Security


 






Client-Provided SSL Certificate

Overview

If you prefer not to use a CivicPlus-provided SSL certificate, you may opt to provide an SSL certificate of your choice. We currently accept all types of SSL certificates, including standard, wildcard, and UCC certificates. The following steps outline the process to obtain an SSL certificate from a certificate authority and provide this to CivicPlus in the necessary format.

When you provide an SSL certificate, deliverables for CivicPlus include:

  • PFX file
  • Password
  • Note: CivicPlus does not generate the CSR for client provided SSL certificates. This will allow you to control both the public and private key.

Note: When you provide a certificate for implementation on other servers, CivicPlus will need the new PFX file every time the certificate must re-key. Similarly, CivicPlus will need the new PFX file for renewal of certificates. You must provide these prior to the expiration date to prevent any certificate errors on the website.

Important Notes

  • The instructions in the article describe how to generate a .pfx file. Other SSL certificate providers may have different processes for generating a .pfx file. Please contact your SSL provider for specific instructions.
  • View Apple's New Terms for SSL Certificate Validity

Quick Links

Instructions

Note: The following instructions use the DigiCert Certificate Utility. The steps will appear differently on your specific server operating system, but the process is similar. 

  1. Click Create CSR to generate a CSR
    click_create_CSR_to_generate_a_CSR.jpg
  2. Enter the details for the CSR
    enter_details_for_the_CSR.jpg
    • Certificate Type: Select SSL
    • Common Name: Enter your site
    • Subject Alternative Names: Enter any other names for your site
    • Organization: Enter your company name
    • Department: Enter your department
    • City/State/County: Enter your address information
    • Key Size: Minimum of 2048-RSA encryption
  3. Click Generate
    select_generate.jpg
  4. Click Copy the CSR (this is the public key) and provide this to the certificate authority (CA)
    select_copy_CSR.jpg

  5. Paste the CSR in the certificate request with the CA
    paste_the_CSR_into_the_certificate_request_field.jpg
  6. Download the signed certificate to your computer
  7. Use the DigiCert utility; select Import to import the signed certificate
    select_import_to_import_signed_certificate.jpg
  8. Click Browse to locate the file in your computer (file ends in .cer)
    select_browse_on_certificate_import.jpg
  9. Enter the friendly name for the certificate or accept the default name
    • Note: The friendly name is not part of the certificate, but does identify the certificate.
  10. Select Finish; the certificate will import and list under SSLs on the DigiCert Certificate Utility
    certificate_will_import_and_list_under_SSLs.jpg
  11. Select the certificate; click Export Certificate
    select_the_certificate_and_click_export_certificate.jpg

  12. Select Yes, export the private key
    select_yes__export_the_private_key.jpg
    • Note: Check the pfx file and Include all certificates in the certification path if possible

  13. Select Next
    select_next.jpg
  14. Configure a complex password (8 characters or more) for the certificate
    configure_a_complex_password.jpg
    • Note: Please remember this password, you will need it in order for CivicPlus to import the certificate.
  15. Select Next
    select_next.jpg

  16. Click Finish
    select_finish_to_finish_CSR_export.jpg

  17. Select OK to the confirmation pop-up
    select_ok_to_confirm_successful_certificate_export.jpg
  18. Send the exported PFX file to the Dropbox folder created for you by CivicPlus
    • Note: The password will be read over the phone. 



I'd Like to Request an Enhancement

0 out of 0 found this helpful

Updated:
Follow

Article Feedback