When using a Domain Certificate Authority (for example, Active Directory):
-
Open a cmd shell with sufficient privileges to issue signed certificates.
-
Navigate to the CSR file’s directory.
-
Generate the cer and p7b files that need to be returned to the j5 server. For example:
certreq -submit -attrib "CertificateTemplate:WebServer" j5.example.com.csr j5.example.com.cer j5.example.com.p7b
-
You can use a different CertificateTemplate, as long as it is approved for signing Web Servers.
-
Your Certificate Authority must be configured to sign with a hash at least as strong as SHA256, since weaker hashes are deprecated by Windows and most browsers.
The step above produces two files - the cer file and the p7b file. Import the p7b file to the j5 Server using the KeyManager tool. Keep the cer file, because you might need it to import certificates for your mobile devices.
When you have the p7b file back on the j5 server, the following command imports the certificates and keys into j5:
"C:\Program Files\j5\framework\bin\KeyManager.exe" import-https-certificate j5.example.com.p7b j5.example.com.key