Customer-Provided SSL Certificate

If you prefer not to use a CivicPlus-provided Secure Sockets Layer (SSL) certificate, you may opt to provide an SSL certificate of your choice. We currently accept all types of SSL certificates, including standard, wildcard, and Unified Communications Certificate (UCC) certificates. The following steps outline the process to obtain an SSL certificate from a certificate authority and provide this to CivicPlus in the necessary format.  

When you provide an SSL certificate, deliverables for CivicPlus include:

• PFX file
• Password

Important Notes

• CivicPlus does not generate the Certificate Signing Request (CSR) for customer-provided SSL certificates. This will allow you to control both the public and private keys.
• When you provide a certificate for implementation on other servers, CivicPlus will need the new PFX file every time the certificate must re-key. Similarly, CivicPlus will need the new PFX file to renew certificates. You must provide these prior to the expiration date to prevent any certificate errors on the website.
• The instructions in the article describe how to generate a .pfx file. Other SSL certificate providers may have different processes for generating a .pfx file. Please contact your SSL provider for specific instructions.
• View Apple's New Terms for SSL Certificate Validity

Quick Links

• DigiCert Export PFX IIS 7
• DigiCert Export PFX IIS 8/8.5
• DigiCert Install signed certificate

Instructions

The following instructions use the DigiCert Certificate Utility. The steps will appear differently on your specific server's operating system, but the process is similar. 

1. Click Create CSR to generate a CSR
   
2. Enter the details for the CSR
   
   
   • Certificate Type: Select SSL
   • Common Name: Enter your site
   • Subject Alternative Names: Enter any other names for your site
   • Organization: Enter your company name
   • Department: Enter your department
   • City/State/County: Enter your address information
   • Key Size: Minimum of 2048-RSA encryption
3. Click Generate
   
4. Click Copy CSR (this is the public key) and provide this to the certificate authority (CA)
   
   
5. Paste the CSR in the certificate request with the CA
   
6. Download the signed certificate to your computer
7. Use the DigiCert utility and select Import to import the signed certificate
   
8. Click Browse to locate the file in your computer (file ends in .cer)
   
9. Enter the friendly name for the certificate or accept the default name
   
   Note: The friendly name is not part of the certificate, but does identify the certificate.
10. Select Finish. The certificate will import and list under SSLs on the DigiCert Certificate Utility
    
11. Select the certificate and click Export Certificate
    
    
12. Select Yes, export the private key
    
    
    Note: Check the pfx file and Include all certificates in the certification path if possible boxes.
13. Select Next
    
14. Configure a complex Password (8 characters or more) for the certificate
    
    
    Note: Please remember this password, you will need it in order for CivicPlus to import the certificate.
15. Select Next
    
    
16. Click Finish
    
    
17. Select OK on the confirmation pop-up
    
18. Send the PFX file and password to CivicPlus using our online encrypted form