Install SSL certificate IIS pkcs#7

Preparations

Download the certificate to the server.

Rename the file from your_domain_name.p7b to your_domain_name.cer

Installing the certificate

Open the Internet information service (IIS) manager.

In the IIS Manager, select the "server node" at the top left under Connections.
Install SSL certificate IIS pkcs#7
Once in the panel, double-click on "Server Certificates"
Install SSL certificate IIS pkcs#7
From the Actions menu on the right, select "Complete Certificate Request"
Install SSL certificate IIS pkcs#7
On the "Complete Certificate Request" page, enter the location of your_domain_name.cer
Install SSL certificate IIS pkcs#7

Then enter your domain name under "Friendly Name", then click ok

ATTENTION! If you receive the error message "Cannot find the certificate request associated with this certificate file. A certificate request must be completed on the computer where it was created"  So just click cancel, the certificate is installed correctly and this is a known issue in IIS.

Your SSL certificate is now installed and should now be listed under certificates.

Edit Bindings

Under Sites in IIS, locate the domain name that the SSL certificate should belong to. Click on "Edit Bindings..."

Install SSL certificate IIS pkcs#7

If you only see http under Type in "Site Bindings" click on add.

Install SSL certificate IIS pkcs#7

In the list of SSL certificates, select the name of the certificate for the domain and click OK
Install SSL certificate IIS pkcs#7

Then click close and close the Edit Bindings wizard

ATTENTION! You may get the following errors "There was an error while performing this operation Details: CertEnroll::CX509Enrollment::p_InstallResponse: ASN1 bad tag value met. 0x8009310b (ASN:276)  This is just ignoring again a known problem in IIS 7.

For some certificates (chained), a root certificate also needs to be installed for the certificate to work 100% correctly.

Installing Tomcat SSL certificates

Installing SSL certificates for Keystore

  1. Download your SSL certificate (your_domain_name.p7b) to the directory where you saved your key.

    Note:
    You must install the SSL certificate file to the same key and under the same alias name (i.e. "server") that you used to create your CSR.

    If you try to install it to another key container, the install command in the next step will not work.

  2. To install the SSL certificate file to your key, type the following command:

    keytool -import -trustcacerts -server alias -file your_domain_name.p7b -keystore your_domain_name.jks

  3. You should receive a confirmation "Certificate reply was installed in keystore.”
  4. If you are asked if you want to trust the certificate, select y or yes .
  5. Your Key file (your_domain_name.jks) is now ready to be used on your Tomcat Server.
    Now you need to configure the server to use it.

Configuring the SSL Connector

Before Tomcat can accept secure connections, you must configure an SSL connection.

  1. In a text editor, Tomcat opens the server.xml file.

    The server.xml file is usually located in the conf folder in your Tomcat home directory.

  2. Locate the connector you want to use the new key for.

    Usually port 443 or 8443 is used, as shown in step 4.

  3. If necessary, comment on the connector.

    Uncommenting means removing comment tags ().

  4. Enter the correct keystore file name and password in the contact configuration.

    When you're done, your contact should look something like this:

    <Connector port="443″ maxHttpHeaderSize="8192″ maxThreads="150″ minSpareThreads="25″ maxSpareThreads="75″ enableLookups="false" disableUploadTimeout="true" acceptCount="100″ scheme="https" secure="true"SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keyAlias="server" keystoreFile="/home/user_name/your_domain_name.jks" keystorePass="your_keystore_password" />

    Note: If you are using a version of Tomcat before Tomcat 7, you need to change "keystorePass" to "KeyPass".

  5. Save your changes in the server.xml file.
  6. Restart Tomcat.

Importing PFX SSL certificates Windows

1. Double click on the .pfx file

2. then you get the box below click on "Local Machine"

3. At the next box click on "Next"

4. in the box that appears, enter the password that was entered when the pfx file was created, also mark "Mark this key..."

5. In the next box, "Automatically select..." should be checked, click "Next"

6. on next page, check your settings and then click on Finish.

7. Importation is now complete