Rootctl

Windows

List
Certificate:





Certificate



Install SSL Certificates
Here you will learn the steps of installing an SSL certificate on your web server.
Installation of an SSL certificate depends on many things such as where you generated the CSR, the type of certificate files you got from the CA,
The types of certificate files your web server supports etc.
The following are the steps involves in the process:


1. Gather the necessary files
2. Find out the certificate file type and format your web server requires
3. Convert the certificate file type with the web server compatible files
4. Install the certificates on your web server
5. Bind the installed SSL certificate to your web site
6. Test the certificate


1 - Gather the necessary files:
--------------------------------
In order to install an SSL certificate on your web server and bind it to your domain, you should have the following files:

I. SSL Certificate for your domain
II. Intermediate certificates or CA bundle (optional)
III. Private key

You should have a certificate file for your domain and intermediate certificate files from the CA where you submitted the CSR.
The CA may not have issued an intermediate certificate or may have issued more than one intermediate certificate. Most likely you will have an intermediate certificate(s).
You may have the private key stored in a .key file type. However, it depends on where you generated the CSR and where you want to install it.
If you generated the CSR from the same web server where you want to install an SSL certificate,
Then you will not have a private key file because it is secretly stored by the web server. If you generated the CSR using a browser or SSL tools,
Then you should have a saved private key in a separate .key file. If the web server where you generate the CSR is different from the web server
Where you are going to install the certificate, then you need to export the private key from where you generated the CSR because the private key
Is generated at the same time when the CSR is generated.
So, gather all the required files before proceeding.


2 - Find out the certificate file type and the format your web server requires
------------------------------------------------------------------------------
Once you have the necessary certificate files, you need to check the certificate file type and the format your web server supports.
Different web servers and hosting platforms support different formats and types of certificate files. For example,
Apache and other similar web servers support certificates in PEM format, whereas Microsoft Windows support certificates in PKCS#7 format.
Some web servers and hosting platforms require separate certificate, intermediate certificate and private key files,
Whereas others require a single file for all. For example, Microsoft Azure cloud platform requires all files in a single PKCS#12/PFX format.
So, find out the appropriate format and file type that your web server supports.

3 - Convert the certificate file into the web server compatible file
---------------------------------------------------------------------
If the certificate files and format you got from the CA are not supported on your web server or hosting
Provider then you have to convert the certificates to your web server supported format using OpenSSL.
Convert your SSL certificate files as per your web server supported format using OpenSSL. Some
Web servers require a single file for your domain certificate, intermediate certificate and private
Key while other web servers require a separate file for each. For example, azure app service
Requires PKCS#12 format in a .pfx file with certificate, intermediate certificate and private key. So, you need to consider that too.
Learn about OpenSSL conversion commands in the next chapter.

4 - Install the certificates on your web server
-----------------------------------------------
So, once you have certificate files in the required format and type, you can install your SSL certificate on your web server.
Go to https://www.thesslstore.com/knowledgebase/ssl-install/ and click on the link of your web server to know how to install an SSL certificate.

5 - Bind the installed SSL certificate to your web site
-------------------------------------------------------
Once you have installed your SSL certificate, it's time to bind it to your website. Again, this depends on the web server or hosting provider.

6 - Test the https website
---------------------------
In this last step, you should test your SSL certificate with the SSL tools and check whether it is working fine or not.

In normal cases, a .crt file contains just one certificate. However, in some contexts,
Some applications may allow that a file contains multiple certificates.
For example, some applications may expect that a file contains all or some certificates of a certificate chain.
However, in typical cases, such file has .p12 (PKCS#12) or .pfx as its extension.



Certificate Chain
HTML5 Icon

The extension .crt indicates that the content of the file is a certificate,
But the extension does not tell anything about the file format. The file format may be PEM (Privacy-Enhanced Mail) (RFC 7468),
DER (Distinguished Encoding Rules) (X.690) or something else. If the file's content is text data and contains -----BEGIN ?????----,
The file format is PEM. On the other hand, if the file contains binary data, it is highly likely that the file format is DER.

Diagrams below from "Illustrated X.509 Certificate" illustrate relationship among ASN.1 (X.680), DER (X.690), BASE64 (RFC 4648) and PEM (RFC 7468).



HTML5 Icon
HTML5 Icon



.