How To Install SSL Certificate

Download Browser Generated Certificate to Windows

1. Create your Certificate in EZCA

2. Download the PEM certificate

3. Open your favorite terminal.

4. Navigate to the folder where your certificate was saved.

5. Run the following command to convert the pem file to a format Windows understands (pfx) where YOURDOWNLOADEDCERTIFICATE is the pem certificate you downloaded from EZCA and YOURDESIREDOUTPUTFILE is the name of the file you want to create.

   If you get an error of openssl not being installed, you can get the latest binaries from here

   openssl pkcs12 -inkey YOURDOWNLOADEDCERTIFICATE.pem -in YOURDOWNLOADEDCERTIFICATE.pem -export -out YOURDESIREDOUTPUTFILE.pfx
   

6. Enter a password to protect your private key.

7. This should create a new PFX certificate with the name you entered.

8. Now that the certificate is in a Windows compatible format, open your preferred certificate store.

   For the current user only

   1. Search in the Windows search bar for “Manage user certificate”.
   2. Click on the application.

   For all the users in this computer (Requires Administrator permissions)

   1. Search in the Windows search bar for “Manage computer certificate”.
   2. Click on the application.

9. Click on Personal.

10. Click on Certificates.

11. Right Click on any whitespace.

12. Select All Tasks -> Import.

13. Click “Next” on the fist page of the wizard.

14. Click the “Browse…” button.

15. Select the pfx certificate you just created (You might have to change the file type on the bottom right to show all files).

16. Click “Next”.

17. Enter the password you set when converting the certificate.

18. (Optional but recommended) Select the “Protect private key using virtualized-based security” to make your private key non exportable.

19. Click “Next”.

20. Click “Next”.

21. Click “Finish”.

22. Your certificate should now be imported in your certificate store.

Merge Certificate with Certificate Request in Windows

If you [Created a Certificate Request Locally](/create-new-certificate/create_csrcert/ and now need to install the certificate in windows, follow these steps:

1. Download your certificate.
2. Search in the Windows search bar for “Manage user certificate”.
3. Click on the application.
4. Click on Personal.
5. Click on Certificates.
6. Right Click on any whitespace.
7. Select All Tasks -> Import.
8. Click “Next” on the fist page of the wizard.
9. Click the “Browse…” button.
10. Select the certificate you just downloaded.
11. Click “Next”.
12. Click “Next”.
13. Click “Finish”.
14. Your certificate should now be imported in your certificate store.

Getting The Certificate From The Azure Portal

1. Navigate to https://portal.azure.com
2. Navigate to the Azure Key Vault you selected to keep this certificate.
3. Click on Certificates
4. You should see a certificate with the following name convention “CERTIFICATENAME"EZCA"RANDOMNUMBER” where CERTIFICATENAME is the subject name for your certificate and RANDOMNUMBER is a random number created by EZCA to avoid collisions in the Azure Key Vault.
5. Click on the certificate
6. Click on the current version
7. This will open the certificate details page.
8. From the certificate details page you can download the CER formatted certificate (No private key) or the PFX/PEM format that contains the private key.
9. Once you have downloaded the certificate, you can use the “Merge Certificate with Certificate Request in Windows” section above to import your certificate.

Use Azure Key Vault Certificate In C#

1. Retrieve a Certificate From Azure Key Vault Using C#

Use Azure Key Vault Certificate in VM

1. Azure Key Vault Extension For Automatically Downloading Certificates to Windows VM
2. Azure Key Vault Extension For Automatically Downloading Certificates to Linux VM