Obtaining certificate and private key

This section is provided as general guidance only. Have your IT department provide you with the required certificate and key files, or work with them to obtain them.

From a Certificate Authority

Some things you will need to know before starting the process with a Certificate Authority:

• Your website domain name, or common name
• Proof that you control the domain. This could include the email associated with the domain name.

The general steps when using an outside source for the certificate and keys are as follows:

1. Select a Certificate Authority (CA) such as DigiCert, Symantec, or GoDaddy, to generate your certificate and key files.

   NOTE:

   Generally there is a cost associated with the this process, and it may take several days. It is common to refile the application several times to get the correct files in the correct format.

2. Create an account with your selected CA. Sign in.

3. Generate a private key and Certificate Signing Request (CSR). Save these files to a secure location on your computer. Some Certificate Authorities may offer to generate these for you. If not, then they will require the CSR and private key you generated.

   NOTE:

   This is the private key file you will need later. If the file saved has a .txt extension, make a copy and change the extension to .PEM.

   TIP:

   If your CA generates your private key and CSR, save a copy of both. For your security, the CA will not keep a record of either the CSR or private key. If you fail to save them, you will have to generate new ones and this will take additional time.

4. Provide proof that you control the domain. Often additional instructions are received in an email from the CA.

5. Receive the certificate from the CA. This may take two or more business days. Save this file to a secure location on your computer.

6. Verify that the key file is in .PEM format. The contents of a valid .PEM formatted key will look similar to the following when viewed as a text file. The ----BEGIN RSA PRIVATE KEY----- header and -----END RSA PRIVATE KEY----- footer indicate that the key was generated in the correct format.

   

7. Verify that the certificate file is in .PEM format. The contents of a valid .PEM formatted certificate will look similar to the following when viewed as a text file. The ----BEGIN CERTIFICATE----- header and -----END CERTIFICATE----- footer indicate that the key was generated in the correct format.

   

From your IT department

If your IT department provides the key and certificate files, you need to determine if the key requires a private key password. To determine if your .PEM formatted key requires a private key password:

1. Open the key file in a text editor.

2. The following header is an example of the key without a private key password.

   -----BEGIN RSA PRIVATE KEY-----

   MIIEpQIBAAKCAQEAo8GRTJKW+grlRfuuUNrlqCc4aodqaRnNd+L+/Wjpz

3. The following header is an example of the key with a private key password.

   -----BEGIN RSA PRIVATE KEY-----

   Proc-Type: 4,ENCRYPTED

   DEK-Info: DES-EDE3-CBC,556C1115CDA822F5

   AHi/3++BAAKCAQEAo8GRTJKW+grlRfuuUNrlqCc4aodqaRnNd+L+/Wjpz

4. If the key header is similar to that shown in step 3, you need to specify a private key password. Your IT department should provide this.