Here I am sharing about UCC SSL certificate Installation.
Prior to start its required to understand what is an SSL certificate. and why we require it, I have tried an easy way to understand and sharing easy steps of Installation.UCC SSL certificate- also called multidomain SSL certificate.
UCC- Unified Communication Certificate is an SSL certificate that secures multiple domains(SAN- subject alternative names), Host names(FQDN) within a Domain.UCC lets you secure your Primary Domain and after SANs or any hostname which you use Publically for any hosted services. It can support upto 99, and Ideal for MS exchange, Communication servers or any application hosted on IIS which you require publically. It will be compatible with shared hosting as well.
Understand why SSL certificates required- SSL certificates give you secured and encrypted communication between websites and your Browser, SSL( secure Socket layer) which provides encryption, SSL certificate required to installed on the Pages where user required to fill/send sensitive and Personal/confidential Information. such as payment pages, Login page, Online forms etc. data transfered in Plain-text or in non-encrypted can be easily intercepted,compromise or stolen. Here I will share how we may use same SSL certificate for both, also on shared hosting with a differen platform/Application hosting.First you require to purchage UCC SSL certificate as per your requirement.You may get from service providers for example- in.godaddy.com, instassl.com symantec globalsign..etc.on shared hosting we had got an SSL from service provider but they didnt able to support us and want us to charge for installation, So we have done it on our own. It will be very helpful follow the steps and you will be able to do it easily..
Purchage a UCC SSL certificate from Service provider for your xyz.com Domain. Now you want to use the certificate on xyz.com +abc.xyz.com + India.xyz.com+ Delhi.xyz.com for different different services for different purposes on different platform, so to use this you should have Certificates with same serialnumber should install on required Hosts/Servers/SANs. Example:- https://yourdomainname.com https://www.yourdomainname.com https://abc.yourdomainname.com https://delhi.yourdomainname.com:443 (orother port) it should all working. even if application are hosted on different platform or shared hosting.XYZ.com is domain and abc.xyz.com or other prefixes will be SANs. In our scenario we have got SSL from godaddy and we were using it only on IIS(microsoft) but we want to use for other services as suggested by the support Team, we have rekey and certificate has stopped working for previous but as we purchased and we have Certs available it should work, but support was not able to give us required steps then they said it will be on chargeable basis if we required, then we have done from our own.If you have installed Cert on IIS hosted application and you want same cert with same serial number to use on Linux apache hosted application/website.Here is an outline of the process that may used to generate and install the UCC certificate for use in multiple places at xyz.com
Using IIS Manager on our server, create a certificate request.
Then take the certificate request blob to the GoDaddy site and enter it as my Certificate Signing Request (CSR) to get them to issues me a UCC certificate to specification (SAN’s etc.)
Once they issue UCC certificate, take that certificate back to the IIS Manager on server to complete the certificate request by installing the certificate on the server where the original certificate request was made.
Then, I export the certificate from the server(IIS manager), which creates a .pfx file that we then use to install the UCC certificate on all the other sites that are named in the certificate.Export the certificate from IIS: Go to IIS manager on your windows server.Select your server in the left pane, then double click the Server Certificates icon in the middle pane:
Select the certificate that you want to export in the middle pane, then click the Export… link in the right pane:
enter the file name and pass to export.
Your file will be exported as you want on location UCC cert.pfx created on desired location.[/caption]
Now use the file to install on the services or application where you want. Remember when creating CSR(certificate signing request), You need to add the SANs for which you have to use the SSLcerts with same serial.You will be able to do on IIS easily but if you use shared host or if its on another OS or application as Linux apache, then you required to extract Pvt key again and paste pvt key separately. then you may use it perfectly.Use your credntial to login on shared host, If its on Linux apache go to Cpanel and click on SSL/TLS option. after clicking on SSL/TLS go to manage SSL
If you want to unintsall a certificate which is not working or required a new cert to upload.
to install first you need to upload. or you may choose to install an uploaded cert. If you face issues with Private key, after uploading certs pvt key not getting uploaded then you need to extract Pvtkey from the certificate(.pfx or .crt file)You need to use Open ssl (http://gnuwin32.sourceforge.net/packages/openssl.htm) (Open SSL Tool) to extract the pvt key and use on the above tab with certificate.
Now you will get above screen, you have installed successfully.after finishing browse your URL which will be working after few hours and match the both certs it will have same serialnumber and validity.To check go to Internet explorer-
click on view certificate.
Click on Details
You will find same as on your IIS host and on your shared host or Except IIS different Application.Enjoy.. You have done now.
Hi Guys please let me know if you have questions, and I welcome your comments.Thanks,Sanjeev
complete Post - https://ksanjeevpandey.blogspot.com/2017/12/ucc-ssl-certificate-installation-on.html