Add a Certificate

To add a new certificate, click the button on the overview page:

 

General Specifications

Certificate name

Enter a name for the certificate.

Owner

Select the future owner of the certificate.

 

KeyHelp offers several ways to create a certificate. Select the desired method from the drop-down box.

 

Generate CSR / Self-signed Certificate

What should be created?

Certificate signing request (CSR)
Select this if you want to create a CSR that you can forward to a certificate authority to receive an official certificate.

Self-signed certificate
Select this if you want the server to generate a certificate of its own. You can also use this to secure your websites. However, corresponding client programs (web browsers, email clients) issue a warning.

Key length

Select the desired key length. Currently, key lengths of 2048 bits are generally considered sufficiently secure.

Country

Select the country.

State / province / region

Enter the desired information to be used in the certificate, e.g. Thuringia

Locality / city

Enter the desired information to be used in the certificate, e.g. Erfurt.

Organization / company

Enter the desired information to be used in the certificate, e.g. Keyweb AG.

Department name in organization

Optional information, e.g. engineering department

Domain

Specify the domain name for which the certificate is supposed to be issued. The certificate is only valid for this entry.

Note: Many certificate providers secure the domain with and without www. To do this, however, you must enter the domain with www prefix here. Please ask your certificate provider for details.

If you want to order a certificate, which includes several domains, the additional domain names will be added later by the issuer. Please enter only one domain name here.

Email of the responsible person

Many certificate issuers have guidelines which email addresses can be used. You should use one of the following email addresses:

admin@<DOMAIN_NAME>
webmaster@<DOMAIN_NAME>
administrator@<DOMAIN_NAME>
hostmaster@<DOMAIN_NAME>
root@<DOMAIN_NAME>
postmaster@<DOMAIN_NAME>

Validation period

Only if "Self-signed certificate" has been selected.

Specify how long the self-signed certificate should be valid.

 

Upload an existing certificate

Here you can upload an existing certificate.

You can upload the corresponding certificate files directly. Click on the button "Browse / Select file" under "Upload certificate files" and select the corresponding file for upload.
Common file extensions are:

".key" for the private key
".crt" for the certificate
"-ca.crt" for the root/intermediate certificate of the certificate issuer.

Or copy the text of the certificate components into the input fields under "Upload certificate as text".
You can recognize the correct certificate component by the header/footer line:

"-----BEGIN PRIVATE KEY-----" / "-----END PRIVATE KEY-----" for the private key
"-----BEGIN CERTIFICATE-----" / "-----END CERTIFICATE-----" for the certificate or the root/intermediate certificate of the certificate issuer.

 

 

Finally, click on the button to save the settings:

Attachments
There are no attachments for this article.
Related Articles
Specify Certificates for Server Services
Published on Thu, Mar 15, 2018
Edit / Update a Certificate
Published on Wed, Mar 21, 2018
Certificate Overview
Published on Wed, Mar 21, 2018