Friday, April 06, 2012

SSL Cert Install Issues - Digicert SSL certs

Ok I just had to do this in February but I already forgot all these little things you have to do to get SSL certificates from Digicert working in various systems. Documenting installation process here to aid my somewhat non-functional short term memory.

login at digicert:
https://www.digicert.com/custsupport/

Go to My orders Tab

Click on Cert

Rekey cert
http://www.digicert.com/ssl-support/ssl-certificate-reissue.htm

Choose 2048 bits

Generate IIS cert on web server:
http://www.digicert.com/csr-creation-microsoft-iis-7.htm

After cert generation, close and go back into IIS or hit F5 to refresh to get the new cert to show up

Add the CSR to your cert at digicert. Wait a few minutes for it to get reissued.

Get the Certificate from digicert (download it) after has been reissued.

When you try to import - if you get ASN1 bad key -
Run digicert util to import the key instead
https://www.digicert.com/util/

Go to site bindings and edit - choose your new SSL cert - shouldn't need to restart the web server.

Test your site - SSL should be working.

Now for IMail mail server...you have to go through some hijinks to get that working with your IIS cert. Instructions here:

http://support.ipswitch.com/kb/IM-20030415-DM01.htm

With these steps IMAIL will work for general email clients like Outlook.

OK on to Java...

If you are connecting to IMail from a Java app and TLS you'll get an error stating that PKIX path building failed. In this case you need to go to the digicert site and get the IIS digicert and CA root certs and add them to the cert file you created in teh step above for IMail. You can download all three certs as a zip file when you click the download button (under the cert box). Put them in the IIS file in this order, type "reset" button. Re-enter password. Hit Apply. Restart all Imail services.

-----BEGIN CERTIFICATE-----
blah blah blah ...your cert
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
blah blah blah ...digicert ca cert
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
blah blah blah ...root cert
-----END CERTIFICATE-----

At least that worked for me....

Now for the Java web server...
http://www.digicert.com/ssl-certificate-installation-java.htm

Hopefully next time will go a little smoother...unless somebody changes something.
Subscribe to: Posts (Atom)