to Homepage
You are located in service Public Key Certificates
General information
IT Center Help

You are located in service: Public Key Certificates

Integrate the SSL Certificate
Print page

Integrate the SSL Certificate

guide

On this page, you will learn how to integrate an SSL certificate. To do so, you need to complete two steps:

  1. Download a server certificate
  2. Integrate a server certificate

1. Download a server certificate

As soos as your SSL certificate has been issued, you will receive an email notification.

If you had used the RA-Portal to submit your certificate signing request, then you can also download your certificate there. You have three download options:

  • just the SSL certificate
  • SSL certificate and certificate chain (1. ssl-cert, 2. intermediate-cert, 3. intermediate-cert)
  • certificate chain only (1. intermediate-cert, 2. intermediate-cert)

The root certificate (Built-in-Token) is not available for download.

Which certificate chain applies, depends on your chosen cryptographic key algorithm (RSA or ECC) and the chosen path of CSR-submission. Make sure you are using the correct certificate chain.

2. Integrate a server certificate

To integrate your SSL certificate, you need the following:

  • the received certificate file
  • the generated and saved cryptographic key pair file (private.pem)
  • the appropriate certificate chain.

Depending on the server software used, these files may need to be converted into other formats.

Convert from DER to PEM:

openssl x509 -in cert.crt -inform der -outform pem -out cert.pem

Convert from PEM to DER: 

openssl x509 -in cert.pem -inform pem -outform der -out cert.der

Apache

Apache uses PEM formatted key parts, so you can easily integrate your key parts.

In the httpd.conf the following points are especially important:

  • SSLCertificateFile: Your server certificate
  • SSLCertificateKeyFile: Your private key part
  • SSLCertificateChainFile: The complete certificate chain as PEM formatted file

lighttpd

Like Apache, lighttpd uses key components in PEM format.

In the configuration, the following points are particularly important:

  • ssl.engine = enable
  • ssl.pemfile: Combination of
    • the private key part (private.pem)
    • and the server certificate
    • combine them e.g. via cat private.pem cert-<serial number>.pem > server.pem
  • ssl.ca-file: The complete certificate chain as PEM formatted file

Microsoft IIS

In order to use your certificate, you must create a pkcs12 file from your private key part and your server certificate. This can be done with OpenSSL:

openssl pkcs12 -export -in cert-<Seriennummer>.pem –inkey private.pem -out Ihre_neue_PKCS12_Datei.p12 -name "My Certificate"
  • Use the server certificate issued by the PKI as cert-<serial number>.pem.
  • The file private.pem must correspond to your private key part.
  • The newly created file Your_new_PKCS12_file.p12 can then be imported into your server software.

You will need to configure your server to use the downloaded intermediate certificates. For further details, check out the available Microsoft documentation.

last changed on 02/26/2026

How did this content help you?

Creative Commons Lizenzvertrag
This work is licensed under a Creative Commons Attribution - Share Alike 3.0 Germany License
Chat