Skip to content

Replace Self-signed Certificate

By default, Securden comes bundled with a self-signed certificate. You can add your own Certificate Authority signed certificate by following the steps below.

Securden requires the certificate and the private key separately. If you have the CA signed certificate in .pfx format, follow the steps below:

  1. Download OpenSSL (if you don't have that installed already).

    You can download OpenSSL from here. Make sure the bin folder under the OpenSSL installation is included in the PATH environment variable.

  2. Copy your certificate (e.g., <CERTIFICATE>.pfx) and paste it in the system from where you can execute OpenSSL.exe.

    The *.pfx file is in PKCS#12 format and includes both the certificate and the private key.

  3. Run the following commands to export the private key.

    openssl pkcs12 -in <CERTIFICATE>.pfx -nocerts -out securden-key.pem -nodes

    openssl rsa -in securden-key.pem -out securden-key.pem

  4. Run the following command to export the certificate.

    openssl pkcs12 -in <CERTIFICATE>.pfx -nokeys -out securden-cert.pem

    Note

    In the above commands, substitute the ‘<CERTIFICATE>.pfx’ placeholder with the actual file name of the certificate obtained from your certificate authority.

    For instance, if the certificate name is testsite.pfx, then the above command would look like: 

    openssl pkcs12 -in testsite.pfx -nokeys -out securden-cert.pem

    Once you execute the above steps, you will get an SSL certificate and a private key.

  5. Copy and paste the securden-cert.pem and securden-key.pem files in the /conf directory of the Securden installation folder.

  6. In services.msc, restart Securden PAM Service.

Troubleshooting tip

  • In some cases, the PEM file does not contain the private key, and this brings up the error - Expecting: ANY PRIVATE KEY. Ensure that you have the key along with the certificate.
  • Ensure that the .pfx file is in PKCS#12, as this format holds both the certificate and key in it. Hence, we recommend the certificate be exported in PKCS#12 format to extract the certificate and key separately.

If the issue persists, you may write to us at support@securden.com

Securden Help Assistant
What's next?
Request a Demo Get a Price Quote
Thank you message

Thanks for sharing your details.
We will be in touch with you shortly

Thanks for sharing your details.
We will be in touch with you shortly.