Replacing a user certificate with a CA-signed certificate (server ID)

After you submit a CSR to a Certificate Authority (CA) and receive the CA-signed certificate back, you must replace the user certificate previously generated in Certificate Manager.

If the CA-signed certificate is sent embedded in an email, cut and paste the certificate into a certificate file. This involves copying from the -----BEGIN CERTIFICATE----- marker to the -----END CERTIFICATE----- marker (inclusive) into a text editor. The extension you give the certificate file does not really matter. Certificate Manager will automatically determine whether just one certificate (CER/DER) or a certificate chain (P7B) is included.  If a certificate chain is found, this means intermediate and/or root CA certificates have been included. These are imported, along with the CA-signed user certificate, into the proper stores.

  1. In the web UI, go to Administration > Certificate Management > Certificates. In the native UI, go to Tools > Certificate Manager or click the Certificates button in the tool bar.
  2. Right-click the user certificate in the tree pane and select Replace > User Certificate
  3. Enter the private key password. Use the same password that was used to generate the self-signed user certificate.
  4. Enter or browse for the certificate filename.
    Note: In the web UI, you must click Import to display a dialog box where you can enter or browse for a certificate filename, select a file, and then click Open.
  5. Click Import to replace the user certificate with the CA-signed certificate.
    Note: You can repeat this process if a replacement CA-signed certificate is received at a later time.