How-To: Install an SSL Certificate

This guide will take you through the necessary steps install your newly created certificate into your Windows PC.

Download Browser Generated Certificate to Windows

  1. Create your Certificate in EZCA

  2. Download the PEM certificate

    EZCA Cloud PKI certificate details page with Download Full Certificate button highlighted

  3. Open your favorite terminal.

  4. Navigate to the folder where your certificate was saved.

  5. Run the following command to convert the pem file to a format Windows understands (pfx) where YOURDOWNLOADEDCERTIFICATE is the pem certificate you downloaded from EZCA and YOURDESIREDOUTPUTFILE is the name of the file you want to create.

    openssl pkcs12 -inkey YOURDOWNLOADEDCERTIFICATE.pem -in YOURDOWNLOADEDCERTIFICATE.pem -export -out YOURDESIREDOUTPUTFILE.pfx

  6. Enter a password to protect your private key.

    Terminal window showing openssl pkcs12 command converting PEM certificate to PFX format

  7. This should create a new PFX certificate with the name you entered.

    Terminal window showing successful PFX certificate conversion output

  8. Now that the certificate is in a Windows compatible format, open your preferred certificate store.

    For the current user only

    1. Search in the Windows search bar for “Manage user certificate”.

      Windows search bar showing Manage user certificates Control Panel application result

    2. Click on the application.

    For all the users in this computer (Requires Administrator permissions)

    1. Search in the Windows search bar for “Manage computer certificate”.

      Windows search bar showing Manage computer certificates Control Panel application result

    2. Click on the application.

  9. Click on Personal.

    Windows Certificate Manager showing Personal folder selected in left navigation tree

  10. Click on Certificates.

    Windows Certificate Manager showing Certificates subfolder highlighted under Trusted Root Certification Authorities

  11. Right Click on any whitespace.

  12. Select All Tasks -> Import.

    Windows Certificate Manager right-click context menu showing All Tasks then Import option

  13. Click Next on the first page of the wizard.

  14. Click the Browse… button.

    Certificate Import Wizard file selection dialog with Browse button highlighted

  15. Select the pfx certificate you just created (You might have to change the file type on the bottom right to show all files).

    Terminal window showing successful PFX certificate conversion output

  16. Click “Next”.

    Certificate Import Wizard File to Import step showing PFX file path and Next button

  17. Enter the password you set when converting the certificate.

    Certificate Import Wizard Private Key Protection step with password field and import options

  18. (Optional but recommended) Select the “Protect private key using virtualized-based security” to make your private key non exportable.

    Certificate Import Wizard showing Protect private key using virtualized-based security option checked

  19. Click Next.

    Certificate Import Wizard Private Key Protection step with Next button highlighted

  20. Click Next.

    Certificate Import Wizard Certificate Store step showing Personal store selected

  21. Click Finish.

    Certificate Import Wizard completion page showing import settings summary with Finish button

  22. Your certificate should now be imported in your certificate store.

    Windows Certificate Manager showing successfully imported keytos.io certificate in Personal store

Merge Certificate with Certificate Request in Windows

If you Created a Certificate Request Locally and now need to install the certificate in windows, follow these steps:

  1. Download your certificate.

    EZCA Cloud PKI Certificate Created Successfully page with Download Certificate button highlighted

  2. Search in the Windows search bar for Manage user certificate.

    Windows search bar showing Manage user certificates Control Panel application result

  3. Click on the application.

  4. Click on Personal.

    Windows Certificate Manager showing Personal folder selected in left navigation tree

  5. Click on Certificates.

    Windows Certificate Manager showing Certificates subfolder highlighted under Trusted Root Certification Authorities

  6. Right Click on any whitespace.

  7. Select All Tasks -> Import.

    Windows Certificate Manager right-click context menu showing All Tasks then Import option

  8. Click Next on the first page of the wizard.

  9. Click the Browse… button.

    Certificate Import Wizard file selection dialog with Browse button highlighted

  10. Select the certificate you just downloaded.

    Certificate Import Wizard File to Import step with certificate selected

  11. Click Next.

    Certificate Import Wizard File to Import step showing CER file path and Next button

  12. Click Next.

    Certificate Import Wizard Certificate Store step showing Personal store selected

  13. Click Finish.

    Certificate Import Wizard completion page showing ezssh.io certificate settings with Finish button

  14. Your certificate should now be imported in your certificate store.

    Windows Certificate Manager Personal store showing newly imported ezssh.io certificate

Getting The Certificate From The Azure Portal

  1. Navigate to https://portal.azure.com

  2. Navigate to the Azure Key Vault you selected to keep this certificate.

  3. Click on Certificates

    Azure Key Vault Certificates section selected in left navigation menu

  4. You should see a certificate with the following name convention “CERTIFICATENAME"EZCA"RANDOMNUMBER” where CERTIFICATENAME is the subject name for your certificate and RANDOMNUMBER is a random number created by EZCA to avoid collisions in the Azure Key Vault.

    Azure Key Vault Certificates list showing EZCA-named certificate entries

  5. Click on the certificate

  6. Click on the current version

    Azure Key Vault certificate versions page with current version link highlighted

  7. This will open the certificate details page.

  8. From the certificate details page you can download the CER formatted certificate (No private key) or the PFX/PEM format that contains the private key.

    Azure Key Vault certificate details page showing Download in CER format and Download in PFX/PEM format buttons

  9. Once you have downloaded the certificate, you can use the “Merge Certificate with Certificate Request in Windows” section above to import your certificate.

Use Azure Key Vault Certificate In C#

Retrieve a Certificate From Azure Key Vault Using C#

Use Azure Key Vault Certificate in VM