# SecureNT Installation and Deployment Guide ## Introduction This guide provides a consolidated overview of installing SecureNT Private SSL and Intranet SSL certificates across common server platforms, operating systems, browsers, and enterprise environments. SecureNT certificates are designed for: * Internal web applications * Corporate intranets * Active Directory environments * SAP systems * Development environments * Localhost deployments * Private IP addresses * Internal APIs * Private cloud infrastructure Before installing a SecureNT certificate, ensure that client devices trust the SecureNT Root CA and SecureNT Intermediate CA certificates. ## Installation Workflow Most deployments follow the same process: ### Step 1 Generate a Certificate Signing Request (CSR). ### Step 2 Receive certificate files from SecureNT. ### Step 3 Install the certificate on the server. ### Step 4 Install the SecureNT Root CA and Intermediate CA certificates on client devices. ### Step 5 Verify HTTPS connectivity. ### Step 6 Test browser trust and certificate chain validation. --- # Microsoft IIS Installation ## Supported Platforms * Windows Server * IIS 8.x * IIS 10.x ## Installation Steps 1. Open IIS Manager. 2. Select Server Certificates. 3. Complete the pending certificate request. 4. Import the SecureNT certificate. 5. Open Site Bindings. 6. Create or edit the HTTPS binding. 7. Select the installed certificate. 8. Restart IIS if required. ## Verification Verify: * HTTPS loads correctly * No certificate warnings appear * Certificate chain is complete --- # Apache HTTP Server Installation ## Supported Platforms * Windows * Linux * Ubuntu * Debian * Red Hat ## Required Files ```text server.crt server.key ca-bundle.crt ``` ## Apache Configuration Example: ```apache SSLEngine on SSLCertificateFile server.crt SSLCertificateKeyFile server.key SSLCertificateChainFile ca-bundle.crt ``` ## Verification Restart Apache and verify: * HTTPS availability * Certificate chain * Browser trust --- # Nginx Installation ## Required Files ```text server.crt server.key ``` ## Example Configuration ```nginx server { listen 443 ssl; ssl_certificate server.crt; ssl_certificate_key server.key; } ``` ## Verification Restart Nginx and verify HTTPS access. --- # Ubuntu Linux Deployment ## Common Servers * Apache * Nginx * Tomcat ## Installation Process 1. Upload certificate files. 2. Install certificate chain. 3. Configure the server. 4. Restart services. 5. Verify HTTPS. ## Useful Verification Commands ```bash openssl s_client -connect hostname:443 ``` ```bash openssl x509 -text -noout -in certificate.crt ``` --- # Tomcat Installation ## Certificate Format Tomcat commonly uses: ```text PKCS#12 (PFX) ``` or ```text Java Keystore (JKS) ``` ## Installation Steps 1. Import certificate into keystore. 2. Configure HTTPS Connector. 3. Restart Tomcat. ## Example Connector ```xml ``` ## Verification Verify: * HTTPS loads successfully * Certificate chain validates * Applications function normally --- # JBoss Installation ## Supported Environments * JBoss * WildFly ## Process 1. Import certificate into keystore. 2. Configure HTTPS listener. 3. Restart services. 4. Verify HTTPS functionality. --- # SAP Installation ## Typical Deployments SecureNT certificates are frequently deployed within SAP environments. Examples: * SAP NetWeaver * SAP Portal * SAP Web Dispatcher ## General Process 1. Generate CSR. 2. Receive certificate. 3. Import certificate. 4. Import CA chain. 5. Activate HTTPS services. ## Verification Verify: * Browser trust * SAP connectivity * HTTPS availability --- # XAMPP Installation ## Components XAMPP uses Apache internally. ## Installation Steps 1. Replace certificate files. 2. Update Apache SSL configuration. 3. Restart Apache. 4. Verify HTTPS. ## Typical Use Cases * Development environments * Internal testing * Application prototyping --- # Windows Trust Store Deployment ## Manual Installation Install: * SecureNT Root CA * SecureNT Intermediate CA into Windows certificate stores. ### Root CA Location ```text Trusted Root Certification Authorities ``` ### Intermediate CA Location ```text Intermediate Certification Authorities ``` ## Result Applications using Windows trust services automatically trust SecureNT certificates. --- # Active Directory Group Policy Deployment ## Recommended For * Medium organizations * Large enterprises * Domain-managed environments ## Benefits * Centralized deployment * Automated trust distribution * Reduced support effort ## Typical Process 1. Open Group Policy Management. 2. Create or edit a GPO. 3. Import Root CA certificate. 4. Import Intermediate CA certificate. 5. Link GPO to required Organizational Units. 6. Refresh Group Policy. ## Verification Use: ```cmd gpupdate /force ``` to refresh policies. --- # Microsoft Endpoint Manager Deployment Organizations using Microsoft Endpoint Manager may distribute: * Root CA certificates * Intermediate CA certificates through device management policies. This approach works well for: * Remote employees * Hybrid workforces * Cloud-managed devices --- # Firefox Trust Configuration ## Why Firefox Is Different Firefox maintains its own certificate store. ## Option 1 Import: * SecureNT Root CA * SecureNT Intermediate CA directly into Firefox. ## Option 2 Enable Enterprise Roots. This allows Firefox to trust certificates already trusted by Windows. ## Verification Open an HTTPS site protected by SecureNT and verify browser trust. --- # Chrome and Microsoft Edge Chrome and Edge use operating system trust stores. After SecureNT CA certificates are trusted by Windows or macOS: * Chrome trusts SecureNT certificates * Edge trusts SecureNT certificates No additional browser configuration is normally required. --- # Safari Trust Configuration Safari uses macOS Keychain. ## Installation Steps 1. Open Keychain Access. 2. Import Root CA. 3. Import Intermediate CA. 4. Mark certificates as trusted. ## Verification Open the HTTPS site and verify no certificate warnings appear. --- # Android Deployment ## Manual Installation Install: * SecureNT Root CA * SecureNT Intermediate CA through Android certificate settings. ## Managed Deployment Organizations commonly use: * Microsoft Intune * Mobile Device Management solutions for large-scale deployment. ## Verification Open internal HTTPS applications and verify trust. --- # Browser Compatibility After proper trust deployment, SecureNT certificates work with: * Chrome * Microsoft Edge * Firefox * Safari * Chromium-based browsers Browser compatibility depends primarily on successful trust deployment. --- # Certificate Chain Verification ## What To Verify A proper deployment includes: ```text SecureNT Root CA ↓ SecureNT Intermediate CA ↓ Server Certificate ``` ## Common Problems * Missing Root CA * Missing Intermediate CA * Incorrect store placement * Incomplete certificate chain --- # Troubleshooting ## Browser Shows Certificate Warning Possible causes: * Root CA not installed * Intermediate CA not installed * Incorrect trust store ## HTTPS Site Does Not Load Possible causes: * Incorrect binding * Server configuration errors * Missing certificate files ## Firefox Trust Errors Possible causes: * Enterprise Roots disabled * CA certificates not imported ## Certificate Name Mismatch Possible causes: * Missing SAN entries * Incorrect hostname * Missing IP address SAN --- # Deployment Best Practices ## Use Group Policy Where Possible For Active Directory environments, Group Policy provides the simplest trust deployment model. ## Keep Certificate Records Document: * Certificate owner * Server location * Expiration date * Renewal schedule ## Test Before Production Validate: * Browser trust * Application functionality * Certificate chain * HTTPS connectivity before production rollout. ## Standardize Procedures Use consistent deployment methods across all environments. --- # Summary SecureNT certificates can be deployed across a wide range of server platforms, browsers, operating systems, and enterprise environments. The key to a successful deployment is ensuring: * Correct server installation * Proper certificate chain configuration * Trust deployment of SecureNT Root CA and Intermediate CA certificates * Validation of browser and application behavior Following these practices enables organizations to deploy trusted Internal HTTPS consistently across internal infrastructure, Active Directory environments, private cloud deployments, localhost systems, and enterprise applications.