Client-Provided SSL Certificate


If you prefer not to use a CivicPlus-provided SSL certificate, you may opt to provide an SSL certificate of your choice. We currently accept all types of SSL certificates, including standard, wildcard, and UCC certificates. The following steps outline the process to obtain an SSL certificate from a certificate authority and provide this to CivicPlus in the necessary format.

When you provide an SSL certificate, deliverables for CivicPlus include:

  • PFX file
  • Password
  • Note: CivicPlus does not generate the CSR for client provided SSL certificates. This will allow you to control both the public and private key.

Note: When you provide a certificate for implementation on other servers, CivicPlus will need the new PFX file every time the certificate must re-key. Similarly, CivicPlus will need the new PFX file for renewal of certificates. You must provide these prior to the expiration date to prevent any certificate errors on the website.

Important Notes

  • The instructions in the article describe how to generate a .pfx file. Other SSL certificate providers may have different processes for generating a .pfx file. Please contact your SSL provider for specific instructions.
  • View Apple's New Terms for SSL Certificate Validity

Quick Links


Note: The following instructions use the DigiCert Certificate Utility. The steps will appear differently on your specific server operating system, but the process is similar. 

  1. Click Create CSR to generate a CSR
  2. Enter the details for the CSR
    • Certificate Type: Select SSL
    • Common Name: Enter your site
    • Subject Alternative Names: Enter any other names for your site
    • Organization: Enter your company name
    • Department: Enter your department
    • City/State/County: Enter your address information
    • Key Size: Minimum of 2048-RSA encryption
  3. Click Generate
  4. Click Copy the CSR (this is the public key) and provide this to the certificate authority (CA)

  5. Paste the CSR in the certificate request with the CA
  6. Download the signed certificate to your computer
  7. Use the DigiCert utility; select Import to import the signed certificate
  8. Click Browse to locate the file in your computer (file ends in .cer)
  9. Enter the friendly name for the certificate or accept the default name
    • Note: The friendly name is not part of the certificate, but does identify the certificate.
  10. Select Finish; the certificate will import and list under SSLs on the DigiCert Certificate Utility
  11. Select the certificate; click Export Certificate

  12. Select Yes, export the private key
    • Note: Check the pfx file and Include all certificates in the certification path if possible

  13. Select Next
  14. Configure a complex password (8 characters or more) for the certificate
    • Note: Please remember this password, you will need it in order for CivicPlus to import the certificate.
  15. Select Next

  16. Click Finish

  17. Select OK to the confirmation pop-up
  18. Send the exported PFX file to the Dropbox folder created for you by CivicPlus
    • Note: The password will be read over the phone. 

I'd Like to Request an Enhancement

0 out of 0 found this helpful


Article Feedback