Creating a .pem with the Private Key and Entire Trust Chain

download (3)You may find you install a SSL cert, but certain browsers show the connection as unsafe (i.e. mobile browser has issues but desktop browsers are happy)

This generally points to not having the cert chain correct. You can check your cert chain at sites like –

https://ssltools.websecurity.symantec.com/checker/views/certCheck.jsp

https://www.sslshopper.com/ssl-checker.html

 

  1. Download your Intermediate and Primary Certificates.
  2. Open a text editor (such as notepad) and paste the entire body of each certificate into one text file in the following order:
    1. The Private Key – your_domain_name.key
    2. The Primary Certificate – your_domain_name.crt
    3. The Intermediate Certificate – gd_bundle_g2_g1.crt
    4. The Root Certificate – TrustedRoot.crt

    Make sure to include the beginning and end tags on each certificate. The result should look like this:

    —–BEGIN RSA PRIVATE KEY—–
    (Your Private Key: your_domain_name.key)
    —–END RSA PRIVATE KEY—–
    —–BEGIN CERTIFICATE—–
    (Your Primary SSL certificate: your_domain_name.crt)
    —–END CERTIFICATE—–
    —–BEGIN CERTIFICATE—–
    (Your Intermediate certificate: DigiCertCA.crt)
    —–END CERTIFICATE—–
    —–BEGIN CERTIFICATE—–
    (Your Root certificate: TrustedRoot.crt)
    —–END CERTIFICATE—–

    Save the combined file as your_domain_name.pem. The .pem file is now ready to use.

windows 2012 change key from evaluation to standard

get current version;

dism /online /get-currentedition

Deployment Image Servicing and Management tool
Version: 6.2.9200.16384

Image Version: 6.2.9200.16384

Current edition is:

Current Edition : ServerStandardEval

dism /online /set-edition:ServerStandard /ProductKey:xxxxx-xxxxx-xxxxx-xxxxx-xxxxx /AcceptEula

Deployment Image Servicing and Management tool
Version: 6.2.9200.16384

Image Version: 6.2.9200.16384

Starting to update components…
Starting to install product key…
Finished installing product key.

Removing package Microsoft-Windows-ServerStandardEvalEdition~31bf3856ad364e35~amd64~~6.2.9200.16384
[==========================100.0%==========================]
Finished updating components.

Starting to apply edition-specific settings…
Finished applying edition-specific settings.

The operation completed successfully.
Restart Windows to complete this operation.
Do you want to restart the computer now? (Y/N)

note : you must change evaluation edition to standard before promoting to a domain controller. you cannot change a DC in eval mode to standard and are forced to demote the server before changing the edition.