Adding SSL certificates

Enroll an SSL certificate in SCM

Domains must be validated before publicly trusted SSL certificates can be issued.

Depending on the configuration of your account, domain control validation (DCV) may need to be completed as part of each certificate request. Alternatively, if your account is configured to support prevalidation, domains can be validated in advance and remain valid for a period of time.

For more information about validating domains in advance, see Understanding domains.

  • Using a Certificate Signing Request ( CSR )

  • Generation of CSR

  • Generation of CSR with Auto-Installation

  • Generation of CSR in Azure Key Vault

  1. Navigate to Certificates  SSL Certificates.

  2. Click the Add icon.

  3. Select Using a Certificate Signing Request (CSR), and click Next.

  4. Complete the Details tab fields based on the information provided in the following table.

    Field Description

    Organization

    The organization to which the certificate belongs.

    Department

    The department to which the certificate belongs.

    Certificate Profile

    The certificate profile to be used for certificate issuance.

    Certificate Term

    The validity period of the certificate. The available terms are dependent on the certificate profile.

    Comments

    Comments or notes about the certificate.

    External Requesters

    The email address of any external requester(s).
    Depending on your configuration, additional custom fields may be available.

  5. Click Next.

  6. On the CSR tab, paste your CSR, and click Next.

  7. Complete the Domains tab.

    1. If prompted, enter any required Subject Alternative Names (SANs).

    2. If prompted, select your preferred DCV method.

      1. If using the Email DCV method, select the email address to which the validation email will be sent.

  8. If prompted, review or complete the EV details tab fields based on the information provided in the following table.

    Field Description

    Incorporating Agency

    The agency with which the organization is incorporated or registered.

    Assumed Name

    A non-legal alternative name that the organization is Doing Business As (DBA).

    Registration Number

    A unique number assigned by the incorporating agency when a company is formed.

    Date of Incorporation

    The date when the company was officially incorporated.

    Business Category

    The industry or sector the company operates in.

    Phone Number

    The contact phone number of the organization.

    DUN and Bradstreet Number

    A unique nine-digit identifier for businesses, provided by the company Dun & Bradstreet.

    Jurisdiction of Incorporation City or Town

    The city or town where the company was incorporated.

    State or Province of Incorporation

    The state or province where the company was incorporated.

    Country of Incorporation

    The country where the company was incorporated.

    Title

    The professional title of the contract signer.

    First Name

    The first name of the contract signer.

    Last Name

    The last name of the contract signer.

    Email

    The email address of the contract signer.

    Phone Number

    The contact phone number of the contract signer.

    Relationship

    The nature of the contract signer’s relationship with the organization (such as, employee or third party).

    Street

    The street address where the contract signer does business.

    City or Town

    The city or town where the contract signer does business.

    State or Province

    The state or province where the contract signer does business.

    Zip/Postal Code

    The zip/postal code where the contract signer does business.

    Country

    The country where the contract signer does business.
    If EV prevalidation is enabled for your account, EV details for the organization can be managed on the Organizations page. For more information, see Update EV details.

  9. Click Next.

  10. Complete the Auto-Renewal tab.

    1. (Optional) Enable auto-renewal.

      1. Specify whether or not a new key pair should be created when the certificate is renewed.

      2. Set the number of days prior to expiration that the certificate should be renewed.

    2. Click Next/OK.

  11. If prompted, read the EULAs, select I Agree for each, and click OK.

If prevalidation is disabled for your account, you must validate your domain(s) before proceeding with certificate issuance. For instructions, see Validate a domain (no prevalidation).
This requires the configuration of a private key agent. For more information, see Understanding private key agents.

  1. Navigate to Certificates  SSL Certificates.

  2. Click the Add icon.

  3. Select Generation of CSR, and click Next.

  4. Complete the Details tab fields based on the information provided in the following table.

    Field Description

    Organization

    The organization to which the certificate belongs.

    Department

    The department to which the certificate belongs.

    Certificate Profile

    The certificate profile to be used for certificate issuance.

    Certificate Term

    The validity period of the certificate. The available terms are dependent on the certificate profile.

    Comments

    Comments or notes about the certificate.

    External Requesters

    The email address of any external requester(s).
    Depending on your configuration, additional custom fields may be available.

  5. Click Next.

  6. Complete the Private Key tab.

    1. Select a key type.

    2. (Optional) Set a password required to download the private key for the issued certificate.

      Make note of the password for future use.

    3. Click Next.

  7. Complete the Domains tab.

    1. Enter the domain for which the certificate will be issued.

    2. Enter any required Subject Alternative Names (SANs).

    3. If prompted, select your preferred DCV method.

      1. If using the Email DCV method, select the email address to which the validation email should be sent.

    4. Click Next.

  8. If prompted, review or complete the EV details tab fields based on the information provided in the following table.

    Field Description

    Incorporating Agency

    The agency with which the organization is incorporated or registered.

    Assumed Name

    A non-legal alternative name that the organization is Doing Business As (DBA).

    Registration Number

    A unique number assigned by the incorporating agency when a company is formed.

    Date of Incorporation

    The date when the company was officially incorporated.

    Business Category

    The industry or sector the company operates in.

    Phone Number

    The contact phone number of the organization.

    DUN and Bradstreet Number

    A unique nine-digit identifier for businesses, provided by the company Dun & Bradstreet.

    Jurisdiction of Incorporation City or Town

    The city or town where the company was incorporated.

    State or Province of Incorporation

    The state or province where the company was incorporated.

    Country of Incorporation

    The country where the company was incorporated.

    Title

    The professional title of the contract signer.

    First Name

    The first name of the contract signer.

    Last Name

    The last name of the contract signer.

    Email

    The email address of the contract signer.

    Phone Number

    The contact phone number of the contract signer.

    Relationship

    The nature of the contract signer’s relationship with the organization (such as, employee or third party).

    Street

    The street address where the contract signer does business.

    City or Town

    The city or town where the contract signer does business.

    State or Province

    The state or province where the contract signer does business.

    Zip/Postal Code

    The zip/postal code where the contract signer does business.

    Country

    The country where the contract signer does business.
    If EV prevalidation is enabled for your account, EV details for the organization can be managed on the Organizations page. For more information, see Update EV details.

  9. Complete the Auto-Renewal tab.

    1. (Optional) Enable auto-renewal.

      1. Specify whether or not a new key pair should be created when the certificate is renewed.

      2. Set the number of days prior to expiration that the certificate should be renewed.

    2. Click Next/OK.

  10. If prompted, read the EULAs, select I Agree for each, and click OK.

If prevalidation is disabled for your account, you must next validate your domain(s) before certificate issuance can occur. For instructions, see Validate a domain (no prevalidation).
This requires the configuration of a network agent for the appropriate organization. For more information, see Understanding network agents.

  1. Navigate to Certificates  SSL Certificates.

  2. Click the Add icon.

  3. Select Generation of CSR with Auto-Installation, and click Next.

  4. Complete the Details tab fields based on the information provided in the following table.

    Field Description

    Organization

    The organization to which the certificate belongs.

    Department

    The department to which the certificate belongs.

    Certificate Profile

    The certificate profile to be used for certificate issuance.

    Certificate Term

    The validity period of the certificate. The available terms are dependent on the certificate profile.

    Comments

    Comments or notes about the certificate.

    External Requesters

    The email address of any external requester(s).
    Depending on your configuration, additional custom fields may be available.

  5. Click Next.

  6. Complete the Private Key tab.

    1. Select a key type.

    2. Click Next.

  7. Complete the Domains tab.

    1. Enter the domain for which the certificate will be issued.

    2. Enter any required Subject Alternative Names (SANs).

    3. If prompted, select your preferred DCV method.

      1. If using the Email DCV method, select the email address to which the validation email should be sent.

    4. Click Next.

  8. If prompted, review or complete the EV details tab fields based on the information provided in the following table.

    Field Description

    Incorporating Agency

    The agency with which the organization is incorporated or registered.

    Assumed Name

    A non-legal alternative name that the organization is Doing Business As (DBA).

    Registration Number

    A unique number assigned by the incorporating agency when a company is formed.

    Date of Incorporation

    The date when the company was officially incorporated.

    Business Category

    The industry or sector the company operates in.

    Phone Number

    The contact phone number of the organization.

    DUN and Bradstreet Number

    A unique nine-digit identifier for businesses, provided by the company Dun & Bradstreet.

    Jurisdiction of Incorporation City or Town

    The city or town where the company was incorporated.

    State or Province of Incorporation

    The state or province where the company was incorporated.

    Country of Incorporation

    The country where the company was incorporated.

    Title

    The professional title of the contract signer.

    First Name

    The first name of the contract signer.

    Last Name

    The last name of the contract signer.

    Email

    The email address of the contract signer.

    Phone Number

    The contact phone number of the contract signer.

    Relationship

    The nature of the contract signer’s relationship with the organization (such as, employee or third party).

    Street

    The street address where the contract signer does business.

    City or Town

    The city or town where the contract signer does business.

    State or Province

    The state or province where the contract signer does business.

    Zip/Postal Code

    The zip/postal code where the contract signer does business.

    Country

    The country where the contract signer does business.
    If EV prevalidation is enabled for your account, EV details for the organization can be managed on the Organizations page. For more information, see Update EV details.

  9. Complete the Nodes & Ports tab.

    For information on configuring nodes and ports, see Managing servers.

    1. Click the Add icon.

    2. Select the node(s) to which the certificate will be installed.

    3. Click Next.

  10. Complete the Auto-installation tab.

    1. Specify whether certificate installation should be performed manually or on a schedule.

    2. If scheduled, configure the installation schedule.

    3. Click Next.

  11. Complete the Auto-Renewal tab.

    1. (Optional) Enable auto-renewal.

      1. Specify whether or not a new key pair should be created when the certificate is renewed.

      2. Set the number of days prior to expiration that the certificate should be renewed.

    2. Click Next/OK.

  12. If prompted, read the EULAs, select I Agree for each, and click OK.

The auto-installation of an SSL certificate on Apache or Tomcat servers requires the server to be restarted following deployment. For instructions on restarting the server through SCM, see Restart a server.
If prevalidation is disabled for your account, you must next validate your domain(s) before certificate issuance can occur. For instructions, see Validate a domain (no prevalidation).
This requires the configuration of Azure Key Vault. For more information, see Configuring Azure Key Vault.

  1. Navigate to Certificates  SSL Certificates.

  2. Click the Add icon.

  3. Select Generation of CSR in Azure Key Vault, and click Next.

  4. Complete the Details tab fields based on the information provided in the following table.

    Field Description

    Organization

    The organization to which the certificate belongs.

    Department

    The department to which the certificate belongs.

    Certificate Profile

    The certificate profile to be used for certificate issuance.

    Certificate Term

    The validity period of the certificate. The available terms are dependent on the certificate profile.

    Comments

    Comments or notes about the certificate.

    External Requesters

    The email address of any external requester(s).
    Depending on your configuration, additional custom fields may be available.

  5. Click Next.

  6. Complete the Private Key tab based on the information provided in the following table.

    Field Description

    Azure Account

    The name of the SCM Azure account configured for the Azure Key Vault.

    Resource Group

    The name of the resource group in Azure containing the appropriate Azure Key Vault.

    Key Vault

    The name of the Azure Key Vault in which the CSR should be generated.

    Key Type

    The key size or curve to be used for encrypting the private key.

    Reuse Key

    Indicates whether the existing private key should be reused when renewing the certificate. If this policy is changed in Azure, the Azure policy will take precedence during certificate renewal or replacement.

    Once the certificate is issued, this setting cannot be changed.

    Exportable Key

    Indicates whether the private key can be exported from the Azure Key Vault. If this policy is changed in Azure, the Azure policy will take precedence during certificate renewal or replacement.

    Once the certificate is issued, this setting cannot be changed.

    Store Key in HSM

    Indicates whether the key will be stored in a hardware security module (HSM).

    Once the certificate is issued, this setting cannot be changed.

  7. Click Next.

  8. Complete the Domains tab.

    1. Enter the domain for which the certificate will be issued.

    2. Enter any required Subject Alternative Names (SANs).

    3. If prompted, select your preferred DCV method.

      1. If using the Email DCV method, select the email address to which the validation email should be sent.

    4. Click Next.

  9. If prompted, review or complete the EV details tab fields based on the information provided in the following table.

    Field Description

    Incorporating Agency

    The agency with which the organization is incorporated or registered.

    Assumed Name

    A non-legal alternative name that the organization is Doing Business As (DBA).

    Registration Number

    A unique number assigned by the incorporating agency when a company is formed.

    Date of Incorporation

    The date when the company was officially incorporated.

    Business Category

    The industry or sector the company operates in.

    Phone Number

    The contact phone number of the organization.

    DUN and Bradstreet Number

    A unique nine-digit identifier for businesses, provided by the company Dun & Bradstreet.

    Jurisdiction of Incorporation City or Town

    The city or town where the company was incorporated.

    State or Province of Incorporation

    The state or province where the company was incorporated.

    Country of Incorporation

    The country where the company was incorporated.

    Title

    The professional title of the contract signer.

    First Name

    The first name of the contract signer.

    Last Name

    The last name of the contract signer.

    Email

    The email address of the contract signer.

    Phone Number

    The contact phone number of the contract signer.

    Relationship

    The nature of the contract signer’s relationship with the organization (such as, employee or third party).

    Street

    The street address where the contract signer does business.

    City or Town

    The city or town where the contract signer does business.

    State or Province

    The state or province where the contract signer does business.

    Zip/Postal Code

    The zip/postal code where the contract signer does business.

    Country

    The country where the contract signer does business.
    If EV prevalidation is enabled for your account, EV details for the organization can be managed on the Organizations page. For more information, see Update EV details.

  10. Complete the Auto-Renewal tab.

    1. (Optional) Enable auto-renewal.

      1. Specify whether or not a new key pair should be created when the certificate is renewed.

      2. Set the number of days prior to expiration that the certificate should be renewed.

    2. Click Next/OK.

  11. If prompted, read the EULAs, select I Agree for each, and click OK.

If prevalidation is disabled for your account, you must next validate your domain(s) before certificate issuance can occur. For instructions, see Validate a domain (no prevalidation).

Import SSL certificates

  1. Navigate to Certificates  SSL Certificates.

  2. Click the Import icon.

  3. Select the organization to which the certificates will be assigned.

  4. (Optional) Select the department to which the certificates will be assigned.

  5. Click Next.

  6. Click the Upload SSL button.

  7. Select your .zip file, and click Open.

    Certificates in the .zip file must be in .cer, .crt, or .pem format.