RSS Feed
Knowledgebase : Comodo Certification Authority

  The private key for a Comodo Code signing certificate is generated by the browser during certificate enrollment. When the submit button is pressed, a key pair of the selected size is generated. The PRIVATE KEY is encrypted and stored in the LOCAL KEY DATABASE. COMODO recommends using INTERNET EXPLORER 8+ on Windows and FIREFOX on Mac for certificate enrollment as it is both easy to apply and convenient for the user. To apply for a Code signing certificate, visit the below URL.. https://ww...
The private key for a S/MIME certificate is generated by the browser during certificate enrollment. When the submit button is pressed, a key pair of the selected size is generated. The PRIVATE KEY is encrypted and stored in the LOCAL KEY DATABASE. S/MIME certificates can be applied only using INTERNET EXPLORER and MOZILLA FIREFOX. COMODO recommends using INTERNET EXPLORER 8+ on Windows and FIREFOX on Mac for certificate enrollment as it is both easy to apply and convenient for the user. For ap...
CODE SIGNING CERTIFICATES If you have come across malware signed with a Comodo issued Code Signing certificate please send as much detail as possible to: signedmalwarealert@comodo.com Helpful details include: * link to the signed malware * screenshots of the certificate details showing the signer organization or certificate serial number or other details which will help us identify the certificate * a copy of the actual certificate if possible SSL/TLS CERTIFICATES If you need to...
REASON AND SOLUTION: If you want the SSL Padlock on your website to look fully green and perfect, then you will have to follow the security standards given by the browsers your customers mostly visit using. As it happens, Internet Explorer, Chrome, Firefox are the most commonly used browsers by the world. These browsers show the padlock of an website in their own unique way and also the warning messages associated with them. # CHROME says, "_Your connection to example.com is encrypted with ob...
PREREQUISITES: Concatenate the CAbundle and the certificate file which we sent you using the following command. _> CAT DOMAIN_COM.CRT DOMAIN_COM.CA-BUNDLE > SSL-BUNDLE.CRT_ If you are Using GUI Text Editor (Ex: Notepad): (i) To concatenate the certificate files into single bundle file, first open DOMAINNAME.CRT and DOMAINNAME.CA-BUNDLE files using any text editor. (ii) Now copy all the content of DOMAINNAME.CRT and paste it on the top of DOMAINNAME.CA-BUNDLE file. (iii) Now save the ...
Use these instructions to create your CSR (certificate signing request) and then, to install your SSL and intermediate certificates. * To create your CSR, see Mac OS X Yosemite: Create Your CSR. * To install your SSL Certificate, see Mac OS X Yosemite: Install Your SSL Certificate. For El Capitan Server (10.11), please see Mac OS X El Capitan: Create CSR & Install SSL Certificate [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1108/38/os-x-el-capitan-server-c...
Use these instructions to create your CSR (certificate signing request) and then, to install your intermediate and server (SSL) certificates. * To create your CSR, see Mac OS X El Capitan: Create Your CSR. * To install your SSL Certificate, see Mac OS X El Capitan: Install Your SSL Certificate. For Yosemite Server (10.10), please see Mac OS X Yosemite: Create CSR & Install SSL Certificate [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1107/38/os-x-yosemit...
GENERATING A CERTIFICATE SIGNING REQUEST (CSR) USING OPENSSL (APACHE & MOD_SSL, NGINX) A CSR is a file containing your certificate application information, including your Public Key. Generate your CSR and then copy and paste the CSR file into the web form in the enrollment process: GENERATE KEYS AND CERTIFICATE: To generate a pair of private key and public Certificate Signing Request (CSR) for a webserver, "server", use the following command : > OPENSSL REQ -NODES -NEWKEY RSA:2048 -KEYOUT ...
The reason you will see this error message is that an email certificate has already been issued to your email address. If you want to get a new one, then you will have to first revoke the current certificate. Please check REVOCATION OF SECURE EMAIL CERTIFICATE. [HTTPS://SUPPORT.COMODO.COM/INDEX.PHP?/DEFAULT/KNOWLEDGEBASE/ARTICLE/VIEW/720/0/REVOCATION-OF-SECURE-EMAIL-CERTIFICATE] If you have forgot the revocation password, then please Submit a ticket [https://support.comodo.com/index.php?/Defau...
* NOTE As an alternative to the manual instructions on this page, Comodo offers a free utility which will help you generate a CSR, submit it to Comodo and then automatically install your certificate on your IIS website. Click here [https://www.comodo.com/ssl-certificate-auto-installer/index.html] to find out more. GENERATING A CSR ON IIS 7.X * Click START. * Select ADMINISTRATIVE TOOLS. * Start INTERNET SERVICES MANAGER. * Click SERVER NAME. * From the center menu, double-click t...
apache apache apache apache apache apache apache apache apache apache apache apache INSTALLING YOUR CERTIFICATE ON APACHE WITH MOD_SSL * Extract all of the contents of the ZIP file that was sent to you and copy/move them to your server. The extracted contents will typically be named: yourDomainName.crt and yourDomainName.ca-bundle * Move all of the certificate related files to their appropriate directories. A TYPICAL SETUP: * Move the Private Key that was generated earlier to the S...
* NOTE As an alternative to the manual instructions on this page, Comodo offers a free utility which will automatically install your certificate on your IIS website. Click here [https://www.comodo.com/ssl-certificate-auto-installer/index.html] to find out more. INSTALL TO WEB SERVER 1. Open Internet Information Services Manager (IISM) to the appropriate Server Start -> Administrative Tools -> IISM -> Server Name 2. Open the Server Certificates icon. 3. Open 'Complete Certificate Request...
Once you receive your certificate issuance ZIP file, extract the file(s) contained in the ZIP file to the server. We recommend extracting these to the Desktop or a new directory all together. OPTION 1 From the Exchange Management Shell, run the following command to install the server, root, and intermediate certificates to their respective certificate stores: Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:certificatesYOUR_CERTIFICATE.cer -Encoding byte -ReadCount 0)) ...
THIS ARTICLE IS FOR ADMINISTRATORS WHO PREFER THE COMMAND SHELL! When your certificate is issued you'll typically receive a file called example__com.cer_. Save it on the server and from the same directory run: certreq -accept example_com.cer This will install the cert in the Windows certificate store and it will be available to those services and products that make use of the Windows certificate store. These products include but are not limited to: IIS, Exchange, Active Directory (LDAPS),...
For more information on this transition, please see: HTTP://WWW.COMODO.COM/E-COMMERCE/SHA-2-TRANSITION.PHP [HTTP://WWW.COMODO.COM/E-COMMERCE/SHA-2-TRANSITION.PHP]
ISSUE: When installing a certificate issued with a SHA-2 signature algorithms (which includes SHA-256, SHA-384, and SHA-512) on Windows Server 2003, the following error is displayed - " The integrity of this certificate cannot be guaranteed. This certificate may be corrupted or may have been altered. " SOLUTION: In order to resolve this error, Microsoft has released a hotfix in order to provide limited compatibility for certificates issued with SHA-2 signature algorithm, this can be downloaded...
Secure certificates of any type currently CANNOT be issued to individuals or business entities in the following countries websites or the following country-code-top-level domains (TLDs): Restricted Countries Listing: The following countries are restricted by US Export restriction laws, therefore Comodo.com cannot issue ssl certificates for registrants in the following countries AF Afghanistan CU Cuba ER Eritrea GN Guinea IQ Iraq IR Iran, Islamic Republic of KP Korea, Democratic...
PayPal and Authorize.Net sent a notice to merchants and storefronts whose websites use their service that action may need to be taken to ensure no interruption in service while the two companies work to upgrade various SSL certificates. Over the course of 2015 and 2016, they will be taking steps towards strengthening their SSL certificates across all of their sites. Strengthening SSL certificates equates to switching from the SHA-1 signature algorithm to the SHA-2 signature which is more secure....
For help using your certificate to sign and encrypt mail or to export and import or your certificate, please select your software or device from the list below. These documents are suitable for both Personal Authentication Certificates and Secure Email Certificates. BROWSERS: * Internet Explorer [https://www.comodo.com/support/products/authentication_certs/setup/ie7.php?key5sk1=649f7696ddcd15b926ed0862b303a6e7b4dd8204] * Comodo Dragon [https://www.comodo.com/support/products/authenticati...
SSL CERTIFICATE INSTALLATION FOR EXCHANGE 2013 If you have not yet created a Certificate Signing Request (CSR) and ordered your certificate, see Exchange 2013 CSR Generation [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/998/19/exchange-2013-ssl-csr-creation] Using COMODO step-by-step Installation instructions for Exchange 2013 will help you navigate the updates made in the new version of Exchange. Please use the tutorial below or contact our support team if you run...
EXCHANGE 2013 SSL CERTIFICATES CSR CREATION HELP If you already have your SSL Certificate and just need to install it, see Exchange 2013 SSL Installation Instructions [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/997/37/exchange-2013-ssl-certificate-installation] There have been many new changes in Exchange 2013. One of those is that the interface is now accessible through a browser. Your Installation of Exchange 2013 will be easier with our great step-by-step tuto...
INSTRUCTIONS FOR INSTALLING YOUR COMODO CODE SIGNING CERTIFICATE After purchasing a standard code signing certificate, COMODO validates your information and sends you an email that contains a link to install your code signing certificate. *SUN JAVA NOTE: If your certificate was keyed for the Sun Java Platform, your code signing certificate installation process is different than the one described on this page. Please see Java Code Signing Certificate Set Up and Usage Guide [https://support.com...
SETTING UP AND USING YOUR ORACLE JAVA CODE SIGNING CERTIFICATE In Java, the process for setting up your COMODO Code Signing Certificate consists of creating a Java keystore and a Certificate Signing Request (CSR) and then, installing your COMODO generated code signing certificate file to the Keystore file from where the CSR was generated. * If you have already set up your code signing certificate and are ready to sign your Java .jar files, see the Signing Java .jar Files with Jarsigner ins...
HOW TO VERIFY YOUR CODE SIGNING CERTIFICATE IS INSTALLED After generating your code signing certificate, we recommend that you take a second to verify that your certificate is installed in the browser's Certificate Store. Internet Explorer Chrome Firefox INTERNET EXPLORER: VERIFYING YOUR CLIENT CERTIFICATE IS INSTALLED * In Internet Explorer, go to INTERNET OPTIONS. * In the INTERNET OPTIONS window, on the CONTENT tab, click CERTIFICATES. * In the CERTIFICATES window, on the...
HOW TO VERIFY YOUR CODE SIGNING CERTIFICATE IS INSTALLED After generating your Code Signing Certificate, we recommend that you take a second to verify that your certificate is installed in the keychain or in the browser's Certificate Store. Safari and Chrome Removing the "_This certificate was signed by an unknown authority"_ Warning Message Firefox SAFARI AND CHROME: VERIFYING YOUR CODE SIGNING CERTIFICATE IS INSTALLED If you used Safari or Chrome to install your Code Signing Certificat...
HOW TO EXPORT YOUR CODE SIGNING CERTIFICATE After installing your code signing certificate, you may need to export the certificate for use on a different computer, for signing code, etc. Safari and Chrome Firefox SAFARI AND CHROME: EXPORTING YOUR CODE SIGNING CERTIFICATE AS A P12 FILE If you used Safari or Chrome to install your Code Signing Certificate, the certificate should be located in the login keychain. * Open KEYCHAIN ACCESS. In the FINDER window, under FAVORITES, click APP...
HOW TO EXPORT YOUR CODE SIGNING CERTIFICATE After installing your code signing certificate, you may need to export the certificate for use on a different computer, for signing code, etc. Internet Explorer Chrome Firefox INTERNET EXPLORER: EXPORTING YOUR CODE SIGNING CERTIFICATE AS A PFX FILE * In Internet Explorer, go to INTERNET OPTIONS. * In the INTERNET OPTIONS window, on the CONTENT tab, click CERTIFICATES. * In the CERTIFICATES window, on the PERSONAL tab, select your c...
ISSUE: Profile Manager does not show a code signing certificate when asked to sign configuration profiles. Please try to import the intermediate certificate files manually on the IOS device through the following URLs: * Intermediate 1:https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/966/108/intermediate-1-sha-2-comodo-rsa-certification-authority [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/966/108/intermediate-1-sha-2-comodo-rsa-certific...
This document provides instructions for installing SSL Certificates. If you are unable to use these instructions for your server, COMODO recommends that you contact either the vendor of your software or an organization that supports Stronghold. STEP 1. DOWNLOAD THE COMODO RSA CA CERTIFICATE * Download the Intermediate CA certificate from this link: Comodo [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/620/0/which-is-root-which-is-intermediate] Select the appropri...
PAYPAL IS UPDATING THEIR SSL CERTIFICATES, WHICH WILL IMPACT ALL WEB AND API ENDPOINTS We have been advised that PayPal is going to update their SSL certificates to SHA-2. This update will impact merchants and developers with an integration that does not use the new VeriSign G5 Root Trust Anchor, or those whose hardware / software does not support the SHA-2 signing algorithm. For more information, please refer to the link below: https://devblog.paypal.com/paypal-ssl-certificate-changes/ [htt...
This document provides instructions for generating a Certificate Signing Request (CSR) for Stronghold. If you are not able to use these instructions for your server, COMODO recommends you to contact the server vendor or the organization, which supports Stronghold. NOTE: To generate a CSR, you will need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one...
METHOD 1: VIA CLI 1. Login as root. 2. Adjust the following command to match your information: /OPT/ZIMBRA/BIN/ZMCERTMGR CREATECSR COMM -NEW "/C=US/ST=CALIFORNIA/L=LOS ANGELES/O=COMPANY INC/OU=DEPARTMENT/CN=YOUR.DOMAIN.COM" Where: C = 2-digit country code ST = State/Province L = City O = Organization Name OU = Department (e.g., IT Department) CN = Common Name (mail.domain.com, *.domain.com) If you want to include more than one name in the CSR, you can add -subjectAltNames to the end of the c...
Method 1: Via Zimbra Admin Console 1. Login to your Zimbra Admin Console using a browser. 2. In the left navigation pane under Home click Configure. Click CERTIFICATE. 3. On the right of the Zimbra Admin console click on the settings icon and select Install Certificate. 4. The Certificate Installation Wizard will pop up. 5. Under Server Name Select the Target server you are going to install the certificate for. Click NEXT 6. Select the option Install the commercial signed certificate. C...
In July 2012, the CA/Browser Forum, the industry standards board for Certificate Authorities and the browsers that use Certificates, made a decision to deprecate the usage of reserved IP addresses and internal names for certificates, effective November 1st 2015. All such certificates still outstanding must be revoked by October 31, 2016. _COMODO WILL NOT ISSUE A CERTIFICATE WITH AN EXPIRY DATE LATER THAN 1 NOVEMBER 2015 WITH A SUBJECTALTERNATIVENAME (SAN) EXTENSION OR SUBJECT COMMONNAME (CN) F...
HOW TO CONFIGURE SSL FOR YOUR WINDOWS AZURE WEBSITE ? Once you have the exported .pfx file, you can use it to configure SSL for your Windows Azure website. 1. In a browser, open and log into the Windows Azure Management Portal. 2. On the web sites tab, under NAME, select your website. 3. On your website's page, click CONFIGURE. 4. On the CONFIGURE tab, in the certificates section, under SUBJECT, click upload a certificate. 5. In the Upload a certificate window, under FILE, click BROWSE...
Requirements for this installation : WWW_DOMAIN.CRT and WWW_DOMAIN.CA-BUNDLE 1. Log in to your Plesk Panel 2. Go to the WEBSITES & DOMAINS tab and select the domain you want to secure. 3. Click on ‘SECURE YOUR SITES’ 4. Select the SSL certificate that was created while generating the CSR code 5. On the next page locate the 'UPLOAD CERTIFICATE FILES' section. Click on the 'BROWSE' button and locate the certificate and the CA bundle files from your computer. After both files are chosen, clic...
To Generate a CSR on a Plesk 12 System, perform the following: 1. Log into Plesk Panel. To Generate a CSR on a Plesk 12 System perform the following. 2. Under "HOSTING SERVICES", select "Domains". Click the domain name you wish to protect. This link will open the Control panel for that domain. 3. In the Control Panel, go to the WEBSITES & DOMAINS tab. Click the "Show More" tag to display management options. 4. Click "SECURE YOUR SITES". 5. In the "SSL CERTIFICATES" page that then opens, clic...
OVERVIEW This page will help you in Creating Certificate Signing Request (CSR) for your domain. NAVIGATE TO CSR Navigate to the CERTIFICATE SIGNING REQUEST menu under the Security section in the Webuzo Enduser Panel. [http://www.webuzo.com/wiki/File:Csr_home.png] PROCEDURE You must have Private Key for the Domain for which you want to create the Certificate Signing Request (CSR). Populate the details for creating the Certificate Signing Request (CSR) Note : Certificate Signing Request ...
If you have not yet created a Certificate Signing Request (CSR) and ordered your certificate, see Mac OS X Mavericks Server: SSL Certificate CSR Creation [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1038/0/os-x-mavericks-server-ssl-certificate-csr-creation]. MAC OS X MAVERICKS: INSTALLING YOUR SSL CERTIFICATE To install your Mac OS X Mavericks SSL Certificate, complete the steps below. * Install your SSL Certificate. * Assign Your SSL Certificate to Serv...
If you already have your SSL Certificate and just need to install it, see Mac OS X Mavericks Server: SSL Certificate Installation [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1037/0/os-x-mavericks-server-ssl-certificate-installation]. MAC OS X MAVERICKS: CSR CREATION USING THE SERVER APP To get a valid SSL Certificate, you must first generate a CSR (certificate signing request). Then, you will use the contents of the CSR to order your SSL Certificate. Once you re...
This article explains the process of converting a Java Keystore file, into a PKCS12 file which is a .pfx or .p12 . Requirements - A Java Keystore containing the root, intermediate, and your domain/end entity certificate which was imported by following these instructions. [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/638/37/certificate-installation-java-based-web-servers-tomcat-using-keytool] In order to convert the Java Keystore file into a .pfx or .p12 file, you ...
SHA-2 COMPATIBILITY Please see below for minimum versions required for SHA-2 as well as some listed exceptions. SOFTWARE AND HARDWARE THAT SUPPORT SHA-2 BROWSER & SERVER SUPPORT BROWSER MINIMUM BROWSER VERSION Chrome 26+ Firefox 1.5+ Internet Explorer 6+ (With XP SP3+) Konqueror 3.5.6+ Mozilla 1.4+ Netscape 7.1+ Opera 9.0+ Safari 3+ (Ships with OS X 10.5) Server Minimum Server Version 4D Server 14.01+ Amazon Web...
SSL CERTIFICATE COUNTRY CODES FIND YOUR COUNTRY CODE FROM THE LIST PROVIDED BELOW COUNTRY CODES ARE REQUIRED WHEN CREATING A CERTIFICATE SIGNING REQUEST. THE SSL CERTIFICATE COUNTRY CODES THAT YOU NEED TO ENTER WHEN CREATING YOUR CSR ARE AS FOLLOWS: * US United States of America * CA Canada * AX Åland Islands * AD Andorra * AE United Arab Emirates * AF Afghanistan * AG Antigua and Barbuda * AI Anguilla * AL Albania * AM Armenia * AN Netherlands Antilles * AO Angola ...
NOTE: If you already have your SSL Certificate and just need to install it, see Lync 2010: Installing a SSL Certificate [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1073/0/lync-server-2010-certificate-installation]. LYNC 2010: GENERATING A CSR * On the Windows START menu, click ALL PROGRAMS > MICROSOFT LYNC SERVER 2010 > LYNC SERVER DEPLOYMENT WIZARD. * In the LYNC SERVER 2010 – DEPLOYMENT WIZARD, click INSTALL OR UPDATE LYNC SERVER SYSTEM. * Under STEP...
LYNC SERVER 2010: SSL CERTIFICATE INSTALLATION If you have not yet created a Certificate Signing Request (CSR) and ordered your certificate, see Lync 2010: Creating a CSR [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1072/0/lync-server-2010-csr-creation]. LYNC 2010: INSTALLING YOUR SSL CERTIFICATE * On the Windows START menu, click All PROGRAMS > MICROSOFT LYNC SERVER 2010 > LYNC SERVER DEPLOYMENT WIZARD. * In the LYNC SERVER 2010 – DEPLOYMENT WIZARD, cli...
HOW TO GENERATE A CSR FOR LYNC 2013 * From the Windows start menu click on LYNC DEPLOYMENT WIZARD icon. * Click on INSTALL or UPDATE Lync Server System. * Under the Request, Install or Assign Certificates section click RUN. * Choose External Edge Certificate and click REQUEST. * Click NEXT. * Choose Prepare the request now, but send it later. * Choose the name and destination for the CSR text file. (i.e. C:DesktopExampleCSR.txt). * On the Specify Alternate Certificate Te...
HOW TO INSTALL YOUR SSL CERTIFICATE IN LYNC 2013 * From the Windows start menu click on Lync Deployment Wizard icon. * Click on INSTALL or update Lync Server System. * Under the Request, Install or Assign Certificates section click RUN. * Choose External Edge Certificate and click IMPORT CERTIFICATE. * Use the Browse button, and locate your certificate file (will be .pfx if you used DigiCert Windows Utility. If using a .pfx file be sure to check the Certificate file contains ...
If you already have your SSL Certificate and just need to install it, see Lotus Domino 8.5 SSL Certificate Installation [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1085/0/lotus-domino-85-ssl-certificate-installation]. CREATE CSR ON DOMINO SERVER 8.5 GENERATING YOUR CERTIFICATE SIGNING REQUEST DOMINO 8.5X * In the Domino Administration client, double-click on Server Certificate Administration. * Choose "Create Key Ring." * If prompted, enter a name and...
Code Signing for Windows Windows Software Development Kit (SDK) contains headers, libraries, and tools you can use when you create apps that run on Windows operating systems. To download the Windows Software Development Kit (SDK) click here [https://www.microsoft.com/en-us/download/details.aspx?id=8279]. IMPORTANT SIGNTOOL OPTIONS: * /AC  -  Specify an Additional Certificate. * /A  -  Automatically selects the best certificate to sign the file from your Windows Certificate Store. ...
  If your certificate uses SHA-2 or has SHA-2 certificates in its chain of trust and you are using it to sign kernel modules, then you should be aware of KB3033929 [https://support.microsoft.com/en-us/kb/3033929], an update for Windows 7 distributed through Windows Update. On versions of Windows 7 without this update, the kernel will reject signatures made with certificates that use SHA-2, so they cannot be used to get a kernel module to load. In order for your driver to install successfully...
APACHE: CREATE ECC CSR AND INSTALL ECC SSL CERTIFICATE Before generating an ECC CSR (Elliptic Curve Cryptography Certificate Signing Request) and ordering an ECC SSL Certificate form COMODO, make sure that your environment is compatible with ECC SSL Certificates. For more information about Elliptic Curve Cryptography, see Elliptic Curve Cryptography ECC Explained [http://support.comodo.com/ecc.htm]. Use these instructions to generate the ECC CSR and then install your ECC SSL Certificate. ...
THE HISTORY AND BENEFITS OF ECC CERTIFICATES The constant back and forth between hackers and security researchers, coupled with advancements in cheap computational power, results in the need for continued evaluation of acceptable encryption [http://support.comodo.com/ssl-cryptography.htm] algorithms and standards. RSA is currently the industry standard for public-key cryptography and is used in the majority of SSL/TLS Certificates. A popular alternative, first proposed in 1985 by two resear...
MICROSOFT SERVERS: CREATE ECC CSR AND INSTALL ECC SSL CERTIFICATE Before generating an ECC CSR (Elliptic Curve Cryptography Certificate Signing Request) and ordering an ECC SSL Certificate form COMODO, make sure that your environment is compatible with ECC SSL Certificates. For more information about Elliptic Curve Cryptography, see Elliptic Curve Cryptography ECC Explained [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1105/0/what-is-eliptic-curve-cryptography-ecc]. ...
INTRODUCTION STATUS Feature complete, needs testing. FEDORA The dogtag packages are now available in Fedora. The required packages should be pulled in as dependencies when ipa-server is installed. This just makes the binaries available for the IPA installer script. The installer creates and configures the necessary dogtag components to stand up a CA. INSTALLING A dogtag CA is installed by default by IPA. To install using a self-signed CA instead of dogtag pass in the --selfsign argumen...
HOW DO I BACKUP MY CERTIFICATE WITH CHROME 1. In Chrome, go to SETTINGS. 2. On the SETTINGS page, below DEFAULT BROWSER, click SHOW ADVANCED SETTINGS. 3. Under HTTPS/SSL, click MANAGE CERTIFICATES. 4. In the CERTIFICATES window, on the PERSONAL tab, select your code signing certificate and then, click EXPORT. * In the CERTIFICATE EXPORT WIZARD, on the WELCOME page, click NEXT. * On the EXPORT PRIVATE KEY page, select YES, EXPORT PRIVATE KEY and then, click NEXT. 5. On the EXPORT FI...
You may have to convert a JKS to a PKCS#12 for several reasons. For example, if you have to copy or transfer your certificate from a TOMCAT server (or a platform using JKS file type) to a server using PKCS#12 file type such as Microsoft. The PKCS#12 could also be converted to be installed on platforms using PEM files (Apache for example). PREREQUISITES: * Keytool application (supplied along with JDK 1.1 and higher) * A JKS file containing the certificate, the private key and the certific...
To install the SSL Certificate on your Small Business Server 2008, follow the instructions below. 1. Extract the contents of the .zip file that contains your SSL Certificate and the chain certificates. Save the certificates to the Small Business Server where you generated the CSR. 2. To install the ROOT and INTERMEDIATE CERTIFICATES, check the below article. > ADDING ROOT AND INTERMEDIATE CERTIFICATES VIA MMC > [HTTPS://SUPPORT.COMODO.COM/INDEX.PHP?/DEFAULT/KNOWLEDGEBASE/ARTICLE/VIEW/636/0...
1. CREATE DIRECTORY FOR THE KEYSTORE AND CSR: Open a command prompt and type the following: _> mkdir sslcert_ Then cd to the newly created directory by typing the following command: _> cd sslcert_ 2. CREATE KEYSTORE: Use the following command to create a keystore: _> keytool -genkey -alias youralias -keyalg RSA -keystore yourkeystorename.jks -keysize 2048_ You will be prompted to enter keystore password. The default password that comes with glassfish is "_CHANGEIT_" except you ha...
If you have multiple servers that need to use the same SSL certificate, such as in a load-balancer environment or using a wildcard [https://ssl.comodo.com/wildcard-ssl-certificates.php] or UC SSL certificates [https://ssl.comodo.com/unified-communications-uc-ssl-certificates.php], you can convert the certificates and private key to a .PFX FILE and THEN IMPORT THE CERTIFICATE ON WINDOWS SERVER SO IT CAN BE USED IN IIS OR EXCHANGE. This may also be necessary when you switch hosting companies. We w...
STEP 1: INSTALLING INTERMEDIATE CERTIFICATES: 1. In the main menu navigate to CERTIFICATES > INTERMEDIATE CERTS. 2. Click the ADD NEW button. 3. Click CHOOSE FILE. 4. Browse to the location and path of your Intermediate .pem 5. Specify a name of your choice for your intermediate certificate under the Certificate Name field 6. Click ADD CERTIFICATE. 7. Click OK. STEP 2: INSTALLING YOUR SSL CERTIFICATE: 1. In the main menu of the LoadMaster WUI go to CERTIFICATES > SSL CERTIFICATES. 2. Click...
Like all certificates you must first create a CSR public/private key pair The CSR should be given to Comodo for signing and the private key will be left on the server. Follow the steps below to generate a CSR: STEP 1: GENERATING YOUR CSR KEYPAIR: * Log into your Kemp LoadMaster WUI. * In the main menu of the LoadMaster WUI, select CERTIFICATES > SSL CERTIFICATES. * Specify a name for you private key in the PRIVATE KEY IDENTIFIER field. * Click GENERATE CSR 5. Specify the following i...
CAUSE: This error occurs if the server administrator does not have permissions to the local security policy on Microsoft Windows 2008 server. SOLUTION: Although the error occurs during installation, the certificate might still install successfully. Check the bindings to see if the new certificate is available to be assigned. If the SSL certificate is not in available in the bindings list then proceed with the below instructions to set the appropriate permissions. To bind the certificate ...
1. Open the Windows SBS Console. 2. Click NETWORK > CONNECTIVITY. 3. On the CONNECTIVITY tab, under TASK, in the CONNECTIVITY TASKS section, click ADD A TRUSTED CERTIFICATE. 4. In the Add a Trusted Certificate wizard, on the Before you begin page, click NEXT. 5. On the Get the Certificate page, select 'I WANT TO BUY A CERTIFICATE FROM A CERTIFICATE PROVIDER' and then, click NEXT. 6. On the VERIFY THE INFORMATION FOR YOUR TRUSTED CERTIFICATE page, make sure that the information is corre...
1. First off, you need to ensure that you have root access. Otherwise, please contact the webhosting/server administrator. 2. Log into the SSH. 3. Run the following command and replace the domain_name with your domain name such as comodo.com, > _# OPENSSL PKCS12 -EXPORT -OUT /BACKUP/DOMAIN_NAME.PFX -INKEY > /ETC/SSL/PRIVATE/DOMAIN_NAME.KEY -IN /ETC/SSL/CERTS/DOMAIN_NAME.CRT_
Use these instructions to create your CSR (certificate signing request) and then, to install your SSL and intermediate certificates. * To create your CSR, see Citrix NetScaler VPX: Create Your CSR (Certificate Signing Request). * To install your SSL Certificate, see Citrix NetScaler VPX: Install Your SSL Certificate. These instructions were created using Citrix NetScaler 10.1 VPX (50). Depending on which version of Citrix NetScaler VPX you are using, you may need to modify these instr...
This article assumes that you have already created a pending private key in your Key Manager. If you have not created one yet, please check the CSR Generation- JSCAPE MFT Server article. PREREQUISITES: Concatenate the CAbundle and the certificate file which we sent you using the following command. _> CAT DOMAIN_COM.CRT DOMAIN_COM.CA-BUNDLE > SSL-BUNDLE.CRT_ If you are Using GUI Text Editor (Ex: Notepad): (i) To concatenate the certificate files into single bundle file, first open DOMAIN...
The JSCAPE MFT Server uses Key Manager to create and implement SSL certificates. This knowledge base article will describe the process for generating a CSR using the Key Manager. * Start off by opening KEY MANAGER. You can do this by navigating to FILE and then selecting the KEY MANAGER file from the main menu. * When the KEY MANAGER dialog appears, click on the SERVER KEYS tab at the top. * Click on the GENERATE button at the bottom. * In the new GENERATE KEY WIZARD. STEP 1 OF 2 windo...
1. Create an https_server.js file using the following values. you can create file with any name using .js extension. _# VIM HTTPS_SERVER.JS_ var https = require('https'); var fs = require('fs'); var https_options = { ca: fs.readFileSync("/path/to/mydomain.ca-bundle"), key: fs.readFileSync("/path/to/server.key"), cert: fs.readFileSync("/path/to/mydomain.crt") }; https.createServer(options, function (req, res) { res.writeHead(200); res.end("Welcome to Node.js HTTPS Servern"); }).listen(...
MDaemon does not have a method of creating a Certificate Signing Request (CSR) for you in order to obtain a third party SSL certificate issued by a Trusted Root Authority (such as COMODO). Windows has a command line utility, CERTREQ.EXE that will allow you to create a certificate request and import the new certificate into the Windows Certificate Store, where it can be used with MDaemon. 1. GENERATING A CSR : The example below will generate a CSR for a 2048 bit key length certificate. * ...
SSL .pem files (concatenated certificate container files), are frequently required for certificate installations when multiple certificates are being imported as one file. This article contains multiple sets of instructions that walk through various .pem file creation scenarios. CREATING A .PEM WITH THE ENTIRE SSL CERTIFICATE TRUST CHAIN * Log into your Comodo Management Console [https://secure.comodo.com/] and download your Intermediate (COMODOCA.crt), Root (addtrustexternalcaroot.crt),...
HOW DO I MAKE MY OWN BUNDLE FILE FROM CRT FILES? ANSWER: You may do this using you favorite text editor or by using the command line. Example: # Root CA Certificate - AddTrustExternalCARoot.crt # Intermediate CA Certificate 1 - ComodoRSAAddTrustCA.crt OR ComodoECCAddTrustCA.crt # Intermediate CA Certificate 2 - ComodoRSADomain/Organization/ExtendedvalidationSecureServerCA.crt OR ComodoRSAECCDomain/Organization/ExtendedvalidationSecureServerCA.crt # Intermediate CA Certificate 3 - ComodoSHA25...
The following error may occur when building projects for Microsoft Visual Studio 2008 - 2015. Error: "Cannot import the following key file: mykey.pfx. The key file may be password protected." Cannot import the following key file: mykey.pfx. The key file may be password protected. To correct this, try to import the certificate again or manually install the certificate to the Strong Name CSP with the following key container name: VS_KEY_C1D3ACB8FBF1AGK4 SOLUTION 1: * Click Start > All Pro...
If you have not yet created a Certificate Signing Request (CSR) and ordered your certificate, see . [http://support.comodo.com/"https://support.comodo.com/index.php?/Knowledgebase/Article/View/1160/38/csr-generation-microsoft-iis-8x
If you already have your SSL Certificate and just need to install it, see IIS 8 and IIS 8.5 SSL Certificate Installation [https://support.comodo.com/index.php?/Knowledgebase/Article/View/1159/0/certificate-installation-microsoft-iis-8x]. HOW TO CREATE A CSR ON WINDOWS SERVER 2012 - IIS 8 AND WINDOWS SERVER 2012 R2 - IIS 8.5   * From the Start screen, click or search for INTERNET INFORMATION SERVICES (IIS) MANAGER and open it. * Click on the server name. * From the center menu, d...
This article uses an ASA 5510 that runs software version 8.0(2) and ASDM version 6.0(2) and provides instructions for generating a Certificate Signing Request (CSR) for Cisco ASA 5510. NOTE: To generate a CSR, you will need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one, your SSL Certificate will no longer match. To generate a certificate signing r...
IIS 8 AND IIS 8.5: HOST HEADERS, SECURE SITE BINDINGS, AND SSL BACKGROUND In IIS 7, if you used host headers with an SSL Certificate, the same certificate had to be used for every site that was secured. If multiple SSL Certificates were used, the server usually had a problem with providing the correct SSL Certificate when an HTTPS connection was established, which caused a certificate name error. See Name Mismatch in Web Browser [https://support.comodo.com/index.php?/Default/Knowledgebase/Art...
THE SUBJECT ALTERNATIVE NAME FIELD EXPLAINED The SUBJECT ALTERNATIVE NAME field lets you specify additional host names (sites, IP addresses, common names, etc.) to be protected by a single SSL Certificate, such as a Multi-Domain (SAN) or Extend Validation Multi-Domain Certificate. BACKGROUND The SUBJECT ALTERNATIVE NAME extension was a part of the X509 certificate standard before 1999, but it wasn't until the launch of Microsoft Exchange Server 2007 that it was commonly used; this change ma...
SECURITY CERTIFICATE ERRORS The following warnings are presented when you access a website that has a security certificate installed that was issued to a domain other than the you accessed. INTERNET EXPLORER: "The security certificate presented by this website was issued for a different website's address." FIREFOX: "www.example.com uses an invalid security certificate." or "The certificate is only valid for the following names: www.otherdomain.com , otherdomain.com" This happens when the ...
This document provides installation instructions for ASA 5510 that runs software version 8.0(2) and ASDM version 6.0(2). NOTE 1: For Cisco ASDM 6.3 and 6.1, you must install the Root and Intermediate CA Certificates first before generating your RSA key. NOTE 2: The root and intermediate certificates can be downloaded from the end of this article. STEP 1: INSTALL THE COMODO ROOT CA CERTIFICATE : 1. Within ASDM, click CONFIGURATION > DEVICE MANAGEMENT. 2. Click CERTIFICATE MANAGEMENT > CA C...
USING DIGITAL SIGNATURES FOR EMAIL WITH APPLE MAIL AND OUTLOOK FOR OS X You can use S/MIME certificates, also called "S/MIME Certs" or "Personal Certificates", with most email clients to digitally sign and/or encrypt email messages. On this page: * Installing in OS X * Exporting the certificate * Using your certificate with Apple Mail * Using your certificate with Outlook for OS X ------------------------- INSTALLING IN OS X * Double-click the file downloaded or exported. * O...
CSR CREATION FOR CISCO ADAPTIVE SECURITY APPLIANCE 5500 If you already have your SSL Certificate and just need to install it, see SSL Certificate Installation for Cisco ASA 5500 VPN [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1181/38/cisco-asa-5500-vpn-certificate-installation]. [https://www.digicert.com/cisco-ssl-devices.htm] How to generate a CSR in Cisco ASA 5500 SSL VPN/Firewal * From the Cisco Adaptive Security Device Manager (ASDM), select "Configur...
To generate a Certificate Signing Request (CSR) for FortiGate SSL VPN you will need to create a key pair for your server the public key and private key. The CSR need to be provided to a Certificate Authority (CA) for signing and the private key will remain hidden on the FortiGate system where the CSR request is made. To generate a CSR for FortiGate SSL VPN perform the following. STEP 1: GENERATING YOUR CSR REQUEST: * Open your FortiGate Management console. * Click VPN. * Click Cert...
Once you have purchased your certificate, and the domains have been validated as under your ownership, you will receive an email containing the certificate.Once you receive your certificate issuance ZIP file, extract the file(s) contained in the ZIP file to the server. We recommend extracting these to the Desktop or a new directory all together. IMPORTING YOUR SSL CERTIFICATE: * Log into your FortiGate System. * Browse to SYSTEM > CERTIFICATES. * Select IMPORT > LOCAL CERTIFICATE. * ...
EV Code Signing Certificates, along with MS SmartScreen technology, protect users from downloading infected applications and malware. WHAT IS “APPLICATION REPUTATION”? Software downloaded from the Internet is similar to people on the Internet--it's hard to tell which ones are dogs, at least without help. That's where "application reputation" technology comes in. Application reputation is a method employed by Microsoft's SmartScreen(R) filter to distinguish good software from bad software as i...
  Please use the latest version of signtool for this process. 'SIGNTOOL' available in Windows 8.1 SDK or Windows 10 SDK should be good.  * Download the Comodo cross-signed CA that matches your Code Signing certificate's Root CA. * Open an elevated Windows command prompt (cmd) and run SIGNTOOL.EXE: signtool.exe sign /v /p /ac "CROSS_SIGNED_COMODO_CA_HERE" /f YOUR_PFX_HERE /tr http://timestamp.comodoca.com/rfc3161 [http://timestamp.comodoca.com/rfc3161] "FULL_PATH_TO_FI...
(EPKI) Enterprise Public Key Infrastructure Manager Version 3.5
Comodo has the ability to ‘push’ information about issued certificates to your system when the certificates are signed. The signed certificate and certificate chain can optionally also be pushed to your system. This ‘push’ mechanism allows us to notify you when your certificates change status or are signed and available. The signed certificate itself can also optionally be included along with the certificate chain, or you can choose not to have the certificate sent and use the status push to...