News
RSS Feed
Knowledgebase : Comodo Certification Authority

  The private key for a Comodo Code signing certificate is generated by the browser during certificate enrollment. When the submit button is pressed, a key pair of the selected size is generated. The PRIVATE KEY is encrypted and stored in the LOCAL KEY DATABASE. COMODO recommends using INTERNET EXPLORER 8+ on Windows and FIREFOX on Mac for certificate enrollment as it is both easy to apply and convenient for the user. To apply for a Code signing certificate, visit the below URL.. https://ww...
  The private key for a S/MIME certificate is generated by the browser during certificate enrollment. When the submit button is pressed, a key pair of the selected size is generated. The PRIVATE KEY is encrypted and stored in the LOCAL KEY DATABASE. S/MIME certificates can be applied only using INTERNET EXPLORER and MOZILLA FIREFOX. COMODO recommends using INTERNET EXPLORER 8+ on Windows and FIREFOX on Mac for certificate enrollment as it is both easy to apply and convenient for the user. Fo...
  REASON AND SOLUTION: If you want the HTTPS Padlock on your website to look fully green and perfect, you will have to follow the security standards given by the browsers your customers mostly visit using. As it happens, MS Edge, Chrome, Firefox are the most commonly used browsers by the world. These browsers show the padlock of an website in their own unique way and also the warning messages associated with them.   # CHROME says, “_Your connection to example.com is encrypted with obsolet...
Use these instructions to create your CSR (certificate signing request) and then, to install your SSL and intermediate certificates. * To create your CSR, see Mac OS X Yosemite: Create Your CSR. * To install your SSL Certificate, see Mac OS X Yosemite: Install Your SSL Certificate. For El Capitan Server (10.11), please see Mac OS X El Capitan: Create CSR & Install SSL Certificate [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1108/38/os-x-el-capitan-server-c...
Use these instructions to create your CSR (certificate signing request) and then, to install your intermediate and server (SSL) certificates. * To create your CSR, see Mac OS X El Capitan: Create Your CSR. * To install your SSL Certificate, see Mac OS X El Capitan: Install Your SSL Certificate. For Yosemite Server (10.10), please see Mac OS X Yosemite: Create CSR & Install SSL Certificate [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1107/38/os-x-yosemit...
GENERATING A CERTIFICATE SIGNING REQUEST (CSR) USING OPENSSL (APACHE & MOD_SSL, NGINX) A CSR is a file containing your certificate application information, including your Public Key. Generate your CSR and then copy and paste the CSR file into the web form in the enrollment process: GENERATE KEYS AND CERTIFICATE: To generate a pair of private key and public Certificate Signing Request (CSR) for a webserver, "server", use the following command : > OPENSSL REQ -NODES -NEWKEY RSA:2048 -KEYOUT ...
PLEASE CLICK THIS LINK [HTTPS://WWW.COMODO.COM/PDF/COMODO-CPAC-INTERNET-EXPLORER.PDF]TO GET THE LATEST INSTRUCTIONS ON IMPORTING AND EXPORTING [HTTPS://WWW.COMODO.COM/PDF/COMODO-CPAC-INTERNET-EXPLORER.PDF] YOUR EMAIL CERTIFICATE USING INTERNET EXPLORER [HTTPS://WWW.COMODO.COM/PDF/COMODO-CPAC-INTERNET-EXPLORER.PDF] THE FOLLOWING PROCESS DESCRIBES HOW TO BACKUP CERTIFICATES 1. Start Internet Explorer, select Tools, Internet Options, Content, Certificates 2. On the Personal Certificates tab,...
The reason you will see this error message is that an email certificate has already been issued to your email address. If you want to get a new one, then you will have to first revoke the current certificate. Please check REVOCATION OF SECURE EMAIL CERTIFICATE. [HTTPS://SUPPORT.COMODO.COM/INDEX.PHP?/DEFAULT/KNOWLEDGEBASE/ARTICLE/VIEW/720/0/REVOCATION-OF-SECURE-EMAIL-CERTIFICATE] If you have forgot the revocation password, then please Submit a ticket [https://support.comodo.com/index.php?/Defau...
* NOTE As an alternative to the manual instructions on this page, Comodo offers a free utility which will help you generate a CSR, submit it to Comodo and then automatically install your certificate on your IIS website. Click here [https://www.comodo.com/ssl-certificate-auto-installer/index.html] to find out more. GENERATING A CSR ON IIS 7.X * Click START. * Select ADMINISTRATIVE TOOLS. * Start INTERNET SERVICES MANAGER. * Click SERVER NAME. * From the center menu, double-click t...
apache apache apache apache apache apache apache apache apache apache apache apache INSTALLING YOUR CERTIFICATE ON APACHE WITH MOD_SSL * Extract all of the contents of the ZIP file that was sent to you and copy/move them to your server. The extracted contents will typically be named: yourDomainName.crt and yourDomainName.ca-bundle * Move all of the certificate related files to their appropriate directories. A TYPICAL SETUP: * Move the Private Key that was generated earlier to the S...
* NOTE As an alternative to the manual instructions on this page, Comodo offers a free utility which will automatically install your certificate on your IIS website. Click here [https://www.comodo.com/ssl-certificate-auto-installer/index.html] to find out more. INSTALL TO WEB SERVER 1. Open Internet Information Services Manager (IISM) to the appropriate Server Start -> Administrative Tools -> IISM -> Server Name 2. Open the Server Certificates icon. 3. Open 'Complete Certificate Request' W...
Once you receive your certificate issuance ZIP file, extract the file(s) contained in the ZIP file to the server. We recommend extracting these to the Desktop or a new directory all together. OPTION 1 From the Exchange Management Shell, run the following command to install the server, root, and intermediate certificates to their respective certificate stores: Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:certificatesYOUR_CERTIFICATE.cer -Encoding byte -ReadCount 0)) ...
THIS ARTICLE IS FOR ADMINISTRATORS WHO PREFER THE COMMAND SHELL! When your certificate is issued you'll typically receive a file called example__com.cer_. Save it on the server and from the same directory run: certreq -accept example_com.cer This will install the cert in the Windows certificate store and it will be available to those services and products that make use of the Windows certificate store. These products include but are not limited to: IIS, Exchange, Active Directory (LDAPS),...
For more information on this transition, please see: HTTP://WWW.COMODO.COM/E-COMMERCE/SHA-2-TRANSITION.PHP [HTTP://WWW.COMODO.COM/E-COMMERCE/SHA-2-TRANSITION.PHP]
ISSUE: When installing a certificate issued with a SHA-2 signature algorithms (which includes SHA-256, SHA-384, and SHA-512) on Windows Server 2003, the following error is displayed - " The integrity of this certificate cannot be guaranteed. This certificate may be corrupted or may have been altered. " SOLUTION: In order to resolve this error, Microsoft has released a hotfix in order to provide limited compatibility for certificates issued with SHA-2 signature algorithm, this can be downloaded...
Secure certificates of any type currently CANNOT be issued to individuals or business entities in the following countries websites or the following country-code-top-level domains (TLDs):   Restricted Countries Listing: The following countries are restricted by US Export restriction laws, therefore Comodo.com cannot issue ssl certificates for registrants in the following countries   AF Afghanistan CU Cuba ER Eritrea GN Guinea IQ Iraq IR Iran, Islamic Republic of KP Korea, De...
PayPal and Authorize.Net sent a notice to merchants and storefronts whose websites use their service that action may need to be taken to ensure no interruption in service while the two companies work to upgrade various SSL certificates. Over the course of 2015 and 2016, they will be taking steps towards strengthening their SSL certificates across all of their sites. Strengthening SSL certificates equates to switching from the SHA-1 signature algorithm to the SHA-2 signature which is more secure....
CODE SIGNING CERTIFICATES If you have come across malware signed with a Comodo issued Code Signing certificate please send as much detail as possible to: signedmalwarealert@comodo.com Helpful details include: * link to the signed malware * screenshots of the certificate details showing the signer organization or certificate serial number or other details which will help us identify the certificate * a copy of the actual certificate if possible SSL/TLS CERTIFICATES If you need to...
For help using your certificate to sign and encrypt mail or to export and import or your certificate, please select your software or device from the list below. These documents are suitable for both Personal Authentication Certificates and Secure Email Certificates. BROWSERS: * Internet Explorer [https://www.comodo.com/support/products/authentication_certs/setup/ie7.php?key5sk1=649f7696ddcd15b926ed0862b303a6e7b4dd8204] * Comodo Dragon [https://www.comodo.com/support/products/authenticati...
SSL CERTIFICATE INSTALLATION FOR EXCHANGE 2013 If you have not yet created a Certificate Signing Request (CSR) and ordered your certificate, see Exchange 2013 CSR Generation [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/998/19/exchange-2013-ssl-csr-creation] Using COMODO step-by-step Installation instructions for Exchange 2013 will help you navigate the updates made in the new version of Exchange. Please use the tutorial below or contact our support team if you run...
EXCHANGE 2013 SSL CERTIFICATES CSR CREATION HELP If you already have your SSL Certificate and just need to install it, see Exchange 2013 SSL Installation Instructions [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/997/37/exchange-2013-ssl-certificate-installation] There have been many new changes in Exchange 2013. One of those is that the interface is now accessible through a browser. Your Installation of Exchange 2013 will be easier with our great step-by-step tuto...
INSTRUCTIONS FOR INSTALLING YOUR COMODO CODE SIGNING CERTIFICATE After purchasing a standard code signing certificate, COMODO validates your information and sends you an email that contains a link to install your code signing certificate. *SUN JAVA NOTE: If your certificate was keyed for the Sun Java Platform, your code signing certificate installation process is different than the one described on this page. Please see Java Code Signing Certificate Set Up and Usage Guide [https://support.com...
SETTING UP AND USING YOUR ORACLE JAVA CODE SIGNING CERTIFICATE In Java, the process for setting up your COMODO Code Signing Certificate consists of creating a Java keystore and a Certificate Signing Request (CSR) and then, installing your COMODO generated code signing certificate file to the Keystore file from where the CSR was generated. * If you have already set up your code signing certificate and are ready to sign your Java .jar files, see the Signing Java .jar Files with Jarsigner ins...
HOW TO VERIFY YOUR CODE SIGNING CERTIFICATE IS INSTALLED After generating your code signing certificate, we recommend that you take a second to verify that your certificate is installed in the browser’s Certificate Store. Internet Explorer Chrome Firefox   INTERNET EXPLORER: VERIFYING YOUR CLIENT CERTIFICATE IS INSTALLED * In Internet Explorer, go to INTERNET OPTIONS. * In the INTERNET OPTIONS window, on the CONTENT tab, click CERTIFICATES. * In the CERTIFICATES window, on ...
HOW TO VERIFY YOUR CODE SIGNING CERTIFICATE IS INSTALLED After generating your Code Signing Certificate, we recommend that you take a second to verify that your certificate is installed in the keychain or in the browser's Certificate Store. Safari and Chrome Removing the "_This certificate was signed by an unknown authority"_ Warning Message Firefox SAFARI AND CHROME: VERIFYING YOUR CODE SIGNING CERTIFICATE IS INSTALLED If you used Safari or Chrome to install your Code Signing Certificat...
HOW TO EXPORT YOUR CODE SIGNING CERTIFICATE After installing your code signing certificate, you may need to export the certificate for use on a different computer, for signing code, etc. Safari and Chrome Firefox SAFARI AND CHROME: EXPORTING YOUR CODE SIGNING CERTIFICATE AS A P12 FILE If you used Safari or Chrome to install your Code Signing Certificate, the certificate should be located in the login keychain. * Open KEYCHAIN ACCESS. In the FINDER window, under FAVORITES, click APP...
HOW TO EXPORT YOUR CODE SIGNING CERTIFICATE After installing your code signing certificate, you may need to export the certificate for use on a different computer, for signing code, etc. Internet Explorer Chrome Firefox INTERNET EXPLORER: EXPORTING YOUR CODE SIGNING CERTIFICATE AS A PFX FILE * In Internet Explorer, go to INTERNET OPTIONS. * In the INTERNET OPTIONS window, on the CONTENT tab, click CERTIFICATES. * In the CERTIFICATES window, on the PERSONAL tab, select your c...
ISSUE: Profile Manager does not show a code signing certificate when asked to sign configuration profiles. Please try to import the intermediate certificate files manually on the IOS device through the following URLs: * Intermediate 1:https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/966/108/intermediate-1-sha-2-comodo-rsa-certification-authority [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/966/108/intermediate-1-sha-2-comodo-rsa-certific...
This document provides instructions for installing SSL Certificates. If you are unable to use these instructions for your server, COMODO recommends that you contact either the vendor of your software or an organization that supports Stronghold. STEP 1. DOWNLOAD THE COMODO RSA CA CERTIFICATE * Download the Intermediate CA certificate from this link: Comodo [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/620/0/which-is-root-which-is-intermediate] Select the appropri...
PAYPAL IS UPDATING THEIR SSL CERTIFICATES, WHICH WILL IMPACT ALL WEB AND API ENDPOINTS We have been advised that PayPal is going to update their SSL certificates to SHA-2. This update will impact merchants and developers with an integration that does not use the new VeriSign G5 Root Trust Anchor, or those whose hardware / software does not support the SHA-2 signing algorithm. For more information, please refer to the link below: https://devblog.paypal.com/paypal-ssl-certificate-changes/ [htt...
This document provides instructions for generating a Certificate Signing Request (CSR) for Stronghold. If you are not able to use these instructions for your server, COMODO recommends you to contact the server vendor or the organization, which supports Stronghold. NOTE: To generate a CSR, you will need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one...
METHOD 1: VIA CLI 1. Login as root. 2. Adjust the following command to match your information: /OPT/ZIMBRA/BIN/ZMCERTMGR CREATECSR COMM -NEW "/C=US/ST=CALIFORNIA/L=LOS ANGELES/O=COMPANY INC/OU=DEPARTMENT/CN=YOUR.DOMAIN.COM" Where: C = 2-digit country code ST = State/Province L = City O = Organization Name OU = Department (e.g., IT Department) CN = Common Name (mail.domain.com, *.domain.com) If you want to include more than one name in the CSR, you can add -subjectAltNames to the end of the c...
Method 1: Via Zimbra Admin Console 1. Login to your Zimbra Admin Console using a browser. 2. In the left navigation pane under Home click Configure. Click CERTIFICATE. 3. On the right of the Zimbra Admin console click on the settings icon and select Install Certificate. 4. The Certificate Installation Wizard will pop up. 5. Under Server Name Select the Target server you are going to install the certificate for. Click NEXT 6. Select the option Install the commercial signed certificate. C...
In July 2012, the CA/Browser Forum, the industry standards board for Certificate Authorities and the browsers that use Certificates, made a decision to deprecate the usage of reserved IP addresses and internal names for certificates, effective November 1st 2015. All such certificates still outstanding must be revoked by October 31, 2016. _COMODO WILL NOT ISSUE A CERTIFICATE WITH AN EXPIRY DATE LATER THAN 1 NOVEMBER 2015 WITH A SUBJECTALTERNATIVENAME (SAN) EXTENSION OR SUBJECT COMMONNAME (CN) F...
HOW TO CONFIGURE SSL FOR YOUR WINDOWS AZURE WEBSITE ? Once you have the exported .pfx file, you can use it to configure SSL for your Windows Azure website. 1. In a browser, open and log into the Windows Azure Management Portal. 2. On the web sites tab, under NAME, select your website. 3. On your website's page, click CONFIGURE. 4. On the CONFIGURE tab, in the certificates section, under SUBJECT, click upload a certificate. 5. In the Upload a certificate window, under FILE, click BROWSE...
  Requirements for this installation : WWW_DOMAIN.CRT and WWW_DOMAIN.CA-BUNDLE   1. Log in to your Plesk Panel 2. Go to the WEBSITES & DOMAINS tab and select the domain you want to secure. 3. Click on ‘SECURE YOUR SITES’ 4. Select the SSL certificate that was created while generating the CSR code 5. On the next page locate the 'UPLOAD CERTIFICATE FILES' section. Click on the ‘BROWSE’ button and locate the certificate and the CA bundle files from your computer. After both files are chos...
To Generate a CSR on a Plesk 12 System, perform the following: 1. Log into Plesk Panel. To Generate a CSR on a Plesk 12 System perform the following. 2. Under "HOSTING SERVICES", select "Domains". Click the domain name you wish to protect. This link will open the Control panel for that domain. 3. In the Control Panel, go to the WEBSITES & DOMAINS tab. Click the "Show More" tag to display management options. 4. Click "SECURE YOUR SITES". 5. In the "SSL CERTIFICATES" page that then opens, clic...
OVERVIEW This page will help you in Creating Certificate Signing Request (CSR) for your domain. NAVIGATE TO CSR Navigate to the CERTIFICATE SIGNING REQUEST menu under the Security section in the Webuzo Enduser Panel. [http://www.webuzo.com/wiki/File:Csr_home.png] PROCEDURE You must have Private Key for the Domain for which you want to create the Certificate Signing Request (CSR). Populate the details for creating the Certificate Signing Request (CSR) Note : Certificate Signing Request ...
If you have not yet created a Certificate Signing Request (CSR) and ordered your certificate, see Mac OS X Mavericks Server: SSL Certificate CSR Creation [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1038/0/os-x-mavericks-server-ssl-certificate-csr-creation]. MAC OS X MAVERICKS: INSTALLING YOUR SSL CERTIFICATE To install your Mac OS X Mavericks SSL Certificate, complete the steps below. * Install your SSL Certificate. * Assign Your SSL Certificate to Serv...
If you already have your SSL Certificate and just need to install it, see Mac OS X Mavericks Server: SSL Certificate Installation [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1037/0/os-x-mavericks-server-ssl-certificate-installation]. MAC OS X MAVERICKS: CSR CREATION USING THE SERVER APP To get a valid SSL Certificate, you must first generate a CSR (certificate signing request). Then, you will use the contents of the CSR to order your SSL Certificate. Once you re...
This article explains the process of converting a Java Keystore file, into a PKCS12 file which is a .pfx or .p12 . Requirements - A Java Keystore containing the root, intermediate, and your domain/end entity certificate which was imported by following these instructions. [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/638/37/certificate-installation-java-based-web-servers-tomcat-using-keytool] In order to convert the Java Keystore file into a .pfx or .p12 file, you ...
SHA-2 COMPATIBILITY Please see below for minimum versions required for SHA-2 as well as some listed exceptions. SOFTWARE AND HARDWARE THAT SUPPORT SHA-2   BROWSER & SERVER SUPPORT BROWSER MINIMUM BROWSER VERSION Chrome 26+ Firefox 1.5+ Internet Explorer 6+ (With XP SP3+) Konqueror 3.5.6+ Mozilla 1.4+ Netscape 7.1+ Opera 9.0+ Safari 3+ (Ships with OS X 10.5) Server Minimum Server Version 4D Server 14.01+ Amazon...
SSL CERTIFICATE COUNTRY CODES FIND YOUR COUNTRY CODE FROM THE LIST PROVIDED BELOW COUNTRY CODES ARE REQUIRED WHEN CREATING A CERTIFICATE SIGNING REQUEST. THE SSL CERTIFICATE COUNTRY CODES THAT YOU NEED TO ENTER WHEN CREATING YOUR CSR ARE AS FOLLOWS: * US United States of America * CA Canada * AX Åland Islands * AD Andorra * AE United Arab Emirates * AF Afghanistan * AG Antigua and Barbuda * AI Anguilla * AL Albania * AM Armenia * AN Netherlands Antilles * AO Angola ...
LYNC SERVER 2010: SSL CERTIFICATE INSTALLATION If you have not yet created a Certificate Signing Request (CSR) and ordered your certificate, see Lync 2010: Creating a CSR [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1072/0/lync-server-2010-csr-creation]. LYNC 2010: INSTALLING YOUR SSL CERTIFICATE * On the Windows START menu, click All PROGRAMS > MICROSOFT LYNC SERVER 2010 > LYNC SERVER DEPLOYMENT WIZARD. * In the LYNC SERVER 2010 – DEPLOYMENT WIZARD, cli...
HOW TO GENERATE A CSR FOR LYNC 2013 * From the Windows start menu click on LYNC DEPLOYMENT WIZARD icon. * Click on INSTALL or UPDATE Lync Server System. * Under the Request, Install or Assign Certificates section click RUN. * Choose External Edge Certificate and click REQUEST. * Click NEXT. * Choose Prepare the request now, but send it later. * Choose the name and destination for the CSR text file. (i.e. C:DesktopExampleCSR.txt). * On the Specify Alternate Certificate Te...
If you already have your SSL Certificate and just need to install it, see Lotus Domino 8.5 SSL Certificate Installation [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1085/0/lotus-domino-85-ssl-certificate-installation]. CREATE CSR ON DOMINO SERVER 8.5 GENERATING YOUR CERTIFICATE SIGNING REQUEST DOMINO 8.5X * In the Domino Administration client, double-click on Server Certificate Administration. * Choose "Create Key Ring." * If prompted, enter a name and...
Code Signing for Windows Windows Software Development Kit (SDK) contains headers, libraries, and tools you can use when you create apps that run on Windows operating systems. To download the Windows Software Development Kit (SDK) click here [https://www.microsoft.com/en-us/download/details.aspx?id=8279]. IMPORTANT SIGNTOOL OPTIONS: * /AC  -  Specify an Additional Certificate. * /A  -  Automatically selects the best certificate to sign the file from your Windows Certificate Store. ...
  If your certificate uses SHA-2 or has SHA-2 certificates in its chain of trust and you are using it to sign kernel modules, then you should be aware of KB3033929 [https://support.microsoft.com/en-us/kb/3033929], an update for Windows 7 distributed through Windows Update. On versions of Windows 7 without this update, the kernel will reject signatures made with certificates that use SHA-2, so they cannot be used to get a kernel module to load. In order for your driver to install successfully...
THE HISTORY AND BENEFITS OF ECC CERTIFICATES The constant back and forth between hackers and security researchers, coupled with advancements in cheap computational power, results in the need for continued evaluation of acceptable encryption [http://support.comodo.com/ssl-cryptography.htm] algorithms and standards. RSA is currently the industry standard for public-key cryptography and is used in the majority of SSL/TLS Certificates. A popular alternative, first proposed in 1985 by two resear...
MICROSOFT SERVERS: CREATE ECC CSR AND INSTALL ECC SSL CERTIFICATE Before generating an ECC CSR (Elliptic Curve Cryptography Certificate Signing Request) and ordering an ECC SSL Certificate form COMODO, make sure that your environment is compatible with ECC SSL Certificates. For more information about Elliptic Curve Cryptography, see Elliptic Curve Cryptography ECC Explained [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1105/0/what-is-eliptic-curve-cryptography-ecc]. ...
INTRODUCTION STATUS Feature complete, needs testing. FEDORA The dogtag packages are now available in Fedora. The required packages should be pulled in as dependencies when ipa-server is installed. This just makes the binaries available for the IPA installer script. The installer creates and configures the necessary dogtag components to stand up a CA. INSTALLING A dogtag CA is installed by default by IPA. To install using a self-signed CA instead of dogtag pass in the --selfsign argumen...
HOW DO I BACKUP MY CERTIFICATE WITH CHROME 1. In Chrome, go to SETTINGS. 2. On the SETTINGS page, below DEFAULT BROWSER, click SHOW ADVANCED SETTINGS. 3. Under HTTPS/SSL, click MANAGE CERTIFICATES. 4. In the CERTIFICATES window, on the PERSONAL tab, select your code signing certificate and then, click EXPORT. * In the CERTIFICATE EXPORT WIZARD, on the WELCOME page, click NEXT. * On the EXPORT PRIVATE KEY page, select YES, EXPORT PRIVATE KEY and then, click NEXT. 5. On the EXPORT FI...
  You may have to convert a JKS to a PKCS#12 for several reasons. For example, if you have to copy or transfer your certificate from a TOMCAT server (or a platform using JKS file type) to a server using PKCS#12 file type such as Microsoft. The PKCS#12 could also be converted to be installed on platforms using PEM files (Apache for example).   PREREQUISITES: * Keytool application (supplied along with JDK 1.1 and higher) * A JKS file containing the certificate, the private key and the ...
To install the SSL Certificate on your Small Business Server 2008, follow the instructions below. 1. Extract the contents of the .zip file that contains your SSL Certificate and the chain certificates. Save the certificates to the Small Business Server where you generated the CSR. 2. To install the ROOT and INTERMEDIATE CERTIFICATES, check the below article. > ADDING ROOT AND INTERMEDIATE CERTIFICATES VIA MMC > [HTTPS://SUPPORT.COMODO.COM/INDEX.PHP?/DEFAULT/KNOWLEDGEBASE/ARTICLE/VIEW/636/0...
  1. CREATE KEYSTORE: Use the following command to create a keystore: > keytool -genkey -alias youralias -keyalg RSA -keystore yourkeystorename.jks -keysize 2048 NOTE: You will be prompted to enter keystore password when you run the above command. The password of the newly created keystore must match the Glassfish's master password, since the master password is used to access the certificate keystore. The default master password is “_changeit_” and can be changed with the help of the “chang...
If you have multiple servers that need to use the same SSL certificate, such as in a load-balancer environment or using a wildcard [https://ssl.comodo.com/wildcard-ssl-certificates.php] or UC SSL certificates [https://ssl.comodo.com/unified-communications-uc-ssl-certificates.php], you can convert the certificates and private key to a .PFX FILE and THEN IMPORT THE CERTIFICATE ON WINDOWS SERVER SO IT CAN BE USED IN IIS OR EXCHANGE. This may also be necessary when you switch hosting companies. We w...
STEP 1: INSTALLING INTERMEDIATE CERTIFICATES: 1. In the main menu navigate to CERTIFICATES > INTERMEDIATE CERTS. 2. Click the ADD NEW button. 3. Click CHOOSE FILE. 4. Browse to the location and path of your Intermediate .pem 5. Specify a name of your choice for your intermediate certificate under the Certificate Name field 6. Click ADD CERTIFICATE. 7. Click OK. STEP 2: INSTALLING YOUR SSL CERTIFICATE: 1. In the main menu of the LoadMaster WUI go to CERTIFICATES > SSL CERTIFICATES. 2. Click...
Like all certificates you must first create a CSR public/private key pair The CSR should be given to Comodo for signing and the private key will be left on the server. Follow the steps below to generate a CSR: STEP 1: GENERATING YOUR CSR KEYPAIR: * Log into your Kemp LoadMaster WUI. * In the main menu of the LoadMaster WUI, select CERTIFICATES > SSL CERTIFICATES. * Specify a name for you private key in the PRIVATE KEY IDENTIFIER field. * Click GENERATE CSR 5. Specify the following i...
CAUSE: This error occurs if the server administrator does not have permissions to the local security policy on Microsoft Windows 2008 server. SOLUTION: Although the error occurs during installation, the certificate might still install successfully. Check the bindings to see if the new certificate is available to be assigned. If the SSL certificate is not in available in the bindings list then proceed with the below instructions to set the appropriate permissions. To bind the certificate ...
1. Open the Windows SBS Console. 2. Click NETWORK > CONNECTIVITY. 3. On the CONNECTIVITY tab, under TASK, in the CONNECTIVITY TASKS section, click ADD A TRUSTED CERTIFICATE. 4. In the Add a Trusted Certificate wizard, on the Before you begin page, click NEXT. 5. On the Get the Certificate page, select 'I WANT TO BUY A CERTIFICATE FROM A CERTIFICATE PROVIDER' and then, click NEXT. 6. On the VERIFY THE INFORMATION FOR YOUR TRUSTED CERTIFICATE page, make sure that the information is corre...
1. First off, you need to ensure that you have root access. Otherwise, please contact the webhosting/server administrator. 2. Log into the SSH. 3. Run the following command and replace the domain_name with your domain name such as comodo.com, > _# OPENSSL PKCS12 -EXPORT -OUT /BACKUP/DOMAIN_NAME.PFX -INKEY > /ETC/SSL/PRIVATE/DOMAIN_NAME.KEY -IN /ETC/SSL/CERTS/DOMAIN_NAME.CRT_
This article assumes that you have already created a pending private key in your Key Manager. If you have not created one yet, please check the CSR Generation- JSCAPE MFT Server article. PREREQUISITES: Concatenate the CAbundle and the certificate file which we sent you using the following command. _> CAT DOMAIN_COM.CRT DOMAIN_COM.CA-BUNDLE > SSL-BUNDLE.CRT_ If you are Using GUI Text Editor (Ex: Notepad): (i) To concatenate the certificate files into single bundle file, first open DOMAIN...
The JSCAPE MFT Server uses Key Manager to create and implement SSL certificates. This knowledge base article will describe the process for generating a CSR using the Key Manager. * Start off by opening KEY MANAGER. You can do this by navigating to FILE and then selecting the KEY MANAGER file from the main menu. * When the KEY MANAGER dialog appears, click on the SERVER KEYS tab at the top. * Click on the GENERATE button at the bottom. * In the new GENERATE KEY WIZARD. STEP 1 OF 2 windo...
 Before configuring the SSL with node.js, please ensure that you have your 'Private Key', 'Certificate' and 'Intermeidate(s)' certificates. You might have received the following certificates from COMODO. 1) your_domain_name.crt (or) OrderNumber.crt - It is your Server Certificate 2) Intermediate Certificates, it depends upon the type of Certificate you purchase. Mostly, you will get them in the following format. Ex: 'COMODORSAXXXXXXXXXSecureServerCA.crt' and 'COMODORSAAddTrustCA.crt' Note...
MDaemon does not have a method of creating a Certificate Signing Request (CSR) for you in order to obtain a third party SSL certificate issued by a Trusted Root Authority (such as COMODO). Windows has a command line utility, CERTREQ.EXE that will allow you to create a certificate request and import the new certificate into the Windows Certificate Store, where it can be used with MDaemon. 1. GENERATING A CSR : The example below will generate a CSR for a 2048 bit key length certificate. * ...
SSL .pem files (concatenated certificate container files), are frequently required for certificate installations when multiple certificates are being imported as one file. This article contains multiple sets of instructions that walk through various .pem file creation scenarios. CREATING A .PEM WITH THE ENTIRE SSL CERTIFICATE TRUST CHAIN * Log into your Comodo Management Console [https://secure.comodo.com/] and download your Intermediate (COMODOCA.crt), Root (addtrustexternalcaroot.crt),...
HOW DO I MAKE MY OWN BUNDLE FILE FROM CRT FILES? ANSWER: You may do this using you favorite text editor or by using the command line. Example: # Root CA Certificate - AddTrustExternalCARoot.crt # Intermediate CA Certificate 1 - ComodoRSAAddTrustCA.crt OR ComodoECCAddTrustCA.crt # Intermediate CA Certificate 2 - ComodoRSADomain/Organization/ExtendedvalidationSecureServerCA.crt OR ComodoRSAECCDomain/Organization/ExtendedvalidationSecureServerCA.crt # Intermediate CA Certificate 3 - ComodoSHA25...
The following error may occur when building projects for Microsoft Visual Studio 2008 - 2015. Error: "Cannot import the following key file: mykey.pfx. The key file may be password protected." Cannot import the following key file: mykey.pfx. The key file may be password protected. To correct this, try to import the certificate again or manually install the certificate to the Strong Name CSP with the following key container name: VS_KEY_C1D3ACB8FBF1AGK4 SOLUTION 1: * Click Start > All Pro...
  Certificate installation on amazon aws console:   In order to install your certificate via AWS IAM (Identity Access Management) you'll have to convert your certificate, the certification chain and the private key in PEM format, if required.   To convert the certificate in the PEM file format.   Open the certificate in a notepad file and save it with the extension .pem   3 - UPLOAD YOUR CERTIFICATE INTO IAM Uploader your certificate into IAM with the following command: aws ...
MICROSOFT OUTLOOK HAD PROBLEMS ENCRYPTING THIS MESSAGE BECAUSE THE FOLLOWING RECIPIENTS HAD MISSING OR INVALID CERTIFICATES, OR CONFLICTING OR UNSUPPORTED ENCRYPTION CAPABILITIES.   Secure two-way communication is achieved by both ends having certificates and having both parties give everyone their public key. If this is done then anyone, anywhere can send an encrypted (secret) message to either of these two people. These two people have that same ability and can now send encrypted messages ...
If you have not yet created a Certificate Signing Request (CSR) and ordered your certificate, see CSR Generation : IIS 8.x [https://support.comodo.com/index.php?/Knowledgebase/Article/View/1160/19/csr-generation--microsoft-iis-8x] After COMODO issues your SSL Certificate [https://www.instantssl.com], you will first need to install it to the server from which the certificate request was generated. Instructions for: * Single Certificate * Multiple Certificates Using SNI HOW TO INSTALL AND...
If you already have your SSL Certificate and just need to install it, see IIS 8 and IIS 8.5 SSL Certificate Installation [https://support.comodo.com/index.php?/Knowledgebase/Article/View/1159/0/certificate-installation-microsoft-iis-8x]. HOW TO CREATE A CSR ON WINDOWS SERVER 2012 - IIS 8 AND WINDOWS SERVER 2012 R2 - IIS 8.5   * From the Start screen, click or search for INTERNET INFORMATION SERVICES (IIS) MANAGER and open it. * Click on the server name. * From the center menu, d...
This article uses an ASA 5510 that runs software version 8.0(2) and ASDM version 6.0(2) and provides instructions for generating a Certificate Signing Request (CSR) for Cisco ASA 5510. NOTE: To generate a CSR, you will need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one, your SSL Certificate will no longer match. To generate a certificate signing r...
SECURITY CERTIFICATE ERRORS The following warnings are presented when you access a website that has a security certificate installed that was issued to a domain other than the you accessed. INTERNET EXPLORER: "The security certificate presented by this website was issued for a different website's address." FIREFOX: "www.example.com uses an invalid security certificate." or "The certificate is only valid for the following names: www.otherdomain.com , otherdomain.com" This happens when the ...
This document provides installation instructions for ASA 5510 that runs software version 8.0(2) and ASDM version 6.0(2). NOTE 1: For Cisco ASDM 6.3 and 6.1, you must install the Root and Intermediate CA Certificates first before generating your RSA key. NOTE 2: The root and intermediate certificates can be downloaded from the end of this article. STEP 1: INSTALL THE COMODO ROOT CA CERTIFICATE : 1. Within ASDM, click CONFIGURATION > DEVICE MANAGEMENT. 2. Click CERTIFICATE MANAGEMENT > CA C...
USING DIGITAL SIGNATURES FOR EMAIL WITH APPLE MAIL AND OUTLOOK FOR OS X You can use S/MIME certificates, also called "S/MIME Certs" or "Personal Certificates", with most email clients to digitally sign and/or encrypt email messages. On this page: * Installing in OS X * Exporting the certificate * Using your certificate with Apple Mail * Using your certificate with Outlook for OS X ------------------------- INSTALLING IN OS X * Double-click the file downloaded or exported. * O...
To generate a Certificate Signing Request (CSR) for FortiGate SSL VPN you will need to create a key pair for your server the public key and private key. The CSR need to be provided to a Certificate Authority (CA) for signing and the private key will remain hidden on the FortiGate system where the CSR request is made. To generate a CSR for FortiGate SSL VPN perform the following. STEP 1: GENERATING YOUR CSR REQUEST: * Open your FortiGate Management console. * Click VPN. * Click Cert...
Once you have purchased your certificate, and the domains have been validated as under your ownership, you will receive an email containing the certificate.Once you receive your certificate issuance ZIP file, extract the file(s) contained in the ZIP file to the server. We recommend extracting these to the Desktop or a new directory all together. IMPORTING YOUR SSL CERTIFICATE: * Log into your FortiGate System. * Browse to SYSTEM > CERTIFICATES. * Select IMPORT > LOCAL CERTIFICATE. * ...
EV Code Signing Certificates, along with MS SmartScreen technology, protect users from downloading infected applications and malware. WHAT IS “APPLICATION REPUTATION”? Software downloaded from the Internet is similar to people on the Internet--it's hard to tell which ones are dogs, at least without help. That's where "application reputation" technology comes in. Application reputation is a method employed by Microsoft's SmartScreen(R) filter to distinguish good software from bad software as i...
  Please use the latest version of signtool for this process. 'SIGNTOOL' available in Windows 8.1 SDK or Windows 10 SDK should be good.  * Download the Comodo cross-signed CA that matches your Code Signing certificate's Root CA. * Open an elevated Windows command prompt (cmd) and run SIGNTOOL.EXE: signtool.exe sign /v /p /ac "CROSS_SIGNED_COMODO_CA_HERE" /f YOUR_PFX_HERE /tr http://timestamp.comodoca.com/rfc3161 [http://timestamp.comodoca.com/rfc3161] "FULL_PATH_TO_FI...
(EPKI) Enterprise Public Key Infrastructure Manager Version 3.5 For issuance & management of Enterprise - wide SSL Certificates & Secure Email (S/MIME) Certificates
Comodo has the ability to ‘push’ information about issued certificates to your system when the certificates are signed. The signed certificate and certificate chain can optionally also be pushed to your system. This ‘push’ mechanism allows us to notify you when your certificates change status or are signed and available. The signed certificate itself can also optionally be included along with the certificate chain, or you can choose not to have the certificate sent and use the status push to...
WHAT IS CAA? CAA is a standard [https://tools.ietf.org/html/rfc6844] that lets you control what certificate authorities (CAs) are allowed to issue certificates for your domain. You can use CAA to reduce your exposure to vulnerabilities in certificate authority validation systems and to enforce certificate procurement policies. To use CAA, you publish a set of CAA records in your domain's DNS that list the CAs which you authorize to issue certificates. Before issuing a certificate, the CA chec...
1. Once the certificate is collected by your browser, export it along with its private key, "include all certificates in the certification path if possible" and "export all extended properties". The exported file will be .PFX or .P12 format. ( Refer the following articles for exporting the PFX/P12 file. ) Export Certificates (Windows) [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1004/0/export-certificates-windows] Exporting Certificates (MAC) 2. Make sure the late...
CREATING PRIVATE KEY AND CSR: It is recommended to use "openssl" command to generate a Private Key and CSR. See "CSR Generation: Using OpenSSL for Apache [https://support.comodo.com/index.php?/Knowledgebase/Article/View/1/0/csr-generation-using-openssl-apache-wmod_ssl-nginx-os-x]".  Keep the Private Key file safe on your server, and submit the Certificate Signing Request (CSR) with your SSL Certificate order, and complete the necessary validations to get the certificate issued. CONFIGURING ...
To download and install the Safenet Authentication Client software for use the COMODO EV Codesigning Certificate, perform the following steps: NOTE: The SafeNet drivers below are compatible with Microsoft Windows 8, 8.1 and 10 for both 32-bit and 64-bit systems, Mac OSX and Linux. * Unplug your EToken/Smartcard from your device (this could be your USB device or CAC card) * Right click and save the SAFENET AUTHENTICATION CLIENT file on your Microsoft Windows computer (Choose 10.3 for Wind...
Comodo websites and ordering systems will no longer accept connections from servers and clients which do not have TLS 1.1 or higher enabled.  WHAT'S GOING ON? PCI standards require that TLS 1.0 can no longer be used for secure communications. All web servers and clients must transition to TLS 1.1 or above. The PCI DSS standards can be read in full here: https://www.pcisecuritystandards.org/document_library [https://www.pcisecuritystandards.org/document_library] Comodo will disable TLS 1.0 ...
Please see the attachments for sample Legal Opinion Letter for EV based on organizational type. Sample Legal Opinion Letter for EV for Accountants. * Sample text to be used when sending letter from a Certified Public Accountant to verify facts regarding an EV SSL Certificate Order.     Sample Legal Opinion Letter for EV for Verifying a Government Organization * Government departments should use this form when asked to supply a legal opinion.     Sample Legal Opinion Letter for ...
TLS/SSL MAXIMUM VALIDITY NOT TO EXCEED 825 DAYS / 27 MONTHS As a result of a change in the policy requirements on Certification Authorities that resulted from consultation in the CA/Browser forum, Comodo CA will adopt a new maximum lifetime for all TLS/SSL certificates of 825 days.  825 days is just over 27 months.    This change will take effect from March 1st, 2018.    _THIS CHANGE DOES NOT AFFECT ANY CERTIFICATE ISSUED BEFORE MARCH 1ST, 2018.    NO CERTIFICATES WILL BE REVOKED AS A RESU...
FAQ: MAXIMUM CERTIFICATE TERMS OF 27 MONTHS Q:        WHY WILL COMODO STOP ISSUING 3 YEAR CERTIFICATES? A:         This is an industry-wide directive which affects all certificate authorities. In accordance with the CA/Browser Forum Baseline Requirements, effective March 1st 2018, Certificate Authorities (CAs) will no longer be able to issue SSL Certificates with a validity period longer than 27 months. Q:        WHEN WILL THE 2-YEAR MAXIMUM TERM LIMITATION TAKE EFFECT?    A:         Mar...
USE COMMAND JARSIGNER WITH THE CLI (COMMAND LINE INTERFACE) TO SIGN JAVA .JAR FILES 1. Create a file named eToken.cfg that contains the following lines, and save it to your JDK bin folder (e.g. C:Program Files (x86)Javajdk1.7.0_05bin). name=eToken library=c:WINDOWSsystem32eTPKCS11.dll 2. In Windows Explorer, navigate to the JDK folder. 3. In the JDK folder, push and hold Shift, right-click on the bin folder, and select "Open command window here". 4. To view the COMODO EV Code Signing ...
To ensure alignment and enhancement of security parameters for re-issue requests, Comodo CA has recently deployed some changes to reinforce the existing policy of not allowing changes to organizational details on re-issues if the certificate has been issued for 45 days when the request was made by API. Specifically, we are adding logic to support a new parameter to the AutoReplaceSSL API.  The parameter will be IgnoreLateOrgDetailsChanges=Y.  When this parameter is supplied for OV and EV order...
Help Desk Software by Kayako
© 2018 Comodo Security Solutions, Inc. All rights reserved.