RSS Feed
Knowledgebase : Comodo Certification Authority > Certificates

  The private key for a Comodo Code signing certificate is generated by the browser during certificate enrollment. When the submit button is pressed, a key pair of the selected size is generated. The PRIVATE KEY is encrypted and stored in the LOCAL KEY DATABASE. COMODO recommends using INTERNET EXPLORER 8+ on Windows and FIREFOX on Mac for certificate enrollment as it is both easy to apply and convenient for the user. To apply for a Code signing certificate, visit the below URL.. https://ww...
The private key for a S/MIME certificate is generated by the browser during certificate enrollment. When the submit button is pressed, a key pair of the selected size is generated. The PRIVATE KEY is encrypted and stored in the LOCAL KEY DATABASE. S/MIME certificates can be applied only using INTERNET EXPLORER and MOZILLA FIREFOX. COMODO recommends using INTERNET EXPLORER 8+ on Windows and FIREFOX on Mac for certificate enrollment as it is both easy to apply and convenient for the user. For ap...
REASON AND SOLUTION: If you want the SSL Padlock on your website to look fully green and perfect, then you will have to follow the security standards given by the browsers your customers mostly visit using. As it happens, Internet Explorer, Chrome, Firefox are the most commonly used browsers by the world. These browsers show the padlock of an website in their own unique way and also the warning messages associated with them. # CHROME says, "_Your connection to example.com is encrypted with ob...
PREREQUISITES: Concatenate the CAbundle and the certificate file which we sent you using the following command. _> CAT DOMAIN_COM.CRT DOMAIN_COM.CA-BUNDLE > SSL-BUNDLE.CRT_ If you are Using GUI Text Editor (Ex: Notepad): (i) To concatenate the certificate files into single bundle file, first open DOMAINNAME.CRT and DOMAINNAME.CA-BUNDLE files using any text editor. (ii) Now copy all the content of DOMAINNAME.CRT and paste it on the top of DOMAINNAME.CA-BUNDLE file. (iii) Now save the ...
Use these instructions to create your CSR (certificate signing request) and then, to install your SSL and intermediate certificates. * To create your CSR, see Mac OS X Yosemite: Create Your CSR. * To install your SSL Certificate, see Mac OS X Yosemite: Install Your SSL Certificate. For El Capitan Server (10.11), please see Mac OS X El Capitan: Create CSR & Install SSL Certificate [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1108/38/os-x-el-capitan-server-c...
Use these instructions to create your CSR (certificate signing request) and then, to install your intermediate and server (SSL) certificates. * To create your CSR, see Mac OS X El Capitan: Create Your CSR. * To install your SSL Certificate, see Mac OS X El Capitan: Install Your SSL Certificate. For Yosemite Server (10.10), please see Mac OS X Yosemite: Create CSR & Install SSL Certificate [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1107/38/os-x-yosemit...
GENERATING A CERTIFICATE SIGNING REQUEST (CSR) USING OPENSSL (APACHE & MOD_SSL, NGINX) A CSR is a file containing your certificate application information, including your Public Key. Generate your CSR and then copy and paste the CSR file into the web form in the enrollment process: GENERATE KEYS AND CERTIFICATE: To generate a pair of private key and public Certificate Signing Request (CSR) for a webserver, "server", use the following command : > OPENSSL REQ -NODES -NEWKEY RSA:2048 -KEYOUT ...
1. DOMAIN VALIDATED CERTIFICATES (DV) * A - Email Challenge-Response DCV * B - HTTP Based DCV * C - DNS CNAME Based DCV Following completion of one of the elements above the certificate will be signed and released Additional details can be found using the following URL: Methods of Domain Control Verification [https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1367&nav=0,96,1,33] Note that ALL SSL Certificates MUST undergo the above DCV process in addition ...
The reason you will see this error message is that an email certificate has already been issued to your email address. If you want to get a new one, then you will have to first revoke the current certificate. Please check REVOCATION OF SECURE EMAIL CERTIFICATE. [HTTPS://SUPPORT.COMODO.COM/INDEX.PHP?/DEFAULT/KNOWLEDGEBASE/ARTICLE/VIEW/720/0/REVOCATION-OF-SECURE-EMAIL-CERTIFICATE] If you have forgot the revocation password, then please Submit a ticket [https://support.comodo.com/index.php?/Defau...
Assigning a certificate in Outlook 2007 - 2013 is only slightly different from older versions. Previous versions set the certificate (Digital ID) in the SECURITY tab under TOOLS --> OPTIONS. Outlook 2007-2013 has a new menu item: TRUST CENTER. * Click TOOLS, then TRUST CENTER. * Then select E-MAIL SECURITY.(See Figure 1) * Click on SETTINGS to display the security settings. * Click CHOOSE to set the certificate (Digital ID) to use for SIGNING and ENCRYPTION.(See Figure 2) * Finall...
DESIGNED EXCLUSIVELY FOR MICROSOFT EXCHANGE AND OFFICE COMMUNICATIONS INFRASTRUCTURES, COMODO'S UNIFIED COMMUNICATIONS CERTIFICATES ALLOW A SINGLE CERTIFICATE TO PROVIDE SSL-SECURED COMMUNICATIONS FOR MULTIPLE DOMAINS AND MULTIPLE HOST NAMES OPERATING ON A SINGLE IP ADDRESS.   WHAT DOMAINS SHOULD I INCLUDE IN MY UCC CERTIFICATE ? Currently, All CAs are issuing UC certificates with fully qualified domain names (FQDN) only as per the CA/B Forum. Certificate requests with non-fully qualified nam...
You will need to use the below command to assign/enable services to any existing certificate on the server that is correctly installed and has a matching private key. EXAMPLE COMMAND(S): Exchange 2007: ENABLE-EXCHANGECERTIFICATE -THUMBPRINT $THUMBPRINT -SERVICES "POP, IMAP, IIS, SMTP" Exchange 2010 and 2013: ENABLE-EXCHANGECERTIFICATE -THUMBPRINT $THUMBPRINT -SERVICES POP, IMAP, IIS, SMTP NOTE: The lack of quotation marks on Exchange 2010 on the -SERVICES Flag! You will need to re...
* NOTE As an alternative to the manual instructions on this page, Comodo offers a free utility which will help you generate a CSR, submit it to Comodo and then automatically install your certificate on your IIS website. Click here [https://www.comodo.com/ssl-certificate-auto-installer/index.html] to find out more. GENERATING A CSR ON IIS 7.X * Click START. * Select ADMINISTRATIVE TOOLS. * Start INTERNET SERVICES MANAGER. * Click SERVER NAME. * From the center menu, double-click t...
apache apache apache apache apache apache apache apache apache apache apache apache INSTALLING YOUR CERTIFICATE ON APACHE WITH MOD_SSL * Extract all of the contents of the ZIP file that was sent to you and copy/move them to your server. The extracted contents will typically be named: yourDomainName.crt and yourDomainName.ca-bundle * Move all of the certificate related files to their appropriate directories. A TYPICAL SETUP: * Move the Private Key that was generated earlier to the S...
* NOTE As an alternative to the manual instructions on this page, Comodo offers a free utility which will automatically install your certificate on your IIS website. Click here [https://www.comodo.com/ssl-certificate-auto-installer/index.html] to find out more. INSTALL TO WEB SERVER 1. Open Internet Information Services Manager (IISM) to the appropriate Server Start -> Administrative Tools -> IISM -> Server Name 2. Open the Server Certificates icon. 3. Open 'Complete Certificate Request...
Once you receive your certificate issuance ZIP file, extract the file(s) contained in the ZIP file to the server. We recommend extracting these to the Desktop or a new directory all together. OPTION 1 From the Exchange Management Shell, run the following command to install the server, root, and intermediate certificates to their respective certificate stores: Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:certificatesYOUR_CERTIFICATE.cer -Encoding byte -ReadCount 0)) ...
Question: What does Error 207 (net::ERR_CERT_INVALID) mean when I try to collect my certificate (CodeSigning or Email)? Answer: This means that you have tried to obtain your certificate using the Google Chrome browser. At this present time Google Chrome does not support chained certificate enrollment and you can not use another browser to collect this certificate because the private key was generated with Chrome and you must start the process from the beginning again using another browser...
Installing and Configuring a Certificate on Mac OS X Server 10.4 After your certificate request is approved, you can download your SSL and intermediate certificate from within the SSL application. Both of these files must be installed on your Web server. TO INSTALL INTERMEDIATE CA CERTIFICATES Before installing your certificate, you need to complete the following procedure to install the Intermediate CA certificate: Visit the repository. Download the Intermediate.crt file. Launch the K...
THIS ARTICLE IS FOR ADMINISTRATORS WHO PREFER THE COMMAND SHELL! When your certificate is issued you'll typically receive a file called example__com.cer_. Save it on the server and from the same directory run: certreq -accept example_com.cer This will install the cert in the Windows certificate store and it will be available to those services and products that make use of the Windows certificate store. These products include but are not limited to: IIS, Exchange, Active Directory (LDAPS),...
CRLs and OCSP use HTTP to retrieve information from the following servers. If you are a network administrator for your organization, make sure all computers in your network that might encounter a digital certificate issued by us can access these CRL and OCSP services. We do not recommend using the Destination IP information as this is subject to change. SERVICE DNS HOSTNAME(S) DESTINATION IPS PORT OSCP OCSP.ComodoCA.com 178.255.83.1 tcp/80 OCSP.usertrust.com   ...
EXECUTIVE SUMMARY The use of the signing algorithm has been deprecated in favor of the newer and more secure SHA-2 algorithm. Google's announcement on Sept 5th 2014 accelerated the timeline for browser checking of SHA-1 in web server SSL certificates so that Chrome will display security notices where SHA-1 is encountered. This will incur negative user experience effects for website visitors where the SSL certificate is using SHA-1. As of 8 September 2015, Comodo will issue SHA-2 certificat...
ISSUE: When installing a certificate issued with a SHA-2 signature algorithms (which includes SHA-256, SHA-384, and SHA-512) on Windows Server 2003, the following error is displayed - " The integrity of this certificate cannot be guaranteed. This certificate may be corrupted or may have been altered. " SOLUTION: In order to resolve this error, Microsoft has released a hotfix in order to provide limited compatibility for certificates issued with SHA-2 signature algorithm, this can be downloaded...
CERTIFICATE: (openssl x509) Data: Version: 3 (0x2) Serial Number: 2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af Signature Algorithm: sha384WithRSAEncryption Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority Validity Not Before: May 9 00:00:00 2013 GMT Not After : May 8 23:59:59 2028 GMT Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Code Signing CA Subject Public Key Info: Public Key Algo...
                                   CODE SIGNING (SHA-2) ROOT LEVEL: AddTrustExternalCARoot.crt TEXT PEM Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root Validity Not Before: May 30 10:48:38 2000 GMT Not After : May 30 10:48:38 2020 GMT Subject: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External ...
Secure certificates of any type currently CANNOT be issued to individuals or business entities in the following countries websites or the following country-code-top-level domains (TLDs): Restricted Countries Listing: The following countries are restricted by US Export restriction laws, therefore Comodo.com cannot issue ssl certificates for registrants in the following countries AF Afghanistan CU Cuba ER Eritrea GN Guinea IQ Iraq IR Iran, Islamic Republic of KP Korea, Democratic...
PayPal and Authorize.Net sent a notice to merchants and storefronts whose websites use their service that action may need to be taken to ensure no interruption in service while the two companies work to upgrade various SSL certificates. Over the course of 2015 and 2016, they will be taking steps towards strengthening their SSL certificates across all of their sites. Strengthening SSL certificates equates to switching from the SHA-1 signature algorithm to the SHA-2 signature which is more secure....
For help using your certificate to sign and encrypt mail or to export and import or your certificate, please select your software or device from the list below. These documents are suitable for both Personal Authentication Certificates and Secure Email Certificates. BROWSERS: * Internet Explorer [https://www.comodo.com/support/products/authentication_certs/setup/ie7.php?key5sk1=649f7696ddcd15b926ed0862b303a6e7b4dd8204] * Comodo Dragon [https://www.comodo.com/support/products/authenticati...
SSL CERTIFICATE INSTALLATION FOR EXCHANGE 2013 If you have not yet created a Certificate Signing Request (CSR) and ordered your certificate, see Exchange 2013 CSR Generation [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/998/19/exchange-2013-ssl-csr-creation] Using COMODO step-by-step Installation instructions for Exchange 2013 will help you navigate the updates made in the new version of Exchange. Please use the tutorial below or contact our support team if you run...
EXCHANGE 2013 SSL CERTIFICATES CSR CREATION HELP If you already have your SSL Certificate and just need to install it, see Exchange 2013 SSL Installation Instructions [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/997/37/exchange-2013-ssl-certificate-installation] There have been many new changes in Exchange 2013. One of those is that the interface is now accessible through a browser. Your Installation of Exchange 2013 will be easier with our great step-by-step tuto...
INSTRUCTIONS FOR INSTALLING YOUR COMODO CODE SIGNING CERTIFICATE After purchasing a standard code signing certificate, COMODO validates your information and sends you an email that contains a link to install your code signing certificate. *SUN JAVA NOTE: If your certificate was keyed for the Sun Java Platform, your code signing certificate installation process is different than the one described on this page. Please see Java Code Signing Certificate Set Up and Usage Guide [https://support.com...
SETTING UP AND USING YOUR ORACLE JAVA CODE SIGNING CERTIFICATE In Java, the process for setting up your COMODO Code Signing Certificate consists of creating a Java keystore and a Certificate Signing Request (CSR) and then, installing your COMODO generated code signing certificate file to the Keystore file from where the CSR was generated. * If you have already set up your code signing certificate and are ready to sign your Java .jar files, see the Signing Java .jar Files with Jarsigner ins...
HOW TO VERIFY YOUR CODE SIGNING CERTIFICATE IS INSTALLED After generating your code signing certificate, we recommend that you take a second to verify that your certificate is installed in the browser's Certificate Store. Internet Explorer Chrome Firefox INTERNET EXPLORER: VERIFYING YOUR CLIENT CERTIFICATE IS INSTALLED * In Internet Explorer, go to INTERNET OPTIONS. * In the INTERNET OPTIONS window, on the CONTENT tab, click CERTIFICATES. * In the CERTIFICATES window, on the...
HOW TO VERIFY YOUR CODE SIGNING CERTIFICATE IS INSTALLED After generating your Code Signing Certificate, we recommend that you take a second to verify that your certificate is installed in the keychain or in the browser's Certificate Store. Safari and Chrome Removing the "_This certificate was signed by an unknown authority"_ Warning Message Firefox SAFARI AND CHROME: VERIFYING YOUR CODE SIGNING CERTIFICATE IS INSTALLED If you used Safari or Chrome to install your Code Signing Certificat...
HOW TO EXPORT YOUR CODE SIGNING CERTIFICATE After installing your code signing certificate, you may need to export the certificate for use on a different computer, for signing code, etc. Safari and Chrome Firefox SAFARI AND CHROME: EXPORTING YOUR CODE SIGNING CERTIFICATE AS A P12 FILE If you used Safari or Chrome to install your Code Signing Certificate, the certificate should be located in the login keychain. * Open KEYCHAIN ACCESS. In the FINDER window, under FAVORITES, click APP...
HOW TO EXPORT YOUR CODE SIGNING CERTIFICATE After installing your code signing certificate, you may need to export the certificate for use on a different computer, for signing code, etc. Internet Explorer Chrome Firefox INTERNET EXPLORER: EXPORTING YOUR CODE SIGNING CERTIFICATE AS A PFX FILE * In Internet Explorer, go to INTERNET OPTIONS. * In the INTERNET OPTIONS window, on the CONTENT tab, click CERTIFICATES. * In the CERTIFICATES window, on the PERSONAL tab, select your c...
ISSUE: Profile Manager does not show a code signing certificate when asked to sign configuration profiles. Please try to import the intermediate certificate files manually on the IOS device through the following URLs: * Intermediate 1:https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/966/108/intermediate-1-sha-2-comodo-rsa-certification-authority [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/966/108/intermediate-1-sha-2-comodo-rsa-certific...
This document provides instructions for installing SSL Certificates. If you are unable to use these instructions for your server, COMODO recommends that you contact either the vendor of your software or an organization that supports Stronghold. STEP 1. DOWNLOAD THE COMODO RSA CA CERTIFICATE * Download the Intermediate CA certificate from this link: Comodo [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/620/0/which-is-root-which-is-intermediate] Select the appropri...
PAYPAL IS UPDATING THEIR SSL CERTIFICATES, WHICH WILL IMPACT ALL WEB AND API ENDPOINTS We have been advised that PayPal is going to update their SSL certificates to SHA-2. This update will impact merchants and developers with an integration that does not use the new VeriSign G5 Root Trust Anchor, or those whose hardware / software does not support the SHA-2 signing algorithm. For more information, please refer to the link below: https://devblog.paypal.com/paypal-ssl-certificate-changes/ [htt...
This document provides instructions for generating a Certificate Signing Request (CSR) for Stronghold. If you are not able to use these instructions for your server, COMODO recommends you to contact the server vendor or the organization, which supports Stronghold. NOTE: To generate a CSR, you will need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one...
To enable OCSP Stapling on NGINX: * First check that NGINX 1.3.7 or above is installed by running the following command: nginx -v Versions lower than 1.3.7 do not support OCSP stapling, so you should update NGINX before proceeding with the rest of this tutorial. * Check whether OCSP stapling is already enabled or not: * Go to https://sslanalyzer.comodoca.com/ [https://sslanalyzer.comodoca.com/] , enter your website address and click 'Analyze' * Scroll down to 'Certificate Status Det...
To enable OCSP Stapling on Apache: * First check that Apache HTTPD Server 2.3.3 or above is installed by running one of the following commands: apache2 -v httpd -v Versions lower than 2.3.3 do not support OCSP stapling, so you should update Apache before proceeding with the rest of this tutorial. * Check whether OCSP stapling is already enabled or not: * Go to https://sslanalyzer.comodoca.com/ [https://sslanalyzer.comodoca.com/] , enter your website address and click 'Analyze' * ...
To enable OCSP stapling on Windows Servers * Ensure you are using Windows Server 2008 or above. * Windows Server 2008 and above - OCSP Stapling is enabled by default. * Versions below 2008 do not support OCSP Stapling. Please upgrade to Windows Server 2008 or later to enable OCSP Stapling. * To confirm OCSP stapling is enabled on Windows 2008 or above: * Go to https://sslanalyzer.comodoca.com/ [https://sslanalyzer.comodoca.com/] , enter your website address and click 'Analyze' * S...
The Online Certificate Status Protocol forms a important part of the online security ecosystem by communicating the revocation status of SSL/TLS certificates from the issuing CA to internet browsers and, ultimately, website visitors. Up-to-date revocation information is vital because, after a certificate has been issued, it may become inappropriate to continue to trust it (as is the case if the certificate is revoked). OCSP stapling allows web site operators to improve the speed of these chec...
Certificate is not installed correctly; the certificate needs to be chained back to the Addtrust root certificate in order to be trusted on the Android. The issue is that the Windows server is not presenting the complete certificate chain; clients which do not have the complete certificate chain will result in this error as encountered on the Android phone. In order to resolve this, on the server which this certificate is installed on, please open the MMC (Microsoft Management Console), and ad...
METHOD 1: VIA CLI 1. Login as root. 2. Adjust the following command to match your information: /OPT/ZIMBRA/BIN/ZMCERTMGR CREATECSR COMM -NEW "/C=US/ST=CALIFORNIA/L=LOS ANGELES/O=COMPANY INC/OU=DEPARTMENT/CN=YOUR.DOMAIN.COM" Where: C = 2-digit country code ST = State/Province L = City O = Organization Name OU = Department (e.g., IT Department) CN = Common Name (mail.domain.com, *.domain.com) If you want to include more than one name in the CSR, you can add -subjectAltNames to the end of the c...
Method 1: Via Zimbra Admin Console 1. Login to your Zimbra Admin Console using a browser. 2. In the left navigation pane under Home click Configure. Click CERTIFICATE. 3. On the right of the Zimbra Admin console click on the settings icon and select Install Certificate. 4. The Certificate Installation Wizard will pop up. 5. Under Server Name Select the Target server you are going to install the certificate for. Click NEXT 6. Select the option Install the commercial signed certificate. C...
In July 2012, the CA/Browser Forum, the industry standards board for Certificate Authorities and the browsers that use Certificates, made a decision to deprecate the usage of reserved IP addresses and internal names for certificates, effective November 1st 2015. All such certificates still outstanding must be revoked by October 31, 2016. _COMODO WILL NOT ISSUE A CERTIFICATE WITH AN EXPIRY DATE LATER THAN 1 NOVEMBER 2015 WITH A SUBJECTALTERNATIVENAME (SAN) EXTENSION OR SUBJECT COMMONNAME (CN) F...
INTERNAL NAMES NOTE: You can no longer include internal names/reserved IP address in your certificates. All publicly trusted SSL Certificates issued to internal names and reserved IP addresses will expire before November 1, 2015. WHAT SUBJECT ALTERNATE NAMES (SANS) SHOULD BE INCLUDED IN AN EXCHANGE 2010 CERTIFICATE? Finding the SANs that need to be included in your Unified Communications (UC) Certificate for Exchange 2010 has been simplified. You can use the Microsoft Exchange Certificate Wiz...
Generating a CSR with DIRECT ADMIN CONTROL PANEL 1. First logon as user 'ADMIN' 2. Modify the 'Access Level' from 'ADMIN LEVEL' to 'User Level', by clicking in the Access Level menu on the right on User Level 3. Click on "SSL CERTIFICATES"(underneath Advanced Features) 4. Select the option "CREATE A CERTIFICATE REQUEST" and enter all requested information given below 2 letter country code - Eg : US for United States and IN for INDIA State , Company(Organization name) ,company Divisi...
Installation of a certificate with DirectAdmin Control Panel 1. LOG ON to DirectAdmin Control Panel. 2. Go to the "SSL CERTIFICATES" panel (underneath Advanced Features). 3. Select the option "PASTE A PRE-GENERATED CERTIFICATE AND KEY". 4. Open your Private Key file and your Certificate file (Mostly in the name of YOURDOMAINNAME.CRT or ORDERNUMBER.CRT) in Notepad and paste them both in the text box.  NOTE : Paste the Private key and then paste the certificate file content 5. When yo...
To install SSL into the QNAP NAS ,you can use the OPENSSL TOOL to create the CSR and PRIVATE KEY . To generate a pair of private key and public Certificate Signing Request (CSR) for a webserver, "server", use the following command :  OPENSSL REQ -NODES -NEWKEY RSA:2048 -KEYOUT MYSERVER.KEY -OUT SERVER.CSR This creates a two files. The file MYSERVER.KEY contains a PRIVATE KEY; do not disclose this file to anyone. Carefully protect the private key. In particular, be sure to backup the pri...
After applying your certificate,you will get the certificate file in the format of ZIP from comodo. That includes the following file yourdomainname_com.crt - your domain certificate yourdomainname_com.ca-bundle - Intermediate file. STEP 1 : You need to Import the files into QNAP By using those file with the private key generated while generate the CSR for installation as follows. Need to import the file in the respective field. Go to QNAP->CONTRAL PANEL->SECURITY->CERTIFICATE & PRIVATE...
PLESK 10 CERTIFICATE INSTALLATION 1.Login to Plesk Control panel 2.select the domain name in which you need to install ssl certificate 3.Click Website and Domains 4.Click Secure your sites 5.Click Add SSL Certificate 6.Upload the certificate files 7.Private key - Browse your private key 8.Certificate - Browser your "domainname.crt" file 9.CA-Certificate- Browser your "domainname.ca-bundle" file Note:If you haven't get the CA-bundle file, please contact our ssl support. 10.Cl...
HOW TO CONFIGURE SSL FOR YOUR WINDOWS AZURE WEBSITE ? Once you have the exported .pfx file, you can use it to configure SSL for your Windows Azure website. 1. In a browser, open and log into the Windows Azure Management Portal. 2. On the web sites tab, under NAME, select your website. 3. On your website's page, click CONFIGURE. 4. On the CONFIGURE tab, in the certificates section, under SUBJECT, click upload a certificate. 5. In the Upload a certificate window, under FILE, click BROWSE...
Here is the list of support for SHA-2 (or) SHA-256 hash algorithm. WEB-BROWSERS : Chrome - Version 26 and above Mozilla Firefox - Version 1.5 and above Internet Explorer - Version 6.0 and above (must have Windows XP Service Pack 3 installed or above). Java based applications and products - Version 1.4.2 and above Konqueror - Version 3.5.6 and above Netscape - Version 7.1 and above OpenSSL based applications and products - Version 0.9.8 and above Opera - Version 9.0 and above ...
Requirements for this installation : WWW_DOMAIN.CRT and WWW_DOMAIN.CA-BUNDLE 1. Log in to your Plesk Panel 2. Go to the WEBSITES & DOMAINS tab and select the domain you want to secure. 3. Click on ‘SECURE YOUR SITES’ 4. Select the SSL certificate that was created while generating the CSR code 5. On the next page locate the 'UPLOAD CERTIFICATE FILES' section. Click on the 'BROWSE' button and locate the certificate and the CA bundle files from your computer. After both files are chosen, clic...
To Generate a CSR on a Plesk 12 System, perform the following: 1. Log into Plesk Panel. To Generate a CSR on a Plesk 12 System perform the following. 2. Under "HOSTING SERVICES", select "Domains". Click the domain name you wish to protect. This link will open the Control panel for that domain. 3. In the Control Panel, go to the WEBSITES & DOMAINS tab. Click the "Show More" tag to display management options. 4. Click "SECURE YOUR SITES". 5. In the "SSL CERTIFICATES" page that then opens, clic...
OVERVIEW This page will help you in Creating Certificate Signing Request (CSR) for your domain. NAVIGATE TO CSR Navigate to the CERTIFICATE SIGNING REQUEST menu under the Security section in the Webuzo Enduser Panel. [http://www.webuzo.com/wiki/File:Csr_home.png] PROCEDURE You must have Private Key for the Domain for which you want to create the Certificate Signing Request (CSR). Populate the details for creating the Certificate Signing Request (CSR) Note : Certificate Signing Request ...
If you have not yet created a Certificate Signing Request (CSR) and ordered your certificate, see Mac OS X Mavericks Server: SSL Certificate CSR Creation [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1038/0/os-x-mavericks-server-ssl-certificate-csr-creation]. MAC OS X MAVERICKS: INSTALLING YOUR SSL CERTIFICATE To install your Mac OS X Mavericks SSL Certificate, complete the steps below. * Install your SSL Certificate. * Assign Your SSL Certificate to Serv...
If you already have your SSL Certificate and just need to install it, see Mac OS X Mavericks Server: SSL Certificate Installation [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1037/0/os-x-mavericks-server-ssl-certificate-installation]. MAC OS X MAVERICKS: CSR CREATION USING THE SERVER APP To get a valid SSL Certificate, you must first generate a CSR (certificate signing request). Then, you will use the contents of the CSR to order your SSL Certificate. Once you re...
This article explains the process of converting a Java Keystore file, into a PKCS12 file which is a .pfx or .p12 . Requirements - A Java Keystore containing the root, intermediate, and your domain/end entity certificate which was imported by following these instructions. [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/638/37/certificate-installation-java-based-web-servers-tomcat-using-keytool] In order to convert the Java Keystore file into a .pfx or .p12 file, you ...
SHA-2 COMPATIBILITY Please see below for minimum versions required for SHA-2 as well as some listed exceptions. SOFTWARE AND HARDWARE THAT SUPPORT SHA-2 BROWSER & SERVER SUPPORT BROWSER MINIMUM BROWSER VERSION Chrome 26+ Firefox 1.5+ Internet Explorer 6+ (With XP SP3+) Konqueror 3.5.6+ Mozilla 1.4+ Netscape 7.1+ Opera 9.0+ Safari 3+ (Ships with OS X 10.5) Server Minimum Server Version 4D Server 14.01+ Amazon Web...
 CSR GENERATION IN GOOGLE APP ENGINE To create the CSR , execute the following command in openssl.    OPENSSL REQ -NODES -NEWKEY RSA:2048 -KEYOUT MYSERVER.KEY -OUT SERVER.CSR This creates two files. The file myserver.key contains a private key; do not disclose this file to anyone. Carefully protect the private key. Once the CSR has been created then you should submit it to the CA (Comodo) to get the CA bundle and the domain certificate.
There are several methods of signing with Visual Studio, depending on exactly what you want to do. For signing the compiled EXE, a post-build step is the easiest route: In order to get a signature automatically applied to your EXE (or DLL) when you compile/build, you need to call a signing utility like SignTool.exe as a post-build step. Microsoft has a good tutorial on that, view it here: http://msdn.microsoft.com/en-us/library/ms180786%28VS.80%29.aspx NOTE: If you want strong name signi...
2X APPLICATION SERVER CSR AND INSTALLATION INSTRUCTIONS 2X APPLICATION SERVER CSR CREATION By enabling SSL encryption, your 2X Gateway provides encryption to your terminal servers. You can enable clients to connect using SSL by checking the box to "Enable SSL on Port:", usually using 443 as the default SSL setting. You can find this option under the SSL/TLS tab of the 2X Secure Client Gateway Properties window. To access the Gateway Properties window, click on the Farm in the Navigation pan...
SSL CERTIFICATE COUNTRY CODES FIND YOUR COUNTRY CODE FROM THE LIST PROVIDED BELOW COUNTRY CODES ARE REQUIRED WHEN CREATING A CERTIFICATE SIGNING REQUEST. THE SSL CERTIFICATE COUNTRY CODES THAT YOU NEED TO ENTER WHEN CREATING YOUR CSR ARE AS FOLLOWS: * US United States of America * CA Canada * AX Åland Islands * AD Andorra * AE United Arab Emirates * AF Afghanistan * AG Antigua and Barbuda * AI Anguilla * AL Albania * AM Armenia * AN Netherlands Antilles * AO Angola ...
3COM WIRELESS LAN CSR CREATION Before you can generate a Certificate Signing Request (CSR) for your 3Com Wireless Lan Switch and Controller, you will need to create the private key from which your CSR can then in turn be created. * Running the following command should elicit the response _key pair generated_ and generate a 2048-bit private key. WX1200#crypto generate key web 2048 In the above example, "web" represents a certificate for web access so users can use a web page to log onto ...
CSR CREATION FOR ADOBE CONNECT This is a full walk through of how to setup and install Adobe Connect 7 Pro with SSL. If you are having trouble with your CSR creation or SSL installation, hopefully this can clarify any issues you encountered understanding the Adobe documentation. If you do not have OpenSSL (a common SSL manipulation tool), you will want to download it online before continuing. CREATING CSRS AND PRIVATE KEYS IN ADOBE CONNECT 7 PRO * You will need to create two private k...
HOW TO CREATE A CSR ON AEP NETILLA AND INSTALL YOUR SSL CERTIFICATE Setting up your SSL on a AEP Netilla device should be fairly straightforward through the Netilla Admin panel. * Open your Netilla Admin panel and go to System Configuration, General, SSL, and then choose to "Request New Certificate." * You will be presented with a form to enter your company's information which will be submitted to COMODO as part of your certificate request. Most of the requested information should be...
ALPHA FIVE APPLICATION SERVER CSR CREATION * You will generate your Certificate Signing Request (CSR) from your Alpha Five Application Server where the certificate will be installed. Be sure to keep the private key that you generate during the CSR creation process, as it will be needed when you receive your certificate. * To create the CSR, go to the Application Server Settings window and the tab labeled "SSL". * Click the long button at the bottom of the tab with the label "Generate a...
CSR CREATION FOR BARRACUDA SPAM & ANTIVIRUS 300 VERSION 5 If you already have your SSL Certificate files and just need to install them, see SSL Installation - Barracuda Spam And Virus Firewall 300 [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1086/0/barracuda-spam--virus-firwall-300-ssl-installation]. CREATE YOUR CSR If you are looking for a CSR creation tutorial for older versions of Barracuda devices please see our CSR Creation for Barracuda Devices Below Versi...
CERBERUS FTP SERVER: CREATE CSR & INSTALL SSL CERTIFICATE Use these instructions to create your CSR (certificate signing request) and then, to install your SSL, intermediate, and root certificates. * To create your CSR, see Cerberus FTP Server: Create Your CSR (Certificate Signing Request). * To install your SSL Certificate, see Cerberus FTP Server: Install Your SSL Certificate. 1. CERBERUS FTP SERVER: CREATE YOUR CSR (CERTIFICATE SIGNING REQUEST) CERBERUS FTP SERVER: HOW TO GENERAT...
NOTE: If you already have your SSL Certificate and just need to install it, see Lync 2010: Installing a SSL Certificate [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1073/0/lync-server-2010-certificate-installation]. LYNC 2010: GENERATING A CSR * On the Windows START menu, click ALL PROGRAMS > MICROSOFT LYNC SERVER 2010 > LYNC SERVER DEPLOYMENT WIZARD. * In the LYNC SERVER 2010 – DEPLOYMENT WIZARD, click INSTALL OR UPDATE LYNC SERVER SYSTEM. * Under STEP...
LYNC SERVER 2010: SSL CERTIFICATE INSTALLATION If you have not yet created a Certificate Signing Request (CSR) and ordered your certificate, see Lync 2010: Creating a CSR [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1072/0/lync-server-2010-csr-creation]. LYNC 2010: INSTALLING YOUR SSL CERTIFICATE * On the Windows START menu, click All PROGRAMS > MICROSOFT LYNC SERVER 2010 > LYNC SERVER DEPLOYMENT WIZARD. * In the LYNC SERVER 2010 – DEPLOYMENT WIZARD, cli...
HOW TO GENERATE A CSR FOR LYNC 2013 * From the Windows start menu click on LYNC DEPLOYMENT WIZARD icon. * Click on INSTALL or UPDATE Lync Server System. * Under the Request, Install or Assign Certificates section click RUN. * Choose External Edge Certificate and click REQUEST. * Click NEXT. * Choose Prepare the request now, but send it later. * Choose the name and destination for the CSR text file. (i.e. C:DesktopExampleCSR.txt). * On the Specify Alternate Certificate Te...
HOW TO INSTALL YOUR SSL CERTIFICATE IN LYNC 2013 * From the Windows start menu click on Lync Deployment Wizard icon. * Click on INSTALL or update Lync Server System. * Under the Request, Install or Assign Certificates section click RUN. * Choose External Edge Certificate and click IMPORT CERTIFICATE. * Use the Browse button, and locate your certificate file (will be .pfx if you used DigiCert Windows Utility. If using a .pfx file be sure to check the Certificate file contains ...
FILEZILLA: CSR CREATION USING OPENSSL Use these instructions to build your own shell commands to generate your FileZilla CSR. HOW TO GENERATE A CSR FOR FILEZILLA USING OPENSSL If you prefer, you can build your own shell commands to generate your FileZilla CSR. * Use your terminal (ssh) to login to your FileZilla server. * At the prompt, enter the following command, making sure to replace server with the name of your server: openssl req -new -newkey rsa:2048 -nodes -keyout server.k...
SSL CERTIFICATE INSTALLATION IN FILEZILLA Use these instructions to install your SSL Certificate for FileZilla. Before installing your SSL Certificate, you first need to create a Certificate Signing Request (CSR). See OpenSSL Certificate Signing Request (CSR) Creation for FileZilla SSL [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1076/0/filezilla-csr-creation-using-openssl]. HOW TO INSTALL AN SSL CERTIFICATE FOR FILEZILLA * On your FileZilla server, open Fil...
CREATE CSR ON ZIMBRA AND SSL INSTALLATION ZIMBRA CSR CREATION * Log in as _root._ * Adjust the following command to match your information: /OPT/ZIMBRA/BIN/ZMCERTMGR CREATECSR COMM -NEW "/C=US/ST=NJ/L=CLIFTON/O=COMPANY INC/OU=DEPARTMENT/CN=YOUR.DOMAIN.COM" Where: C = 2-digit country code ST = State/Province L = City O = Organization Name OU = Department (e.g., IT Department) CN = Common Name (mail.domain.com, *.domain.com) If you want to include more than one name in the ...
CSR CREATION FOR TOMCAT KEYSTORE SSL CERTIFICATES If you already have your SSL Certificate and just need to install it, see Tomcat Web Server SSL Certificate Installation [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1080/0/tomcat-ssl-certificate-installation]. HOW TO GENERATE A CSR IN TOMCAT WITH KEYTOOL **NOTE: YOU MUST GENERATE A NEW KEYSTORE BY FOLLOWING THIS PROCESS. IF YOU TRY TO INSTALL A NEW CERTIFICATE TO AN OLD KEYSTORE YOUR CERTIFICATE WILL NOT WORK P...
SSL CERTIFICATE INSTALLATION IN TOMCAT WEB SERVER If you have not yet created a Certificate Signing Request (CSR) and ordered your certificate, see SSL Certificate CSR Creation [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1079/0/tomcat-csr-generation] * To install the SSL Certificate file to your keystore, type the following command: KEYTOOL -IMPORT -TRUSTCACERTS -ALIAS SERVER -FILE YOUR_SITE_NAME.P7B -KEYSTORE YOUR_SITE_NAME.JKS * You should get a conf...
RADWARE ALTEON APPLICATION SWITCH If you have not yet created a Certificate Signing Request (CSR) and ordered your certificate, see Create a CSR for Radware Alteon Application Switch [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1083/0/radware-alteon-application-switch-csr-generation]. SSL INSTALLATION FOR THE RADWARE ALTEON APPLICATION SWITCH * Create PEM file by pasting the contents of www_yourdomain_com.crt to the beginning of the intermediate certificate ...
RADWARE ALTEON APPLICATION SWITCH If you already have your SSL Certificate and just need to install it, see Install an SSL Certificate on a Radware Alteon Application Switch [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1082/0/radware-alteon-application-switch-ssl-installation]. HOW TO CREATE A CSR FOR THE RADWARE ALTEON APPLICATION SWITCH. * Log in to your COMODO account and download your Intermediate (COMODOCA.crt) and Primary (your_domain_name.crt) certifi...
If you have not yet created a Certificate Signing Request (CSR) and ordered your certificate, see Lotus Domino 8.5 CSR Creation Instructions [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1084/0/lotus-domino-85-csr-generation]. INSTALL SSL ON A LOTUS DOMINO WEB SERVER VERSION 8.5 _As is the case when working with certificate keystores, you need to make sure that when importing your SSL certificates to your Lotus Domino 8.5 Web Server that the files are imported to ...
INSTRUCTIONS TO INSTALL SSL CERTIFICATE BARRACUDA FIRMWARE VERSION 5 If you have not yet created a Certificate Signing Request (CSR) and ordered your certificate, see CSR Creation Barracuda Spam and Virus Firewall Version 5 [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1070/0/barracuda-spam-and-virus-firewall-300-csr-generation]. SSL INSTALLATION To install your SSL certificate file you will need to be logged into the Barracuda as an administrator. * Go to t...
BARRACUDA CSR CREATION If you already have your SSL Certificate and just need to install it, see SSL Certificate Installation :: Barracuda [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1088/0/barracuda-ssl-installation]. HOW TO GENERATE A CSR FOR A BARRACUDA SPAM FIREWALL In order to generate a Certificate Signing Request for your Barracuda Firewall, navigate to the Advanced > SSL or Advanced > Secure Administration page and follow these steps: * Fill in all...
BARRACUDA SSL CERTIFICATE INSTALLATION If you have not yet created a Certificate Signing Request (CSR) and ordered your certificate, see SSL CSR Creation for a Barracuda Spam Firewall [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1087/0/barracuda-spam-firewall-csr-generation]. INSTALLING YOUR BARRACUDA SSL CERTIFICATE A pre-built .pem file should have been emailed to you when your certificate was issued. If you did not receive that file, you can download it insi...
QUICK GUIDE TO INSTALL SSL CERTIFICATE ON GOOGLE APP ENGINE STEP 1: CREATE CSR (CERTIFICATE SIGNING REQUEST) FOR GAE Before you start the installation process, you need to generate a new CSR. You will get a private key along with CSR when you generate your CSR. STEP 2: DOWNLOAD AND EXTRACT SSL CERTIFICATE FILES Once you complete the CSR and the order process the certificate authority will send you the certificate files via a registered email address included with a zip file. This file c...
Code Signing for Windows Windows Software Development Kit (SDK) contains headers, libraries, and tools you can use when you create apps that run on Windows operating systems. To download the Windows Software Development Kit (SDK) click here [https://www.microsoft.com/en-us/download/details.aspx?id=8279]. IMPORTANT SIGNTOOL OPTIONS: * /AC  -  Specify an Additional Certificate. * /A  -  Automatically selects the best certificate to sign the file from your Windows Certificate Store. ...
CODE SIGNING CERTIFICATES - SHA1 AND SHA-256 INFORMATION IF YOUR USERS ARE GETTING AN ERROR MESSAGE THAT READS "THE SIGNATURE OF THIS PROGRAM IS CORRUPT OR INVALID" WHEN THEY DOWNLOAD, YOU NEED TO UPGRADE TO AN SHA-256 SIGNATURE! According to the Microsoft PKI blog [http://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-authenticode-code-signing-and-timestamping.aspx]: "Effective January 1, 2016, Windows (version 7 and higher) and Windows Server will no lon...
  If your certificate uses SHA-2 or has SHA-2 certificates in its chain of trust and you are using it to sign kernel modules, then you should be aware of KB3033929 [https://support.microsoft.com/en-us/kb/3033929], an update for Windows 7 distributed through Windows Update. On versions of Windows 7 without this update, the kernel will reject signatures made with certificates that use SHA-2, so they cannot be used to get a kernel module to load. In order for your driver to install successfully...
APACHE: CREATE ECC CSR AND INSTALL ECC SSL CERTIFICATE Before generating an ECC CSR (Elliptic Curve Cryptography Certificate Signing Request) and ordering an ECC SSL Certificate form COMODO, make sure that your environment is compatible with ECC SSL Certificates. For more information about Elliptic Curve Cryptography, see Elliptic Curve Cryptography ECC Explained [http://support.comodo.com/ecc.htm]. Use these instructions to generate the ECC CSR and then install your ECC SSL Certificate. ...
THE HISTORY AND BENEFITS OF ECC CERTIFICATES The constant back and forth between hackers and security researchers, coupled with advancements in cheap computational power, results in the need for continued evaluation of acceptable encryption [http://support.comodo.com/ssl-cryptography.htm] algorithms and standards. RSA is currently the industry standard for public-key cryptography and is used in the majority of SSL/TLS Certificates. A popular alternative, first proposed in 1985 by two resear...
MICROSOFT SERVERS: CREATE ECC CSR AND INSTALL ECC SSL CERTIFICATE Before generating an ECC CSR (Elliptic Curve Cryptography Certificate Signing Request) and ordering an ECC SSL Certificate form COMODO, make sure that your environment is compatible with ECC SSL Certificates. For more information about Elliptic Curve Cryptography, see Elliptic Curve Cryptography ECC Explained [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1105/0/what-is-eliptic-curve-cryptography-ecc]. ...
INTRODUCTION STATUS Feature complete, needs testing. FEDORA The dogtag packages are now available in Fedora. The required packages should be pulled in as dependencies when ipa-server is installed. This just makes the binaries available for the IPA installer script. The installer creates and configures the necessary dogtag components to stand up a CA. INSTALLING A dogtag CA is installed by default by IPA. To install using a self-signed CA instead of dogtag pass in the --selfsign argumen...
HOW DO I BACKUP MY CERTIFICATE WITH CHROME 1. In Chrome, go to SETTINGS. 2. On the SETTINGS page, below DEFAULT BROWSER, click SHOW ADVANCED SETTINGS. 3. Under HTTPS/SSL, click MANAGE CERTIFICATES. 4. In the CERTIFICATES window, on the PERSONAL tab, select your code signing certificate and then, click EXPORT. * In the CERTIFICATE EXPORT WIZARD, on the WELCOME page, click NEXT. * On the EXPORT PRIVATE KEY page, select YES, EXPORT PRIVATE KEY and then, click NEXT. 5. On the EXPORT FI...
You may have to convert a JKS to a PKCS#12 for several reasons. For example, if you have to copy or transfer your certificate from a TOMCAT server (or a platform using JKS file type) to a server using PKCS#12 file type such as Microsoft. The PKCS#12 could also be converted to be installed on platforms using PEM files (Apache for example). PREREQUISITES: * Keytool application (supplied along with JDK 1.1 and higher) * A JKS file containing the certificate, the private key and the certific...
To install the SSL Certificate on your Small Business Server 2008, follow the instructions below. 1. Extract the contents of the .zip file that contains your SSL Certificate and the chain certificates. Save the certificates to the Small Business Server where you generated the CSR. 2. To install the ROOT and INTERMEDIATE CERTIFICATES, check the below article. > ADDING ROOT AND INTERMEDIATE CERTIFICATES VIA MMC > [HTTPS://SUPPORT.COMODO.COM/INDEX.PHP?/DEFAULT/KNOWLEDGEBASE/ARTICLE/VIEW/636/0...
SERVER NAME INDICATION SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to present multiple certificates on the same IP address and TCP port number and hence allows multiple secure websites to be served off the same IP address without requiring all those sites to use the same certificate. When making a TLS connection the client requests...
CSR GENERATION CENTOS WEBPANEL 1.Login to CWP panel. 2. Go to security tab and SSL Generation. Country Name (2 letter code) [AU]: GB State or Province Name (full name) [Some-State]: YORKS Locality Name (eg, city) []: YORK Organization Name (eg, company) [Internet Widgits Pty Ltd]: MYCOMPANY LTD Organizational Unit Name (eg, section) []: IT Common Name (eg, YOUR name) []: MYDOMAIN.COM Email Address []: Key Size: 2048 3.Then Click generate and it will display the CSR and private key. Do bac...
1. CREATE DIRECTORY FOR THE KEYSTORE AND CSR: Open a command prompt and type the following: _> mkdir sslcert_ Then cd to the newly created directory by typing the following command: _> cd sslcert_ 2. CREATE KEYSTORE: Use the following command to create a keystore: _> keytool -genkey -alias youralias -keyalg RSA -keystore yourkeystorename.jks -keysize 2048_ You will be prompted to enter keystore password. The default password that comes with glassfish is "_CHANGEIT_" except you ha...
If you have multiple servers that need to use the same SSL certificate, such as in a load-balancer environment or using a wildcard [https://ssl.comodo.com/wildcard-ssl-certificates.php] or UC SSL certificates [https://ssl.comodo.com/unified-communications-uc-ssl-certificates.php], you can convert the certificates and private key to a .PFX FILE and THEN IMPORT THE CERTIFICATE ON WINDOWS SERVER SO IT CAN BE USED IN IIS OR EXCHANGE. This may also be necessary when you switch hosting companies. We w...
STEP 1: INSTALLING INTERMEDIATE CERTIFICATES: 1. In the main menu navigate to CERTIFICATES > INTERMEDIATE CERTS. 2. Click the ADD NEW button. 3. Click CHOOSE FILE. 4. Browse to the location and path of your Intermediate .pem 5. Specify a name of your choice for your intermediate certificate under the Certificate Name field 6. Click ADD CERTIFICATE. 7. Click OK. STEP 2: INSTALLING YOUR SSL CERTIFICATE: 1. In the main menu of the LoadMaster WUI go to CERTIFICATES > SSL CERTIFICATES. 2. Click...
Like all certificates you must first create a CSR public/private key pair The CSR should be given to Comodo for signing and the private key will be left on the server. Follow the steps below to generate a CSR: STEP 1: GENERATING YOUR CSR KEYPAIR: * Log into your Kemp LoadMaster WUI. * In the main menu of the LoadMaster WUI, select CERTIFICATES > SSL CERTIFICATES. * Specify a name for you private key in the PRIVATE KEY IDENTIFIER field. * Click GENERATE CSR 5. Specify the following i...
CAUSE: This error occurs if the server administrator does not have permissions to the local security policy on Microsoft Windows 2008 server. SOLUTION: Although the error occurs during installation, the certificate might still install successfully. Check the bindings to see if the new certificate is available to be assigned. If the SSL certificate is not in available in the bindings list then proceed with the below instructions to set the appropriate permissions. To bind the certificate ...
1. Open the Windows SBS Console. 2. Click NETWORK > CONNECTIVITY. 3. On the CONNECTIVITY tab, under TASK, in the CONNECTIVITY TASKS section, click ADD A TRUSTED CERTIFICATE. 4. In the Add a Trusted Certificate wizard, on the Before you begin page, click NEXT. 5. On the Get the Certificate page, select 'I WANT TO BUY A CERTIFICATE FROM A CERTIFICATE PROVIDER' and then, click NEXT. 6. On the VERIFY THE INFORMATION FOR YOUR TRUSTED CERTIFICATE page, make sure that the information is corre...
1. First off, you need to ensure that you have root access. Otherwise, please contact the webhosting/server administrator. 2. Log into the SSH. 3. Run the following command and replace the domain_name with your domain name such as comodo.com, > _# OPENSSL PKCS12 -EXPORT -OUT /BACKUP/DOMAIN_NAME.PFX -INKEY > /ETC/SSL/PRIVATE/DOMAIN_NAME.KEY -IN /ETC/SSL/CERTS/DOMAIN_NAME.CRT_
Use these instructions to create your CSR (certificate signing request) and then, to install your SSL and intermediate certificates. * To create your CSR, see Citrix NetScaler VPX: Create Your CSR (Certificate Signing Request). * To install your SSL Certificate, see Citrix NetScaler VPX: Install Your SSL Certificate. These instructions were created using Citrix NetScaler 10.1 VPX (50). Depending on which version of Citrix NetScaler VPX you are using, you may need to modify these instr...
This article assumes that you have already created a pending private key in your Key Manager. If you have not created one yet, please check the CSR Generation- JSCAPE MFT Server article. PREREQUISITES: Concatenate the CAbundle and the certificate file which we sent you using the following command. _> CAT DOMAIN_COM.CRT DOMAIN_COM.CA-BUNDLE > SSL-BUNDLE.CRT_ If you are Using GUI Text Editor (Ex: Notepad): (i) To concatenate the certificate files into single bundle file, first open DOMAIN...
The JSCAPE MFT Server uses Key Manager to create and implement SSL certificates. This knowledge base article will describe the process for generating a CSR using the Key Manager. * Start off by opening KEY MANAGER. You can do this by navigating to FILE and then selecting the KEY MANAGER file from the main menu. * When the KEY MANAGER dialog appears, click on the SERVER KEYS tab at the top. * Click on the GENERATE button at the bottom. * In the new GENERATE KEY WIZARD. STEP 1 OF 2 windo...
1. Create an https_server.js file using the following values. you can create file with any name using .js extension. _# VIM HTTPS_SERVER.JS_ var https = require('https'); var fs = require('fs'); var https_options = { ca: fs.readFileSync("/path/to/mydomain.ca-bundle"), key: fs.readFileSync("/path/to/server.key"), cert: fs.readFileSync("/path/to/mydomain.crt") }; https.createServer(options, function (req, res) { res.writeHead(200); res.end("Welcome to Node.js HTTPS Servern"); }).listen(...
MDaemon does not have a method of creating a Certificate Signing Request (CSR) for you in order to obtain a third party SSL certificate issued by a Trusted Root Authority (such as COMODO). Windows has a command line utility, CERTREQ.EXE that will allow you to create a certificate request and import the new certificate into the Windows Certificate Store, where it can be used with MDaemon. 1. GENERATING A CSR : The example below will generate a CSR for a 2048 bit key length certificate. * ...
SSL .pem files (concatenated certificate container files), are frequently required for certificate installations when multiple certificates are being imported as one file. This article contains multiple sets of instructions that walk through various .pem file creation scenarios. CREATING A .PEM WITH THE ENTIRE SSL CERTIFICATE TRUST CHAIN * Log into your Comodo Management Console [https://secure.comodo.com/] and download your Intermediate (COMODOCA.crt), Root (addtrustexternalcaroot.crt),...
SSL INSTALLATION HEROKU All we need to have is the certificate and private key for SSL installation. SSL configuration on Heroku depends slightly on where you are deploying your application. CREATE THE ADDON It is required only if you app in common Runtime. Else you can skip this step. $ heroku addons:create ssl:endpoint ADDING CERTIFICATE, INTERMEDIATE AND PRIVATE KEY We need to combine the certificate and the bundle to a single .crt file. _CAT DOMAIN_COM.CRT DOMAIN_COM.CA-BUNDLE...
HOW DO I MAKE MY OWN BUNDLE FILE FROM CRT FILES? ANSWER: You may do this using you favorite text editor or by using the command line. Example: # Root CA Certificate - AddTrustExternalCARoot.crt # Intermediate CA Certificate 1 - ComodoRSAAddTrustCA.crt OR ComodoECCAddTrustCA.crt # Intermediate CA Certificate 2 - ComodoRSADomain/Organization/ExtendedvalidationSecureServerCA.crt OR ComodoRSAECCDomain/Organization/ExtendedvalidationSecureServerCA.crt # Intermediate CA Certificate 3 - ComodoSHA25...
TO INSTALL YOUR SSL CERTIFICATE ON SAP WEB APPLICATION SERVER STEP 1: DOWNLOADING AND PREPARING CERTIFICATE FOR INSTALLATION: Copy the SSL Certificate from —–BEGIN CERTIFICATE—– TO —–END CERTIFICATE—–WITH NO EXTRA LINES OR SPACES OR CHARACTERS AND PASTE THE CONTENTS OF CERTIFICATE IN A TEXT EDITOR AND SAVE AS .TXT file. Copy the contents of your Root and Intermediate CA into a Notepad file and save it as separate files with a .TXT extension. STEP 2: INSTALLING YOUR SSL CERTIFICATE: Not...
CERTIFICATE INSTALLATION : SAP WEB DISPATCHER STEP 1: Unzip the certificate files onto the server where you will install the certificate. The ZIP file you downloaded contains the following certificates: * SSL certificate (i.e. SSL_CERTIFICATE.CRT) * Intermediate CA certificate (i.e. INTERMEDIATECA.CRT) * Root CA certificate (i.e. ROOT.CRT) Copy the Root CA and Intermediate certificate file onto the server where you will install the certificate. STEP 2. INSTALL THE SSL CERTIFI...
Installing Comodo's SSL certificate on a Dovecot server is straight forward and simple. Please follow these instructions to install your SSL certificate on a Dovecot IMAP Server: STEP 1: Along with your certificate you may get the root and intermediate certificates. For Dovecot/Exim you need to put all these certificates including your site's certificate into one bundle file in order of decreasing distance from the root. The "CA-BUNDLE" file already includes the root and intermediates (_COMO...
  Obtain the SSL certificate issued from Certificate Authority (COMODO [https://ssl.comodo.com/]). When generating your CSR, you created a self-signed certificate as well (see Generate a CSR for Cisco Ironport [https://www.tbs-certificates.co.uk/FAQ/en/generer_csr_cisco_ironport.html]). Click on this certificate. Import the server certificate under UPLOAD SIGNED CERTIFICATE. Upload the Intermediate certificates under UPLOAD INTERMEDIATE CERTIFICATES. Repeat if necessary for additional in...
CSR GENERATION : CISCO IRONPORT Connect to Network/Certificates in Cluster mode and click on "Add Certificates". Select "Create Self-Signed Certificate" and fill the fields indicated Country Name (2 letter code) [AU]: GB State or Province Name (full name) [Some-State]: YORKS Locality Name (eg, city) []: YORK Organization Name (eg, company) [Internet Widgits Pty Ltd]: MYCOMPANY LTD Organizational Unit Name (eg, section) []: IT Common Name (eg, YOUR name) []: MYSUBDOMAIN.MYDOMAIN.COM Email A...
The following error may occur when building projects for Microsoft Visual Studio 2008 - 2015. Error: "Cannot import the following key file: mykey.pfx. The key file may be password protected." Cannot import the following key file: mykey.pfx. The key file may be password protected. To correct this, try to import the certificate again or manually install the certificate to the Strong Name CSP with the following key container name: VS_KEY_C1D3ACB8FBF1AGK4 SOLUTION 1: * Click Start > All Pro...
  Certificate installation on amazon aws console:   In order to install your certificate via AWS IAM (Identity Access Management) you'll have to convert your certificate, the certification chain and the private key in PEM format, if required.   To convert the certificate in the PEM file format.   Open the certificate in a notepad file and save it with the extension .pem   3 - UPLOAD YOUR CERTIFICATE INTO IAM Uploader your certificate into IAM with the following command: aws ...
Starting 1st of August 2016, Comodo will no longer offer SGC variants of our certificates. The move away from SGC to a new certificate type will not impact any website security or browser ubiquity. All Comodo certificates are trusted by 99.9% of browsers and mobile devices and use the very latest security technologies (including SHA-2 algorithms, 2048 signatures and RSA/ECC keys). WHY ARE WE DEPRECATING SGC? While very important in the early part of the millennium, SGC technology has become ...
If you have not yet created a Certificate Signing Request (CSR) and ordered your certificate, see . [http://support.comodo.com/"https://support.comodo.com/index.php?/Knowledgebase/Article/View/1160/38/csr-generation-microsoft-iis-8x
If you already have your SSL Certificate and just need to install it, see IIS 8 and IIS 8.5 SSL Certificate Installation [https://support.comodo.com/index.php?/Knowledgebase/Article/View/1159/0/certificate-installation-microsoft-iis-8x]. HOW TO CREATE A CSR ON WINDOWS SERVER 2012 - IIS 8 AND WINDOWS SERVER 2012 R2 - IIS 8.5   * From the Start screen, click or search for INTERNET INFORMATION SERVICES (IIS) MANAGER and open it. * Click on the server name. * From the center menu, d...
SSL CERTIFICATE INSTALLATION IN APACHE. COPY THE CERTIFICATE FILES TO YOUR SERVER. APACHE SERVER SSL CERTIFICATE INSTALLATION * Download your Intermediate (ComodoRSACA.crt) and Primary Certificate (your_domain_name.crt) files from your Customer Area, then copy them to the directory on your server where you will keep your certificate and key files. Make them readable by root only. * FIND THE APACHE CONFIG FILE TO EDIT. The location and name of the config file can vary from server to s...
There are a few different SSL-related errors in Apache that can cause the following issues: * SSL errors are reported in the log file causing Apache to not start * Untrusted certificate warnings in browsers or intermediate certificate errors on COMODO.com/help * The browser error message "ssl_error_rx_record_too_long" ERRORS THAT KEEP APACHE FROM STARTING Errors that keep Apache from starting can be very frustrating. This usually happens when Apache is reading the configuration files a...
Depending on how your Apache servers are configured, you may need to disable SSL v3. Note that older versions of Internet Explorer may not have the TLS protocol enabled by default. If you disable SSL versions 2.0 and 3.0, the older versions of Internet Explorer will need to enable the TLS protocol before they can connect to your site. APACHE: HOW TO DISABLE THE SSL V3 PROTOCOL * Locate your SSL Protocol Configuration on your Apache server. For example, * Type one the following com...
To encrypt communications between you and your end users, you purchase a SSL Certificate, install it on your server, and then configure your website to use the certificate to protect these communications. The SSL connection begins when the end user's browser reaches out to shake hands with your website. During this handshake, information regarding the ability of the browser and server are exchanged, validation occurs, and a session key that meets both the browser's and server's criteria is cre...
This article uses an ASA 5510 that runs software version 8.0(2) and ASDM version 6.0(2) and provides instructions for generating a Certificate Signing Request (CSR) for Cisco ASA 5510. NOTE: To generate a CSR, you will need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one, your SSL Certificate will no longer match. To generate a certificate signing r...
ADD A SENDER'S CERTIFICATE TO THE ADDRESS BOOK ------------------------- If someone has sent you an e-mail message that is digitally signed with a certificate, you can save the certificate in Outlook. If you have a person's certificate in Outlook, you can send that person an encrypted message. * Open a message that is digitally signed. * In the Info Bar at the top of the message, click DETAILS, and then click ADD ENCRYPTION CERTIFICATE TO CONTACTS. The certificate is stored with you...
IIS 8 AND IIS 8.5: HOST HEADERS, SECURE SITE BINDINGS, AND SSL BACKGROUND In IIS 7, if you used host headers with an SSL Certificate, the same certificate had to be used for every site that was secured. If multiple SSL Certificates were used, the server usually had a problem with providing the correct SSL Certificate when an HTTPS connection was established, which caused a certificate name error. See Name Mismatch in Web Browser [https://support.comodo.com/index.php?/Default/Knowledgebase/Art...
THE SUBJECT ALTERNATIVE NAME FIELD EXPLAINED The SUBJECT ALTERNATIVE NAME field lets you specify additional host names (sites, IP addresses, common names, etc.) to be protected by a single SSL Certificate, such as a Multi-Domain (SAN) or Extend Validation Multi-Domain Certificate. BACKGROUND The SUBJECT ALTERNATIVE NAME extension was a part of the X509 certificate standard before 1999, but it wasn't until the launch of Microsoft Exchange Server 2007 that it was commonly used; this change ma...
SECURITY CERTIFICATE ERRORS The following warnings are presented when you access a website that has a security certificate installed that was issued to a domain other than the you accessed. INTERNET EXPLORER: "The security certificate presented by this website was issued for a different website's address." FIREFOX: "www.example.com uses an invalid security certificate." or "The certificate is only valid for the following names: www.otherdomain.com , otherdomain.com" This happens when the ...
This document provides installation instructions for ASA 5510 that runs software version 8.0(2) and ASDM version 6.0(2). NOTE 1: For Cisco ASDM 6.3 and 6.1, you must install the Root and Intermediate CA Certificates first before generating your RSA key. NOTE 2: The root and intermediate certificates can be downloaded from the end of this article. STEP 1: INSTALL THE COMODO ROOT CA CERTIFICATE : 1. Within ASDM, click CONFIGURATION > DEVICE MANAGEMENT. 2. Click CERTIFICATE MANAGEMENT > CA C...
USING DIGITAL SIGNATURES FOR EMAIL WITH APPLE MAIL AND OUTLOOK FOR OS X You can use S/MIME certificates, also called "S/MIME Certs" or "Personal Certificates", with most email clients to digitally sign and/or encrypt email messages. On this page: * Installing in OS X * Exporting the certificate * Using your certificate with Apple Mail * Using your certificate with Outlook for OS X ------------------------- INSTALLING IN OS X * Double-click the file downloaded or exported. * O...
CREATE TRUSTPOINTS FOR EACH CERTIFICATE BEING INSTALLED If you have not yet created a Certificate Signing Request (CSR) and ordered your certificate, see SSL Certificate CSR Creation for Cisco ASA 5500 VPN [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1179/66/cisco-asa-5500-vpn-csr-generation]. As a way of helping you to manage the certificate chain that will be sent out to clients, you are required to create a trustpoint for each certificate in the chain that is s...
CSR CREATION FOR CISCO ADAPTIVE SECURITY APPLIANCE 5500 If you already have your SSL Certificate and just need to install it, see SSL Certificate Installation for Cisco ASA 5500 VPN [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1181/38/cisco-asa-5500-vpn-certificate-installation]. [https://www.digicert.com/cisco-ssl-devices.htm] How to generate a CSR in Cisco ASA 5500 SSL VPN/Firewal * From the Cisco Adaptive Security Device Manager (ASDM), select "Configur...
INSTALL SSL CERTIFICATE IN CISCO ADAPTIVE SECURITY APPLIANCE 5500 If you have not yet created a Certificate Signing Request (CSR) and ordered your certificate, see SSL Certificate CSR Creation for Cisco ASA 5500 VPN [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1179/66/cisco-asa-5500-vpn-csr-generation]. [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1178/38/cisco-asa-5520-certificate-installation] INSTALLING YOUR SSL CERTIFICATE IN T...
To generate a Certificate Signing Request (CSR) for FortiGate SSL VPN you will need to create a key pair for your server the public key and private key. The CSR need to be provided to a Certificate Authority (CA) for signing and the private key will remain hidden on the FortiGate system where the CSR request is made. To generate a CSR for FortiGate SSL VPN perform the following. STEP 1: GENERATING YOUR CSR REQUEST: * Open your FortiGate Management console. * Click VPN. * Click Cert...
Once you have purchased your certificate, and the domains have been validated as under your ownership, you will receive an email containing the certificate.Once you receive your certificate issuance ZIP file, extract the file(s) contained in the ZIP file to the server. We recommend extracting these to the Desktop or a new directory all together. IMPORTING YOUR SSL CERTIFICATE: * Log into your FortiGate System. * Browse to SYSTEM > CERTIFICATES. * Select IMPORT > LOCAL CERTIFICATE. * ...
EV Code Signing Certificates, along with MS SmartScreen technology, protect users from downloading infected applications and malware. WHAT IS “APPLICATION REPUTATION”? Software downloaded from the Internet is similar to people on the Internet--it's hard to tell which ones are dogs, at least without help. That's where "application reputation" technology comes in. Application reputation is a method employed by Microsoft's SmartScreen(R) filter to distinguish good software from bad software as i...
Under Linux, to check the version number of your Apache server, execute the following command: #apache2ctl -version or #apachectl -version NOTE : If your Apache server's version is less than 2.4.8, please skip this article and go this link CONFIGURE THE APACHE SERVER: 1. Locate the Apache configuration file (example httpd.conf / ssl.conf), the configuration file name can be different depending on your apache version or flavour. Or in a Windows environment (EasyPHP, Wamp, ...) : C:Program ...
  Please use the latest version of signtool for this process. 'SIGNTOOL' available in Windows 8.1 SDK or Windows 10 SDK should be good.  * Download the Comodo cross-signed CA that matches your Code Signing certificate's Root CA. * Open an elevated Windows command prompt (cmd) and run SIGNTOOL.EXE: signtool.exe sign /v /p /ac "CROSS_SIGNED_COMODO_CA_HERE" /f YOUR_PFX_HERE /tr http://timestamp.comodoca.com/rfc3161 [http://timestamp.comodoca.com/rfc3161] "FULL_PATH_TO_FI...
Comodo has the ability to ‘push’ information about issued certificates to your system when the certificates are signed. The signed certificate and certificate chain can optionally also be pushed to your system. This ‘push’ mechanism allows us to notify you when your certificates change status or are signed and available. The signed certificate itself can also optionally be included along with the certificate chain, or you can choose not to have the certificate sent and use the status push to...
Products * FileMaker Server *    14.x *    13.x If security is important to your operations, all machines running FileMaker Server should have a custom SSL certificate. The standard FileMaker SSL certificate installed by default is available for test purposes only. Follow the process in this article to obtain a new certificate or replace an expired certificate. Purchase a Fully Qualified Domain Name (FQDN) YOUR FULLY QUALIFIED DOMAIN NAME (FQDN) IS THE PUBLIC-FACING ADDRESS THAT YO...
* FileMaker Cloud *    1.15.x FileMaker Cloud comes with a trial SSL certificate and "fmi.filemaker-cloud.com" domain that is good for the 1st 90 days. To continue using FileMaker Cloud beyond the trial period, you must purchase a different custom domain name and SSL certificate. Purchase a new domain or sub-domain YOUR DOMAIN NAME IS THE PUBLIC-FACING ADDRESS THAT YOU WOULD LIKE TO USE TO ACCESS FILEMAKER CLOUD.  DOMAIN NAMES CAN BE PURCHASED FROM A DNS REGISTRAR WHO KEEPS THE DOMAIN I...
Products * FileMaker Server *    15.x If security is important to your operations, all machines running FileMaker Server should have a custom SSL certificate. The standard FileMaker SSL certificate installed by default is available for test purposes only. Follow the process in this article to obtain a new certificate or replace an expired certificate. Purchase a Fully Qualified Domain Name (FQDN) Your Fully Qualified Domain Name (FQDN) is the public-facing address that you would l...