FAQ - Frequently Asked Questions

Can I change the IP address of my domain if I have an ssl certificate on that domain?

The certificate is not bound to any specific IP address. It is bound to the fully qualified domain name such as www.europeanssl.eu
I have changed my server, or moved to a different provider, how do I move the certificate?

If you are moving servers or providers, you will need to get the certificate and private key from the old server or provider.

Contact your old server administator and ask them to provide you with an exported copy of the certificate and private key.
You can then use this to install your SSL certificate onto your new server or send on to your new host.

Please note: If you do not get the Private Key with your certificate from the old server/provider, you will not be able to install the certificate and activate SSL for your site.
Do I need to use IP based hosting or Name based hosting?

Name based hosting is rarely used in production environments.
IP based hosting should be used due to the way that the SSL protocol works.
What is a certification authority (CA) ?

A certification authority is an organization that issues digital certificates.

A digital certificate is the cyberspace equivalent of an identity card and is used to assign a particular public key to a person or organization.
This assignment is certified by the certification authority, by providing them with its own digital signature.

The certificates contain "keys" and additional information that is used for authentication and for encryption and decryption of sensitive or confidential information that is distributed over the Internet and other networks.

As additional information, for example, lifespan, references to certificate revocation lists, etc. are included , which are introduced by the CA within the certificate.

The purpose of a certification institution is to issue and check such digital certificates. The CA is responsible for the provision , allocation and for securing the integrity of the issued certificates it issues .

Thus it is an important part of the public-key infrastructure.

(source: Wikipedia)
What is a Certificate Signing Request (CSR)?

A CSR is a text string that is created by your server software. We need this string for the issuance of your SSL certificate.

If you can not generate a CSR on your server, you can use our CSR-Generator.

You can create the necessary CSR in real time with this tool.

Please note: when using the IIS server platform using an external CSR generator is not possible.
What is Secure Sockets Layer (SSL)?

By using Secure Sockets Layer, data is transferred via http and protected by the server encyption activated by the SSL certificate.

An SSL Certificate consists of a public and a private key. The public key is used to encrypt information and the private for decryption.

When a browser displays a secured domain, server and client are authenticated by a "SSL handshake".

In addition, an encryption method, and a unique session key is established. With this, a secure session can be started, the privacy and integrity of messages can be guaranteed.
What is encryption and why are there more steps?

Encryption is a mathematical operation for encoding and decoding of information.

Through the number of bits (40 bits, 56 bits, 128 bits, 256 bits) you can see the size of the key. As for a longer password, there are several combinations for a longer key. 128-bit encryption is one trillion times stronger than 40-bit encryption.

When establishing an encrypted session, the strenght depends on the capacity of the web browser, SSL certificate and the web server and operating system of the client.
What is a key pair of a public and private key?

Encryption is a mathematical operation for encoding and decoding of information.

Each SSL Certificate contains a key pair of a public and a private key.

A private key with the code and a public key for decoding. The private key is installed on the server and will under no circumstances be transmitted.
The public key is included in the SSL certificate and is passed on to the web browser.
Do I need an SSL - certificate for my site ?

You have probably heard of 128-bit encryption , or seen the green address bar of an EV SSL certificate in the address bar of a web page and you ask yourself, " Do I need an SSL certificate on my site ? "

Most people are very careful when making online purchases and want to have the assurance that their data is safe. An SSL certificate provides you with two important things:

  • Encryption of sensitive data such as credit card numbers and personal information.
  • A security feature that shows your customers that you are trustworthy.

These are very important advantages. While not all websites need an SSL certificate, but for certain types of websites, the SSL encryption is a must. To find out if you need an SSL certificate for your website, simply ask yourself these questions:

- Is my website an e-commerce-website that collects credit card information?

Most e-commerce sites absolutely need an SSL certificate! As an online retailer, it is your responsibility that the information collected from your customers are protected.

If a thief gets access to the credit card data, this can be devastating for your customers and your company. Protect yourself and your customers from damage due to misuse by third parties and install an SSL certificate.

- Do I Use a third-party for payment processing?

If your online store directs your customers for payment to the pages of a third party , such as Paypal, you do not need an SSL certificate because your website has "no contact" with the credit card information of customers.

This is of course only valid if your shop does not accept the data as long as the customer is still on your website. Paypal offers both versions for processing the payment.

Is the credit card information collected on your website, the use of an SSL - certificate should be mandatory.

- Do I use a login form ?

If you give your website visitors the opportunity to register as a user , but you do not encrypt the login page via SSL , an attacker could easily be able to read the credentials of the users in plain text.
This allows the attacker not only to use the user's account, it opens more doors to him because people unfortunately use the same password for different accounts.

Treat the data of your users resonsibly, even if the content on your website is not critical.
Heartbleed bug and EuropeanSSL - How to make your SSL encrypted page safe again.

As you may know, a vulnerability known as " Heartbleed " was recently dicovered in OpenSSL, through which an attacker can theoretically get the private key of SSL certificates.

We recommend a timely examination of the web server.

Please make sure that the OpenSSL version is updated. The replacement of the installed SSL certificates is in any case advisable. The server may not be compromised at the moment, however, the keys of the "old" certificates and other data from the memory could also be read, if the certificates are not be replaced.

Please note that the vulnerability occurs in the web server tool OpenSSL, the EuropeanSSL certificates are of course still completely trustworthy.

You can replace your current SSL certificates free of charge. To do this, follow these steps:

  • Update OpenSSL and make sure that the vulnerability no longer exists.
  • Remove the certificate completely from your server.
  • Create a new CSR
  • Log in to your account EuropeanSSL and navigate to the certificate.
  • Click on the button "Modify"
  • There is a small popup window that opens in which the currently stored CSR is displayed. Please overwrite the current one with the newly generated CSR and confirm the changes by clicking on "change".

    Please note that the validation of the certificate at a REPLACE becomes necessary again . After you have confirmed the Approvermail the certificate is reissued. We are happy to assist you here. Please send us the CSR unformatted over email to our support address . We are happy to provide you with your new certificate.

    More information on this vulnerability can be found together with further technical details on: http://heartbleed.com/

    With the following information , you can check quickly and reliably whether your server is affected.

    What is affected?

    Affected OpenSSL versions:

    •     1.0.1 up to and including 1.0.1f.

    Not affected OpenSSL versions:

    •    1.0.1g
    •     1.0.0
    •    0.9.8

    The release of OpenSSL 1.0.1g from the 7th April 2014 closes this bug.

    Is my site affected?

    To find out if your site is affected, you can use a variety of reliable tools, such as test example http://filippo.io/Heartbleed/.

    How do I fix the problem ?

    Each system using one of the above affected OpenSSL versions should be updated via a patch. OpenSSL itself has released a patch which can be found on the official website : https://www.openssl.org/

    Please note : It is imperative to update the OpenSSL software before you replace the EuropeanSSL certificates on the server.
Why does an EuropeanSSL Certificate cost considerably less than the ones from other Certification Authorities?

EuropeanSSL delivers high quality SSL certificates at lower prices than other CAs because we have developed new infrastructure technologies and processes to significantly reduce validation intervals and customer installation requirements.
Which browsers support the certificates by EuropeanSSL?

99.3% of Internet users inherently trust EuropeanSSL Certificates – Equivalent to VeriSign and Thawte!

Browser Compatibility:

  • Adobe Acrobat/Reader 7
  • Blackberry 5+
  • Chrome 26+
  • Chrome under Linux
  • Chrome under Mac from Mac OS X 10.5
  • Chrome under Windows Vista and higher
  • Firefox 1.5+
  • Internet Explorer 7+ and higher
  • Internet Explorer 7+ under Vista
  • Internet Explorer 6+ under Windows XP SP3 (patched)
  • Java 1.4.2+ based products
  • Konqueror 3.5.6+
  • Mozilla 1.4+
  • Mozilla products based on NSS 3.8+ (since April 2003)
  • Netscape 7.1+
  • Opera 9.0+
  • Products based on OpenSSL 0.9.8o+
  • Safari from Mac OS X 10.5+
  • Windows Phone 7+
Can I protect various sub-domains with one certificate?

A SSL certificate is normally issued to a specific host name. This means that an SSL certificate for "secure.yourdomain.de" can not be used for another host name, eg "shop.ihredomain.de".

To overcome this limitation, we offer the EuropeanSSL Wildcard Certificates. This certificate type allows you to protect an unlimited number of subdomains under the same main domain name.

Our Wildcard certificates can also be used on an unlimited number of physical servers. Thus, there are no additional licensing fees when using a wildcard certificate on multiple physical machines.

A wildcard certificate for * ihredomain.de protects, for example:

  •      www.yourdomain.de
  •      secure.yourdomain.de
  •     shop.yourdomain.de
  •      xyz.yourdomain.de
Can I test EuropeanSSL certificates before buying?

You are welcome to test our certificates for 30 days free of charge and without obligation.

Please order the product "EuropeanSSL Trial".
The certificate is not recognized by my mobile device.

The compatibility with different mobile devices is a common problem in the field of SSL certificates, as there are unfortunately no fixed guidelines for the manufacturer who specifies which root - certificates are setup in the factory settings.

Due to this, we can not guarantee browser compatibility for mobile devices.

The user can manually download and install the required certificates under https://secure.europeanssl.eu/de/info/terms

The following micro browser / PDA support EuropeanSSL Certificates:

  •      Microsoft Windows Mobile / CE 6.0 +
  •      NetFront Browser v3.4 +
  •      RIM BlackBerry v4.2.1
         KDDI Openwave v6.2.0.12 +
         Apple iPhone Opera Mini v3.0
         Sony Playstation Portable
         Sony Playstation 3

    Unfortunately, there is currently no other solution to fix the problem.
The CSR cannot be decoded or is invalid

CSR is possibly missing one or more required fields.

The CSR must contain a minimum of the following fields:

    Organizational Unit
    Locality (City)
    Country (2 character code)
    Common Name (Fully Qualified Domain Name)

    Another possibility is that the CSR contains non-alphanumeric characters in the required fields.

    Make sure your CSR begins with 5 dashes and ends with 5 dashes as below:



    Also, please check for additional characters that may have been picked up by accident, possibly through cutting and pasting. Below is an example where the additional characters (the '!' and the 'space' underlined and highlighted in red) will cause a CSR decoding error. Normally, a CSR that contains characters such as '?', '@', '#', '$', '%', '^', '&' and '*' will cause issues. The only allowable non-alphanumeric character is the backslash '\'.

    Example of a defective CSR:


    If the suggestions above do not resolve the issue, please send your CSR to our support team and we will be happy to decode it and help you to identify the problem, or instruct you to generate a new one if necessary.
I only want a trial certificate, why do you validate those applications?

Your trial certificate is a fully-functional SSL Certificate, with exactly the same browser ubiquity and encryption as our other certificates. This is so that you can fully-test your systems prior to roll-out. As such, the trial certificate must be validated to the same standard as other certificates in our range. This validation process is utilised for every application put to us, whether the applicant is an individual or a multi-national conglomerate.
How do order and validation of domain validated SSL certificates work?

Domain validated SSL certificates are all EuropeanSSL Certificates ( Single / Wildcard). EuropeanSSL Premium certificates are not domain validated.

Step 1: Create a CSR (Certificate Signing Request)

The CSR contains important information , such as the host name , and it is usually created directly on your server. If you have no possibility to generate your CSR, you can use our CSR generator.

Step 2 : Order the required certificate

After placing an order on our websites you will receive an email which you must confirm by calling a link. Then the desired certificate is created and sent to you within minutes.

The following e-mail addresses can be used for validation :

  •     admin@sslhostname.xyz
  •     administrator@sslhostname.xyz
  •     hostmaster@sslhostname.xyz
  •     postmaster@sslhostname.xyz
  •     sysadmin@sslhostname.xyz
  •     webmaster@sslhostname.xyz
Can I order a SSL Certificate for an IDN domain (domain with Umlaut) as well?

Yes, please indicate the domain name as an ACE string when generating the CSR, such as xn-zz-viaa.de for IDN domain a zääz.de.

When using our CSR-Generators, the conversion is done automatically.
How do order and validation of Premium SSL certificates work?

In the first step, the order is validated via E-Mail Validation. Find details about this process in our FAQ Article "How do order and validation of domain validated SSL certificates work?". Once you click on the link, mentioned in this email, the validation process proceeds.

1.Validation of documents:

Please send one of the following documents for manual validation of your order to EuropeanSSL:

  • A) In case of certificates with commercial use:
    Business Registration oder Trade Register Excerpt
    Trade Licence

  • B) In case of certificates with private use:
    ID Card or Passport.
    Drivers Licence

Please note: The contact details and information mentioned in your drivers licence or Business Registration needs to be identical to the data you placed in your order and which you setup in the WHOIS of the domain name.

In case the data is not identical, additional documents will be necessary, which are:

  • Article of association (with Address)
  • The authorized version of the trading certificate.
  • a copy of the latest bank statement ( details can be blackened )
  • a copy of the latest phone bill
  • a copy of any incidental costs, i.e.: electricity bill, gas bill, etc.

2.Telephone Validation:

for the second validation step, we will need the following information :

  • First and last name of the contact person for telephone validation
  • The E-Mail Address
  • The Phone Number for Telephone Validation
  • Link URL to the company´s entry in one of the public online telephone Register pages:

    Worldwide Dun & Bradstreet - https://www.dandb.com/
    Worldwide Hoovers - http://www.hoovers.com/
    German / Worldwide - https://www.upik.de
    Austria Only - https://www.herold.at
    German / Austria - https://www.unternehmensverzeichnis.org
    European web site - https://www.bisnode.com/
    Spain D&B site - http://empresas.informa.es/
    European web site BVD - http://www.bvdinfo.com/en-gb/home/
    European web site - http://www.creditsafe.nl
    US web site BBB - http://www.bbb.org
    Germany Business credit and commercial information only - http://www.firmenwissen.de/index.html
    France only - http://www.aef.cci.fr/
    UK Only - https://www.duedil.com
    Sweden - http://www.allabolag.se
    Japan Teikoku DB - https://cnet.tdb.ne.jp/cnet/ta111p01/ta111pInit.do
    US mainly Rainking - https://my.rainkingonline.com
    Greek - http://www.acci.gr/acci/catalogue/result.jsp
    Russian - Spark - https://www.spark-interfax.ru/promo/en/sources

During telephone Validation, the contact person will receive a „EuropeanSSL Callback Request“ E-Mail. This E-Mail contains a link and the mentioned "email verification code". You can activate the call back for telephone validation with sthat. This code will be mentioned during conversation. Place the code in the beforementioned webpage. Once the telephone Validation is done, the order is activated. .

Please send all documents, forms and other information over FAX, postal Service or email to:

Wagnerstr. 25
DE-76448 Durmersheim

Fax national: +49 7245 919 585
Fax international: +49 7245 919 585
E-Mail: docs@europeanssl.eu
Which CAA record can I use to authorize EuropeanSSL for my domain?

In order for us to be authorized to create an SSL certificate for your domain, please use the term "trust-provider.com" in your DNS settings. The entry should then look like this

domain.tld IN CAA issue "usertrust.com"
domain.tld IN CAA issuewild "usertrust.com"

For more information, see https://en.wikipedia.org/wiki/DNS_Certification_Authority_Authorization
Do I need to install all the certificates that I received?

Yes, if you do not install all the received certificates you will receive not trusted messages when you go to the secure area of your web site.

Installation example: Apache and mod_ssl/OpenSSL

Extract the ZIP file containing yourSERVERNAME.crt and yourSERVERNAME.ca files in the folder /etc/ssl/crt/ and the keyfile yourSERVERNAME.key to /etc/ssl/key/. Then set the files on readonly for the system user with command "chmod 400 filename".

Now change the httpd.conf for the corresponding vhost as follows:

SSLCertificateFile /etc/ssl/crt/yourDOMAINNAME.crt
SSLCertificateKeyFile /etc/ssl/key/yourDOMAINNAME.key
SSLCertificateChainFile /etc/ssl/crt/yourSERVERNAME.ca

Please note that the path of your system may differ.
Installing the Root and Intermediate Certificate on IIS 5.x / 6.x

  • Click the Start Button, select Run, type mmc and select OK.
  • Click File and select Add/Remove Snap in.
  • Select Add.
  • Select Certificates from the Add Standalone Snap-in box and click Add.
  • Select Computer Account (NOTE: This step is very important. It must be the computer account and no other account) and click Next.
  • Select Local Computer and select Finish.
  • Close the Add Standalone Snap-in box, click OK in the Add/Remove Snap in. Return to the MMC.

To install the Root Certificate:

  • Right click the Trusted Root Certification Authorities, select All Tasks, then select Import.
  • Click Next.
  • Locate the Root Certificate and click Next. When the wizard is completed, click Finish.

To install the Intermediate Certificate/Certificates:

  • Right click the Intermediate Certification Authorities, select All Tasks, select Import.
  • Complete the import wizard again, but this time locating the intermediate Certificate when prompted for the Certificate file. (note you will need to repeat this step for all the intermediate certificates that are sent to you.)


Ensure that the Root certificate appears under Trusted Root Certification Authorities.

Ensure that the intermediate certificate / certificates appears under Intermediate Certification Authorities.

Once these are installed you may need to restart the server.
Where can I get the Free Site Seals?

Site seals are available through the detailed view of your certificate in your customer panel.
Installing your IIS SSL Certificate on Microsoft IIS 5.x / 6.x

  • 1. Select Administrative Tools

  • 2. Start Internet Services Manager

  • 3. Open the properties window for the website. You can do this by right clicking on the Default Website and selecting Properties from the menu

  • 4. Open Directory Security by right clicking on the Directory Security tab

  • 5. Click Server Certificate.

  • 6. Choose to Process the Pending Request and Install the Certificate. Click Next

  • 7. Enter the location of your IIS SSL certificate (you may also browse to locate your IIS SSL certificate), and then click Next

  • 8. Read the summary screen to be sure that you are processing the correct certificate, and then click Next

  • 9. You will see a confirmation screen. When you have read this information, click Next

  • 10. You now have an IIS SSL server certificate installed

Important: You must now restart the computer to complete the install
How to create a CSR on your own Linux server ?

  • 1. First create a key file

    # Openssl genrsa - des3 -out domain.key 2048

    During installation, enter a password as long as possible . This you have to remember absolutely !

  • 2. Create RSA key

    # Openssl rsa- in domain.key -out domain.rsa.key

  • Certificate Signing Request( CSR) :

    # Openssl req- new-key domain.key -out domain.csr

    Carefully fill and dispense with umlauts and special characters. As a common name , please enter the domain a , for which the certificate is to be used later, eg shop.domain.tld .

    Enter passphrase for domain.key :
    You are about to be asked to enter information thatwill be incorporated
    into your certificate request .
    What you are about to enter is what is called a Distinguished Name or a DN .
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value ,
    If you enter ' . ' , The field will be left blank .
    Country Name (2 letter code ) [ AU ] : DE
    State or Province Name (full name) [ Some - State] : BW
    Locality Name ( eg , city ) []: Karlsruhe
    Organization Name ( eg, company) []: Name of your company
    Organizational Unit Name (eg , section ) [] : Department
    Common Name (eg, YOUR name) []: domain.tld
    Email Address [ ] : webmaster@domain.tld

    Please enter the Following ' extra' attributes
    to be sent with your certificate request
    A challenge password []:
    An optional company name [ ] :

    After completing all the information you will find the CSR as text in the domain.csr file.
Installation of an extended IIS SSL Certificate on Microsoft IIS 5.x / 6.x

  • 1. Management Console MMC start.
  • 2. Add SnapIn "Certificates".
  • 3. Assign the Local Computer account.
  • 4. Under Select "All Tasks"> choose "Import".

Important: Restart the server to complete the installation of the extended certificate.
I get the error message " cert / key mismatch"

The reasons for the above error might be:

  • 1. The web server used :

    The IIS for example, allows self-created exclusively CSR. If you used an external generator to create your CSR , this can lead to errors.

    To solve the problem: Please create a new CSR directly on your web server and send the new CSR unformatted by e -mail. We create the certificate with the transmitted CSR happy to help you relocate .

    This service is free of charge .

  • 2 An incorrect CSR / Private Key Pair .

    When used in connection with the IMAPd please check whether the IMAPd has the permissions to access the certificates / keys.

  • 3. errors in the transmission of the CSR / Private Key

    Sometimes it may happen that the file when transferring Windows is "destroyed" to UNIX since WIN uses a different formatting.

    Please check in binary mode if the rows in the CRT / private key end with a ^ M . This error can be fix with the dos2unix command .
Why did I receive a. ZIP folder with multiple files?

After the successful validation of your order you will receive an e-mail with a. ZIP folder in the Appendix.

The contained .Cert file is the actual certificate that you install as usual.
The .CA file is the file that contains the root certificate.

Depending on the platform used, the server may need a different file extensions. If this is the case, you can simply rename the .CA file extension.

Then install the .Ca file in the root certificates and, in case you use IIS, reboot. Then you simply need to check whether EuropeanSSL is setup in the list of installed root certificates.
I get the error message "Unsupported keysize"

The mentioned error message appears due to an incorrect key length of the CSR you used.

Currently CSR may only be used with a key length equal to or higher than 2048 bit. Please create a new CSR and perform the order again.
How do I install my SSL certificate on the Apache web server ?

  • 1. Save root and intermediate certificate together with the private key in a folder on the web server.

  • 2. Open the Apache configuration file in a text editor Apache configuration files are normally stored in /etc/httpd. The main configuration file is usually called httpd.conf. In most cases you will find the sections at the end of this file.
    In rare cases, the blocks are in a separate file in a directory such as : /Etc/httpd/vhosts.d/or sometimes stored in/etc/httpd/sites/ or also in a file called "ssl.conf" .

  • 3. If your website should be accessible by both (https) and without (http) encryption, you must create a separate virtual host for each connection type. To do this, create a copy of existing, non-secure virtual hosts and change in the configuration of the port from 80 to 443

  • 4. Add the following lines:

    DocumentRoot / var / www / website
    ServerName www.domain.com
    SSLEngine on
    SSLCertificateFile / etc / ssl / crt / primary.crt
    SSLCertificateKeyFile / etc / ssl / crt / private.key
    SSLCertificateChainFile / etc / ssl / crt / intermediate.crt

  • 5. Change the file names and paths to the certificate files corresponding to your configuration :

    - SSLCertificateFile should be the main certificate file for your domain name
    - SSLCertificateKeyFile should be the key file that you generated when creating the CSR.
    - SSLCertificateChainFile should be the intermediate certificate file that you received from us.

  • 6. Save the changes and exit the text editor.

  • 7. Restart the Apache web server with the following command:

    /usr/local/apache/bin/apachectl startssl
    /usr/local/apache/bin/apachectl restart

    Useful Links :

    Apache Support: httpd.apache.org/docs/1.3/misc/FAQ.html

    Creating an SSL Certificate with Apache + mod ssl : http://slacksite.com/apache/certificate.php

    Apache + SSL on Win32 systems HowTo: http://tud.at/programm/apache-ssl-win32-howto.php3
How do I install my SSL certificate on IIS 7 (Windows Server 2008)

Microsoft 's server platform , Windows Server 2008 uses the Internet Information Services ( IIS) 7.0. The new version brings important changes with regard to the management of SSL certificates. Especially in terms of setting up the certificates , which has become much easier in this release .

In addition to the known options on ordering SSL - Certificates, IIS 7 includes the ability to:

  • to generate more than one certificate simultaneously
  • to import , export certificates and extend in a simple way SSL.
  • to create self-signed certificates quickly for testing purposes.

This article guides you to set up in 2008 through the checkout process to EuropeanSSL a certificate on an IIS 7 / Windows Server .

Creating the Certificate Signing Requests

The first step begins before the actual order , when creating a Certificate Signing Request (CSR). On the IIS7 that is very simple :

  • 1. Click on the Start menu , then navigate to " Administrative Tools" and then click Internet Information Services ( IIS) Manager.
  • 2. Click in the "Connections" left on the server name and then select the option " Server Certificates " by double-clicking .
  • 3. Now click in the " Actions" on the right "Create Certificate Request" .
  • 4. Now enter all the information about your company and the host name for which you need a certificate in the space provided .

Explanation of terms :

Common Name: the host name for which you need a certificate .

Organization: The name of your company. Please enter the exact name , including the Company Type ( GmbH, AG , etc..) To .

Organizational Unit: The department that manages the certificate and set up .

City / Locality: Enter ask the company's headquarters at .

State/Province: Enter here the state .

Country/Region: Here Please enter the country code .

After entering all information please click on "Next"

  • 5. Do not leave the preset default Cryptographic Service Provider as it is and make the bit length of at least 2048 bits or higher. Then click on " Next"

  • 6 In the final step , please enter using the folder selection (button with 3 dots) to be stored or the name of the folder in which the CSR. Afterwards click on "Finish".

    The CSR now created , you can now use for ordering your EuropeanSSL certificate.

    Installation of SSL - certificate on the IIS 7

    To configure your new EuropeanSSL Certificate on IIS 7, in the first step copy the file to your web server .

    • 1. Click on the Start menu , then navigate to " Administrative Tools" and then click Internet Information Services ( IIS) Manager.
    • 2. Click in the "Connections" left on the server name and then select the option " Server Certificates " by double-clicking .
    • 3. Now click in the " Actions" on the right side on "Complete Certificate Request " .
    • 4. via the folder selection (button with 3 dots) navigate to the resulting certificate file . For safety, choose "view all Types" in the selection of the display to make sure that the file is displayed .
      In the " Friendly Name " field, enter a name that you can remember , to the certificate well regain it later . Click then on "OK " .
    • 5. If all entries are correct , you will see the newly installed certificate in the List of Server Certificates.
      If you receive the message that the private key was not found, please make sure you install the certificate on the same server on which you have also created the CSR.

    Note: Please note that use of the CSR generator is generally not possible in connection with the web server IIS , since it only accepts certificates for which the CSR was generated on the server itself .

    If the server does not accept CSR and certificate, please create a new request on the server and send the new CSR unformatted by email to EuropeanSSL.
    We are happy to provide you with your certificate with the new CSR again . This service is free of charge .

    Bind the certificate to a website

    • 1. Click on the Start menu , then navigate to " Administrative Tools" and then click Internet Information Services ( IIS) Manager.
    • 2. Click on the "Connections" section the web page that you want to associate with the certificate. Then click in the right column on "bindings".
    • 3. Click on the button "Add"
    • 4. Please change the field "Type" to "https" and then select the certificate that you want to link to the website ( the list shows your certificates using the previously created " Friendly Name". ) in the field "SSL Certificate" . Click on " OK".
    • 5. In the list of shortcuts you can now see the link for the https port 443 , click "Close" .

    To set up an intermediate certificate on the IIS 7

    The installation of the supplied intermediate certificate is important, in case this certificate is not installed, the certificate chain is not closed and the browser categorizes your certificate as invalid / untrusted.

    • 1. Download the intermediate certificate to a folder on your web server
    • 2. Click the intermediate certificate to a double-click to view the certificate details .
    • 3. In the "General" tab then click on the button " Install Certificate " button to open the Import wizard. Then, click on "Next".
    • 4. In the Certificate Import Wizard , select the option "Place all certificates in the Following store" and then click "Browse ..." .
    • 5. Now activate the option "show physical stores" , expand the folder "Intermediate Certification Authorities " and select the folder "Local Computer"

    Now click on "OK" , then "Next" and then click " Finish" to complete the installation of the intermediate certificate .

    It may be necessary to restart the IIS 7 . Whether the installation of the certificate has been operating as desired , you can easily check by going to the website with https instead of http as usual .
  • How do I copy or Transfer an SSL certificate from a Windows server to another Windows Server ?

    Copying an SSL certificate from another on the server may be necessary if you are running multiple servers and want to use a WildCard Certificate . The export an SSL certificate is then very important if you change your hosting provider.

    At this point we assume that you have your SSL certificate successfully installed on a Windows web server. The following instructions will explain in three sections as you copy or transfer the certificate furnished to another server .

    • 1 : Export the SSL certificate PFX with private key and all intermediate certificates to a file.
    • 2 : Import the SSL certificate and private key to the new server .
    • 3 : Configuration of the website in connection with your SSL certificate.

    Please note: This manual explains how to export an SSL certificate using the MMC console. If you use a Windows Server 2008 ( IIS7 ), you can export the certificate directly in the " Server Certificates " area of ​​the IIS.

    Export the certificate from the Windows MMC console

    • From the Start menu click "Run" .
    • Type mmc and click " OK"
    • Click on the menu " File" and then click "Add / Remove Snap-in ... "
    • If you are using Windows Server 2003 , click on the button " Add" . Then click double-click on "Certificates" .
    • Select the "Computer Account" option and then click "Next".
    • Leave the default " Local Computer " and click "Finish"
    • If you are using Windows Server 2003 , please click on the "Close" button . Then "OK".
    • Now please click the Plus button in the left menu next to "Certificates" .
    • Now click again on the plus button next to " Personal Folder " and then click on the folder " Certificates" . As of right mouse button click on the
    • certificate you want to export. Then select " All Tasks " and then select " Export ..." .
    • In the Certificate Export Wizard , click "Next" .
    • Now select the option " Yes , export the private key" and then click "Next".
    • In the " Personal Information Exchange " select the option "Include all certificates in the certificate path if possible"
    • Now put please a password that you can remember . This password is required every time you want to import the certificate on another server.
    • Click on "Browse" and select a location for the . Pfx file. Select the file name of a name in the form " meinedomain.pfx " and then click "Next".
    • Click on "Finish". The . Pfx file with your certificate and the private key is now stored in the folder you specified earlier .

    Import a certificate from the Windows MMC console.

    After you have successfully exported your certificate , upload the created . Pfx file directly to the new server .

    • On the Start menu click "Run" .
    • Type mmc and click " OK"
    • Click on the menu " File" and then click "Add / Remove Snap-in ... "
    • If you are using Windows Server 2003 , click on the button " Add" . Then click double-click on "Certificates" .
    • Select the "Computer Account" option and then click "Next".
    • Leave the default " Local Computer " and click "Finish"
    • If you are using Windows Server 2003 , please click on the "Close" button . Then "OK".
    • Click the right mouse button on the folder "Personal " , then select the option " All Tasks " and then " Import ..."
    • In the Certificate Import Wizard , click "Next" .
    • Click now please click the "Browse ..." button and change the file type of " x.509 ... " to " Personal Information exchange ( * . Pfx , * . P12 ) . Visit
    • now the imported . PFX file and click " Open " then click "Next" .
    • Here Please enter the previously created password for your. Pfx file. Be sure to check " Mark this key as exportable " option. This will ensure that you can
    • export the certificate by this server. Then click on "Next".
    • In the next window select the option " Automatically select the certificate store based on the type of certificate " and then click "Next " .
    • Click to conclude on " Finish" to complete the import wizard .
    • You can now click the " Resfresh " button in the toolbar , then you can see the certificate in the Personal Ornder / Certificates .
    • You can check the installation of your certificate by double-clicking and looking for the entry "You have a private key corresponds to this certificate" at the bottom of this page .
    • Close the MMC console. Another store is not necessary.

    Assign the imported SSL certificate.

    After you have successfully imported the . Pfx file, it needs to be assigned in IIS.

    • call in IIS on the host name where the certificate will be assigned.
    • Go to the tab " diretory Security " and click there on the button " Server Certificate " button to start the Server Certificate Wzard .
    • If you already have a certificate for that host name , you must first remove it and start the wizard again.
    • Now click on "Assign to existing Certificate" and then click " Next".
    • Select the imported certificate and click "Next".
    • Click on "Finish". It may be necessary to restart the server so that the certificate for the hostname works.
    SSL Installation under Exim 4.x

    Below is a description of how to set up the SSL certificate. This assumes that the certificate and the private key already exist on the server:

    Please insert the data into the corresponding directories from:

    Private key:

    / etc / ssl.key / example.com.key


    / etc / ssl.crt / example.com.crt

    If you have met the above-mentioned basic requirements, you can begin:

    • Login to your server
    • Now open the configuration file / etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs with an editor of your choice.
    • Now, add the following line to the configuration .
    • Enable TLS


    • Specify the path to the certificate .

      / etc / ssl.crt / example.com.crt

    • Enter the path to the private key to

      / etc / ssl.key / example.com.key

    • Save and exit from the editor.

    • Now activate the changed Exim4 configuration.

      update- exim4.conf

    • Now start the Exim4 service.

      / etc/init.d/exim4 restart

      The certificate is now installed and has TLS enabled.
    How do I generate a CSR under OpenSSL?

    Below is a description of how to generate a Certificate Signing Request ( CSR) with OpenSSL.

    Call the program openssl to generate the prompt:

    openssl req -nodes -new- newkey rsa : 2048 -out csr.pem

    This creates a private key and a corresponding certificate request. Now following output appears on your screen :

    # Generating a 2048 bit RSA private key
    # ............................................... + + + + + +
    ............................ # + + + + + +
    # Writing new private key to ' privkey.pem '
    # -----
    # You are about to be asked to enter information thatwill be incorporated
    # Into your certificate request .
    # What you are about to enter is what is called a Distinguished Name or a DN .
    # There are quite a few fields but you can leave some blank
    # For some fields there will be a default value ,
    # If you enter ' . ' , The field will be left blank .
    # -----

    After that you are asked questions about the registration information.

    • Enter the 2- stellingen country code (DE = Germany ) .

      # Country Name (2 letter code ) [ AU ] : DE

    • Enter your state .

      # State or Province Name (full name) [ Some - State] : Berlin

    • Enter your city.

      # Locality Name ( eg , city ) []: Berlin

    • Enter your name or company name.

      # Organization Name ( eg, company) [Pattern Company GmbH ] : Example AG.

    • Enter the department in charge ( if any) .

      # Organizational Unit Name (eg , section ) []: ---

    • Enter the exact domain name , which is to be protected by the certificate. Important: The certificate is then valid only for this input .

      # Common Name (eg, YOUR name) []: example.com

    • Enter the email address of the person responsible .

      # Email Address [ ] : hostmaster@example.org

    • The following information is optional .

      # Please enter the Following ' extra' attributes
      # To be sent with your certificate request
      # A challenge password []:
      # An optional company name [ ] :

      The files privkey.pem and csr.pem, which include the private key and the certificate request, are now created.
    We've installed Windows Server 2003 / Windows XP and get the following error: The integrity of this certificate cannot be guaranteed. The certificate may be corrupted or may have been altered.

    For Windows XP you have to install ServicePack 3. For Windows Server 2003 you have to install two hotfixes which will fix this error. Please refer to the following link to fix this issue http://blogs.technet.com/b/pki/archive/2010/09/30/sha2-and-windows.aspx.
    How to install a certificate on a Java Based Web Servers (Tomcat) using keytool?

    Installing SSL Certificate Chain (Root, Intermediate(s) and the End Entity)

    1. Import Root Certificate
    -> keytool -import -trustcacerts -alias AddTrustExternalCARoot -file AddTrustExternalCARoot.crt -keystore domain.keystore

    2. Import Intermediate(s)
    -> keytool -import -trustcacerts -alias intermediate_filename -file intermediate_filename.crt -keystore domain.keystore

    Note: Depending on the type of certificate that was purchased, there may be more than one Intermediate certificate in the chain of trust. Please install all intermediates in numberical order until you get to the domain/end entity certificate.

    3. Import Entity/Domain certificate
    -> keytool -import -trustcacerts -alias mykey -file yourDomainName.crt -keystore domain.keystore

    You should you should receive a message: Certificate reply was installed in keystore if successful. It should NOT match the output of Step 1 or 2 above.

    Note: If an alias was specified upon creation of the CSR then please use that alias instead of mykey.

    4. Restart the Web Server Service.

    Note: Tomcat will first need an SSL Connector configured before it can accept secure connections. Please ensure this is set BEFORE the server is restarted.

    Tomcat SSL Connector

    Please read this before proceeding: Java Based (Tomcat) Web Servers (using keytool)

    Tomcat will first need a SSL Connector configured before it can accept secure connections.

    Note: By default Tomcat will look for your Keystore with the file name .keystore in the CATALINA_Home directory with the default password 'changeit'.

    Commonly found CATALINA_HOME Directories

    Unix, Linux or *nix -- /etc/tomcat5.5
    Windows -- C:\Program Files\Apache Software Foundation\Tomcat 5.5\

    It is possible to change the file name, password, and even location that Tomcat looks for the keystore. If you need to do this, pay special attention to #8 of Option 2 or #5 of Option 1 below.

    Option 1 -- Configure the SSL Connector in server.xml:

    1. Copy your keystore file (your_domain.key or your_domain.pfx) to the home directory (see the Note above)
    2. Open the file Home_Directory/conf/server.xml in a text editor
    3. Un-comment the 'SSL Connector' Configuration
    4. Make sure that the 'Connector Port' is 443
    5. If your keystore filename is something other than the default file name (.keystore) and/or your keystore password is something other than default ('changeit') then you will need to specify the correct keystore filename and/or password in your connector configuration -- ex. keystorePass="newpassword". When you are done your connector should look something like this:

    To use a JKS (Java Key Store) file:

    To use a PFX/P12 (PKCS#12) file:

    6. Save the changes to server.xml
    Note: You may need to comment out the following line:

    like so:

    Note2: You may also need to set SSLEnabled="true"on the Connector in order for the SSL connection to work or else an HTTP only connection may be made. However, this is often not required.
    7. Restart Tomcat

    Please remember all Connector arguments are case sensitive!

    Option 2 -- Add an SSL Connector using admintool:

    1. Start Tomcat
    2. Enter 'http://localhost:8080/admin' in a local browser to start admintool
    3. Type a username and password with administrator rights
    4. On the left select 'Service' (Java Web Services Developer Pack)
    5. Select 'Create New Connector' from the drop-down list on the right
    6. Choose 'HTTPS' in the 'Type' field
    7. In the 'Port' field, enter '443'. This defines the TCP/IP port number on which Tomcat will listen for secure connections
    8. Enter the Keystore Name and Keystore Password if (a.) your keystore is named something other than .keystore, (b.) if .keystore is located in a directory other than the home directory of the machine on which Tomcat is running, or if (c.) the password is something other than the default value of 'changeit'. If you have used the default values, you can leave these fields blank.
    9. Select 'Save' to save the new Connector
    10. Select 'Commit Changes' to save the new Connector information to the server.xml file so that it is available the next time Tomcat is started
    This site makes use of cookies to enhance browsing experience and provide additional functionality. By continuing to browse this website you are agreeing to our use of cookies. OK