificate will be ready to Assign and Bind to your IIS or Exchange. For instructions on how to bind your SSL Certificate refer to our article Windows Server 2008/2012/2016 (IIS 7/7.5 – IIS 8/8.5) Binding Instructions.
Exporting your SSL Certificate in either PEM Apache or PFX formats:
If you only used the Digicert Utility for the keypair generation of your SSL Certificate but need it applied elsewhere you can Export it in either .pfx or Apache pem and distribute it to what ever systems require it by following our article, Digicert Certificate Utility SSL Export Instructions