May 2023

How to Install an SSL/TLS Certificate In Microsoft IIS 7 The following instructions will guide you through the SSL installation process on Microsoft IIS 7. If you have more than one server or device, you will need to install the certificate on each server or device you need to secure. If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions and disregard the steps below. What You’ll Need Your server certificate This is the certificate you received from the CA for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order. Your intermediate certificates These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate. Your private key This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it. Installation Instructions Launch IIS Manager Click Start, Control Panel, Administrative Tools, and then select Internet Information Services (IIS) Manager. Select your server name In the left Connections menu, select the server name (host) where you want to install the certificate. Navigate to the Security section In the center menu, click the Server Certificates icon under the Security section near the bottom. Click Complete Certificate Request In the right Actions menu, click Complete Certificate Request. Browse to your Server Certificate In the Complete Certificate Request wizard, click “…” to browse and select Your Server Certificate file that was previously saved on your server’s desktop. Name your certificate Enter a Friendly Name which is an internal reference name to distinguish the file later. We recommend including the CAs name and expiration date. Click OK Click OK and the newly installed certificate should appear in the refreshed Server Certificate List. Note: If you receive an error during this step, please reference the “Known Error Messages in IIS 7” section below. Binding Your Certificate to Your Website Now, proceed with the remaining steps which will help you assign or bind the SSL certificate to the appropriate website. Access your Sites folder From the left Connections menu, expand your server’s name, expand the Sites folder, and then select the site (e.g. Default Web Site) that you want to secure. Click Bindings… In the right Actions menu, click Bindings… Click Add In Site Bindings…, click Add.Note: If you already have the appropriate site binding created, click “Edit” and change the SSL Certificate accordingly. Input the following In Add Site Bindings, enter the following information: Type – Select “https”. IP Address– Select “All unassigned”. Now, if you have multiple IP addresses, select the correct one that applies. Port – Enter “443” unless you are listening to SSL traffic on another port (e.g. 992). SSL Certificates – Select the “friendly name” of the SSL certificate you just installed.  You can always click “View” to confirm the certificates validity details. Click Ok Click Ok to finish binding the SSL certificate to your live website. Congratulations! You’ve successfully installed your SSL certificate! To check your work, visit the website in your browser at https://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect. To check your server’s configurations more thoroughly, use our SSL Checker Tool or contact our Customer Experience Department for additional assistance. Known Error Messages in IIS 7 Microsoft IIS 7 is known to generate one of the two error messages: “Cannot find the certificate request associated with this certificate file. A certificate request must be completed on the computer where it was created.” And “ASN1 bad tag value met.” If you are certain this is the same server where you generated the CSR, then the error may be meaningless and the certificate may have correctly installed. To test this, close the dialog and click “F5” to refresh the list of server certificates. The new certificate should now be in the list, and you can continue with the next step. However, if the newly installed certificate does not appear in the server certificate list, we recommend you re-issue the certificate with a new CSR and attempt the installation process again. Here are some instructions to guide you through the reissuance process: Generate a new CSR Generate a new Certificate Signing Request (CSR) in Microsoft IIS 7. Access your Account Control Panel Log in to your Account Control Panel. Select your Active Certificate Select your Active Certificate. Click Re-Issue Certificate Click the Re-Issue Certificate button. Paste your new CSR Paste in your new CSR. Complete Domain Validation Submit and complete domain validation again (if required). Save the new certificate Save the newly issued SSL certificate on your server’s desktop. Repeat the Installation Instructions Repeat the SSL installation process referencing the above instructions. Manual Intermediate Installation Instructions If the intermediate certificates did not successfully install and configure themselves accordingly, please reference the instructions below on how to manually install them in Microsoft IIS 7. Open your Intermediate Certificate Double-click the previously saved Intermediate Certificate from your server’s desktop and click Open. Click Install Certificate… In the Certificate, under the General tab, click Install Certificate… to start the importation process and then click Next. Select Place all certificates in the following store Select Place all certificates in the following store and click Browse. Check Show physical stores Check the Show physical stores box. Expand Intermediate Certification Authorities Expand the Intermediate Certification Authorities folder. Select Local Computer Select Local Computer, click OK, then Finish. Restart your server Restart your Microsoft IIS server.  

 How to Install an SSL/TLS Certificate In Microsoft IIS 5 & 6 The following instructions will guide you through the SSL installation process on Microsoft IIS 5 & 6. If you have more than one server or device, you will need to install the certificate on each server or device you need to secure. If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions and disregard the steps below. What You’ll Need Your server certificate This is the certificate you received from the CA for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order. Your intermediate certificates These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate. Your private key This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it. Installation Instructions Launch your IIS Manager Click Start, Control Panel, Administrative Tools, and then select Internet Information Services (IIS) Manager. Access your Web Sites folder In the left menu, click + next to your local computer and then Web Sites. Access your website’s Properties Right-click the website (i.e. Default Web Site) that you want to protect and click Properties. Go to Directory Security In the Default Web Site Properties window, select the Directory Security tab, click Server Certificate…, and then Next. Select Process the pending request and install the certificate Select Process the pending request and install the certificate and then click Next. Browse to your server certificate Click Browse and locate Your Server Certificate (.crt or .cer) that you previously saved on your server’s desktop.Note: In the Open window, select “All files (*.*) for Files of type. This will help when searching for the .crt or .cer file. Complete the installation Click Next, Next, and Finish to complete the installation process. Congratulations! You’ve successfully installed your SSL certificate! To check your work, visit the website in your browser at https://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect. To check your server’s configurations more thoroughly, use our SSL Checker Tool or contact our Customer Experience Department for additional assistance. Manual Intermediate Installation Instructions If the intermediate certificates did not successfully install and configure themselves, please reference the instructions below on how to manually install them in Microsoft IIS 5 & 6. Open your Intermediate Certificate Double-click the previously saved Intermediate Certificate from your server’s desktop and click Open. Click Install Certificate… In the Certificate, under the General tab, click Install Certificate… to start the importation process and then click Next. Select Place all certificates in the following store Select Place all certificates in the following store and click Browse. Check Show physical stores Check the Show physical stores box. Expand Intermediate Certification Authorities Expand the Intermediate Certification Authorities folder. Select Local Computer Select Local Computer, click Ok, then Finish. Restart your server Restart your Microsoft IIS server.  

How to Install an SSL/TLS Certificate In Microsoft Exchange 2010 The following instructions will guide you through the SSL installation process on Microsoft Exchange 2010. If you have more than one server or device, you will need to install the certificate on each server or device you need to secure. If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions and disregard the steps below. What You’ll Need Your server certificate This is the certificate you received from the CA for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order. Your intermediate certificates These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate. Your private key This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it. Installation Instructions Copy your certificate Copy your Primary Certificate to your Exchange Server’s desktop. Select Exchange Management Console Open the Start menu, go to Programs, select Microsoft Exchange 2010 and then choose Exchange Management Console. Select Server Configuration Click the Manage Databases link, then select Server Configuration. Select Complete Pending Request Find your certificate on the menu in the center of the screen, then click Complete Pending Request in the Actions menu.   Open your certificate Find your certificate file, then select Open, then Complete. Note: Exchange 2010 sometimes gives an error message, “The source data is corrupted or not properly Base64 encoded.” Hit the “F5” key to refresh and make sure it says “False” under “Self-Signed.” If it does still say true, you may need to regenerate your CSR on the current Exchange 2010 Server, or reissue your certificate. Enable your certificate Next you will need to enable your certificate, go back to the Exchange Management Console and select Assign Services to Certificate. Select your server Select your server, then click next. Choose your services Choose the services for which you would like to enable your new certificate: Next > Assign > Finish Note: If you prefer to install your certificate using Exchange Powershell, just run the following command where just the desired services are specified by the Enable-ExchangeCertificate segment of the command: Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:\your_domain_name.p7b -Encoding byte -ReadCount 0)) | Enable-ExchangeCertificate -Services “IIS,POP,IMAP,SMTP” Congratulations! You’ve successfully installed your SSL certificate! To check your work, visit the website in your browser at https://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect.  

How to Install an SSL/TLS Certificate In Microsoft Exchange 2007 The following instructions will guide you through the SSL installation process on Microsoft Exchange 2007. If you have more than one server or device, you will need to install the certificate on each server or device you need to secure. If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions and disregard the steps below. What You’ll Need Your server certificate This is the certificate you received from the CA for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order. Your intermediate certificates These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate. Your private key This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it. Installation Instructions Copy and save your certificate on your Exchange Server. Connect to your Exchange Server via FTP and copy your SSL Certificate File onto your Exchange Server’s desktop. Select Exchange Management Shell From the Start menu, choose MS Exchange Server 2007, then select Exchange Management Shell. Run the Import and Enable commands together Run the Import-ExchangeCertificate and Enable-ExchangeCertificate commands together: Import-ExchangeCertificate -Path C:\newcert.p7b | Enable-ExchangeCertificate –Services “SMTP, IMAP, POP, IIS” Note: Both commands are run on the same line, divided by a “pipe” character. Verify the certificate has been enabled To verify whether or not the certificate has been enabled, run the following command: C:\> Get-ExchangeCertificate -DomainName your.domain.name Note: In the Services column, SIP and W are abbreviations for “SMTP,” “IMAP,” “POP3” and “Web (IIS). If the Certificate is not properly enabled, run the Enable-ExchangeCertificate command line again by copying the thumbprint of your certificate as shown below: Enable-ExchangeCertificate -ThumbPrint [paste] -Services “SMTP, IMAP, POP, IIS” Congratulations! You’ve successfully installed your SSL certificate! To check your work, visit the website in your browser at https://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect. To check your server’s configurations more thoroughly, use our SSL Checker Tool or contact our Customer Experience Department for additional assistance. Manual Intermediate Installation Instructions Select Run Open the Start menu, select Run… Access mmc Type mmc, click OK. The Microsoft Management Console window should open. Select Add/Remove Snap-In Select the File menu, choose Add/Remove Snap-In. Add a Certificate Click Certificates, then Add. Select the correct account Select the correct computer account, then Next. Choose Local Computer Choose Local Computer, then click Finish. Click OK Click OK to close Add/Remove Snap-Ins. Expand the Certificate folder In the Console window, expand Certificates. Import your intermediate certificate Right-click on Intermediate Certification Authorities, hover over All Tasks, then select Import. Click Next The Certificate Import Wizard should appear, click Next. Select Browse Select Browse and locate the Intermediate Certificate file. Change the extension to PKCS #7 Change the extension filter in the bottom right corner to: PKCS #7 Certificates (*.spc;*.p7b). Open the Certificate File Select the Certificate File and click Open. Click Next Choose Next. Click Place All Certificate in the Following Store Click Place All Certificate in the Following Store. Select Browser Select Browser, choose Intermediate Certification Authorities, then click Next. Select Finish Select Finish.  

How to Install an SSL/TLS Certificate In Media Temple (GRID) The following instructions will guide you through the SSL installation process on Media Temple (GRID). If you have more than one server or device, you will need to install the certificate on each server or device you need to secure. If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions and disregard the steps below. What You’ll Need Your server certificate This is the certificate you received from the CA for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order. Your intermediate certificates These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate. Your private key This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it. Installation Instructions Log in to Media Temple Log in to Media Temple and view your Account Center. Select your domain Click Domains in the navigation bar and select the appropriate domain name you would like to secure. View your GRID Access your GRID Control Panel. Note: The list of configuration options can vary depending on if you selected the “primary domain” under your account. Choose “Primary Domain” or “Alternative Domain” For securing the Primary Domain, scroll domain to Add-Ons and select SSL Certificate. For securing alternative domains (meaning, not your Primary Domain), scroll domain to Alternative Domain Admin and select SSL Certificate. Import certificate In the configuration page, click Import Certificate. Input your certificate files Copy and paste your Certificate Files into the appropriate text box(s). Key – This is your private key that was created during the generation process. Note 1:Leave this text box blank if you previously created the Certificate Signing Request (CSR) and private key in your Account Center. Media Temple will auto-fill the appropriate key file. Note 2: If you made the CSR and private key outside of your Media Temple account and failed to save the files, you will have problems proceeding and may need to re-issue the SSL certificate with a newly created key pair. Certificate – This is your server certificate that was issued to your domain(s). Note:If you received the certificate in a ZIP file, click “Extract All” and then drag your server certificate into a text editor such as Notepad. This will allow you to copy all text contents needed including “—–BEGIN CERTIFICATE—–” and “END CERTIFICATE—–“. CA/Chain Certificate – This is your intermediate certificates that allow browsers and devices to understand who issued your trusted certificate.Note 1:If you have multiple intermediate certificates, paste each of them one after another to create the correct certificate chain/path. Note 2: If you forgot to save these files, download the appropriate CA/Chain Certificate for your certificate. Save your certificate files Once you have inputted all of the certificate files into the appropriate boxes, click Save. Note: It could take Media Temple up to 24 hours to finish configuring your SSL certificate on your live site. Please feel free to contact your host if this process takes longer than usual.   Congratulations! You’ve successfully installed your SSL certificate! To check your work, visit the website in your browser at https://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect.  

How to Install an SSL/TLS Certificate in Mac OS X El Capitan (v.10.11) The following instructions will guide you through the SSL installation process on Mac OS X El Capitan (v.10.11). If you have more than one server or device, you will need to install the certificate on each server or device you need to secure. If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions and disregard the steps below. What You’ll Need Your server certificate This is the certificate you received from the CA for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order. Your intermediate certificates These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate. Your private key This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it. Installation Instructions Launch the server app Launch and access the Mac OS El Capitan (v10.11) Server App. Select Keychain Access From the Finder window, under Favorites, select Applications, then Utilities, and click Keychain Access. Select system From the Keychain Access window, under Keychains, select System. Move the Intermediate Certificates Drag-and-drop the Intermediate Certificates (.cer or .crt) file into the System folder. Modify Keychain Enter the Administrator’s Password and click Modify Keychain.  Open the Server application From the Finder window, under Favorites, select Applications and then Server. Choose the correct server name From the Server App window, under Choose a Mac, select one of the following options to determine which server to install the SSL Certificate on: To install the SSL Certificate on thecurrent server: Click This Mac – YourServerNameand click Enter the Administrator Nameand Password and click To install the SSL Certificate on another server: Click Other Mac – YourOtherServerNameand click Enter your Host Name and IP Address. Enter the Administrator Name and Passwordand click Access your Certificates section From the Server App window, under the Server section, click Certificates.  Select your Pending certificate From the Certificate page, select the Pending certificate that you created during the CSR generation process. On the resulting Certificates page, you will see a box titled “Drag files received from your certificate vendor here”, drag-and-drop Your Server Certificate (.crt or .cer) into this box and click Ok. Go back to the main Certificates page From the Server App window, under Server, click Certificates. Select the Custom option On the Certificates page, click the Secure services using drop-down menu, and select Custom. Assign Your Server Certificate From the Service Certificates window, in your Certificate List, choose Your Server Certificate for each service you’d like to use the SSL Certificate for. It is recommended that you select all services that are used for communications (e.g. file sharing, mail, websites, etc.), then click OK. Congratulations! You’ve successfully installed your SSL certificate! To check your work, visit the website in your browser at https://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect.  

How to Install an SSL/TLS Certificate In LiteSpeed The following instructions will guide you through the SSL installation process on LiteSpeed. If you have more than one server or device, you will need to install the certificate on each server or device you need to secure. If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions and disregard the steps below. What You’ll Need Your server certificate This is the certificate you received from the CA for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order. Your intermediate certificates These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate. Your private key This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it. Installation Instructions Add a new Listener In your LiteSpeed WebAdmin console, click Listeners and then Add. Configure the new Listener Use the following Address Settings to configure the newly created Listener: Listener Name– Enter the internal friendly name for your Listener. IP Address– Select Any from the dropdown unless you want to bind the Listener to a particular CPU. In that case, enter the unique IP-port combination. Port – Most HTTPS connections are managed through port443 by default. However, if you have other Listeners operating on that port, this may cause an issue and require you to use another port such as 8443. Secure – Select Notes – Add any internal notes that will help you distinguish the Listener in the future. Click Select your Listener From your WebAdmin console, click Listeners and select your Listener Name (for our example, we chose to name the Listener “SSL”). Select the SSL tab Once you’re on the SSL tab under your newly created Listener, click the Edit button on the SSL Private Key & Certificate section. Configure the filepaths Use the following instructions to properly configure your Certificate filepaths as shown below: Private Key File –This is the path to your private key that was previously saved on your directory during the generation process via OpenSSL. Certificate File– This is the path to your server certificate that the CA sent you. You should already have this saved locally or in your server directory.Only complete one of the two options below to successfully install the intermediate certificates: CA Certificate Path – This is the path to the intermediate certificate “file” that the CA sent you. CA Certificate File– This is the path to the “directory” holding the intermediate certificates that the CA sent you. Click Return to the SSL tab Once you’re back on the SSL tab under your Listener, click the Edit button on the SSL Protocol section. Select “Protocol Version” For Protocol Version, select TLSv1.1 and TLSv1.2 and then click Save. Select your Listener Now, from your WebAdmin console, click Listeners and select your Listener Name (e.g. SSL). Select the General tab Under your selected Listener, select the General tab and click the Add button on the Virtual Host Mappings section. Select the Virtual Host In the Virtual Host Mappings section of your General tab, select the Virtual Host you want to connect the Listener to from the drop-down menu. Enter all the Domains(s) Once you have the appropriate Virtual Host selected, enter all of the Domains that connect to your vhost(s) – this tells OpenLiteSpeed where to send traffic this listener picks up – and click Save. Note 1: If you have multiple domains in the certificate that connect to the vhost, use a comma “,” to separate the additional domains. Note 2: If you have one vhost and configured the server to disregard other vhosts, you can enter an asterisk “*” as the domain.  Restart Navigate to your Dashboard by selecting “Dashboard” from the left-hand side menu. Once on your Dashboard, click the green Graceful Restart button. Congratulations! You’ve successfully installed your SSL certificate! To check your work, visit the website in your browser at https://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect.  

How to Install an SSL/TLS Certificate in Jetty Java HTTP Servlet Web Server The following instructions will guide you through the SSL installation process on Jetty Jave HTTP Servlet Web Server. If you have more than one server or device, you will need to install the certificate on each server or device you need to secure. If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions and disregard the steps below. What You’ll Need Your server certificate This is the certificate you received from the CA for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order. Your intermediate certificates These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate. Your private key This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it. Installation Instructions Convert your certificate files You can easily convert your PEM (.cer or .crt) to PKCS#7 (.p7b) Format. You can easily do this on your own system by running below OpenSSL command. openssl crl2pkcs7 -nocrl -certfile certificate.cer -out certificate.p7b -certfile CACert.cer Import the certificate Once your certificate is in PKCS#7 (.p7b) Format, you’ll need to add the certificate file to your keystore by running the following command: keytool -import -alias [enter_alias_name]  -trustcacerts -file [enter_certificate_filename].p7b -keystore  [enter_keystore_name] Note 1: Enter the same alias name and keystore name that was used when generating the private key and Certificate Signing Request (CSR). Note 2: If you receive Error Message: “java.lang.Exception: Input not an X.509 certificate”, double-check the alias/keystore name entered and the format of the certificate. You may still be using the PEM (.cer or .crt) format and not the correct PKCS#7 (.p7b) format. Congratulations! You’ve successfully installed your SSL certificate! To check your work, visit the website in your browser at https://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect. To check your server’s configurations more thoroughly, use our SSL Checker Tool or contact our Customer Experience Department for additional assistance. How to Fix “certificatessxception: Input not an X.509 certificate” Error If you receive the error message “certificatessxception: Input not an X.509 certificate”, please follow these alternative Installation Instructions below: Import the intermediate certificate Using the PEM (.cer or .crt) formatted certificate, import the Intermediate Certificate into your keystore by running the following command: keytool -import -alias intermediate  -trustcacerts -file intermediate_file_name -keystore [enter_keystore_name] Import the server certificate Using the PEM (.cer or .crt) formatted certificate, import Your Server Certificate into your keystore by running the following command: keytool  -import -alias [enter_alias_name] -trustcacerts -file server_certificate_file_name  -keystore [enter_keystore_name] Verify the keystore contents Verify the Contents of the keystore by running the following command: keytool -list -v -keystore  your_keystore_filename  >output_filename.txt Enter your password Enter your keystore password. View the Output File View the Output File.Note: Your Server Certificate will be imported into the alias by the “Entry Type” of the specified “PrivateKeyEntry”. Edit the Jetty Connector Edit the Jetty Connector to point to the keystore and password: <Call name=”addConnector”> <Arg> <New class=”org.mortbay.jetty.security.SslSocketConnector”> <Set name=”Port”>8443</Set> <Set name=”maxIdleTime”>30000</Set> <Set name=”keystore”><SystemProperty name=”jetty.home”  default=”.” />/etc/keystore</Set> <Set name=”password”>OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set> <Set name=”keyPassword”>OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set> <Set name=”truststore”><SystemProperty name=”jetty.home”  default=”.” />/etc/keystore</Set> <Set name=”trustPassword”>OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set> </New> </Arg> </Call> Note 1: Reference Jetty Configuring Setting for a correct configuration. This Jetty Configuration documentation will also address how to set your SSL/HTTPS Ports and redirect HTTP to HTTPS. Congratulations! You’ve successfully installed your SSL certificate! To check your work, visit the website in your browser at https://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect.  

How to Install an SSL/TLS Certificate In F5 BIG IP (version 9) The following instructions will guide you through the SSL installation process on F5 Big-IP Load Balancer V9. If you have more than one server or device, you will need to install the certificate on each server or device you need to secure. If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions and disregard the steps below. What You’ll Need Your server certificate This is the certificate you received from the CA for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order. Your intermediate certificates These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate. Your private key This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it. Installation Instructions Launch the GUI Launch your F5 Big-IP Web GUI. Select “SSL Certificates” The SSL Certificates option is listed under Local Traffic. Select your certificate’s name Your certificate’s name will be listed under General Properties. Select your .crt file This is the yourdomain.crt file that you received from the issuing CA. Open and import Once you’ve located your .crt file, you need to select Open, then Import. Install your intermediate certificates To enable the intermediate certificates, return to the Web GUI, and under Local Traffic, select SSL Certificates. Choose Import. In Import Type, choose Certificateand Create New. Name your Intermediate Certificate. Find the CA bundle that includes your intermediate, click Open, then Import. Enable your SSL To enable the SSL certificate, create or open an SSL Profilefor your Certificate. Choose Configuration, then select Advanced. Select the Server Certificateyou installed from Steps 1-5. Under Chain, find the Intermediate Certificate you imported from Step 6, then select Save. Congratulations! You’ve successfully installed your SSL certificate! To check your work, visit the website in your browser at https://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect.  

How to Install an SSL/TLS Certificate In F5 BIG IP (version 8 and lower) The following instructions will guide you through the SSL installation process on F5 Big-IP Load Balancer V8 or Earlier. If you have more than one server or device, you will need to install the certificate on each server or device you need to secure. If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions and disregard the steps below. What You’ll Need Your server certificate This is the certificate you received from the CA for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order. Your intermediate certificates These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate. Your private key This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it. Installation Instructions 1.Transfer your certificates The first step is to transfer your Server Certificate and Intermediate Certificate(s) on to the Big-IP device. Rename your server certificate If your server certificate has any underscores in the name, you will need to replace all underscores with periods. Copy your server certificate Your server certificate will need to be copied to: /config/bigconfig/ssl.crt/folder Copy your intermediate certificates Your intermediate certificate(s) will need to be copied to: /config/bigconfig/ssl.crt/folder Restart your proxy You can restart your proxy by using the following command: # bigpipe proxy <IP Address>:443 disable # bagpipe proxy :443 enable Congratulations! You’ve successfully installed your SSL certificate! To check your work, visit the website in your browser at https://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect.