How do I apply a certified SSL certificate over my test certificate?

  1. Home
  2. Knowledge Base
  3. GMS
  4. How do I apply a certified SSL certificate over my test certificate?

Question

I have been using a self generated certificate pair to test the usage of GMS Secure Socket Layer. Everything works well but because the certificate is not issued by a recognised authority my users get a prompt asking them if they want to accept the certificate. To stop the prompts from appearing I would now like to apply a certificate from a recognised Certification Authority (CA) such as Verisign. What is the procedure for doing this?

Answer

This is quite straight forward. You should do the following:

  • Run Keycert.exe which by default is located in the gordanobin or opt/gordano/mail/bin directory on your GMS server.
  • Select the "Generate CSR for submission to a CA" option and generate the CSR and private key. Keep a careful note of the passphrase and common name that you use.
  • Submit the CSR to your Certification authority following their instructions.
  • The Certification Authority will then send you a certificate file.
  • Once you have the certificate file, and have saved it to a suitable location on your hard drive, you should run Keycert.exe again. This time select the "Use Existing Certificate" option.
  • Please note: Affecting all builds of the software up to v17.00.3759. When you attempt to browse the disk for the relevant files, the Windows box dialog defaults to looking for a .csr file extension.
    This is wrong. The .csr is the certificate request file, not the actual certificate file. Instead be sure to look for .cert, .cer or .crt files.
  • When prompted to enter your key name enter the filename of the private key. This is the file that was created at the same time as the CSR.
  • When prompted to enter the certificate name, enter the filename of the certificate file that the Certification Authority has sent you.
  • You will then be prompted to enter the common name of the server and the passphrase that you used when you created the CSR.
  • You should then stop and start the GMS services.
  • Your server will then be using the new certificate pair.

See Also:

Keywords:SSL keycert CA CSR

Was this article helpful?

Related Articles