Issue description   

When attempting to install an SSL certificate in ADManager Plus, users may encounter the following error:

"The private key for the certificates you have uploaded is not found."

This error indicates that the uploaded certificate does not contain the necessary private key associated, which is required for secure SSL communication.

Possible causes   

1. Certificate without a private key: The uploaded SSL certificate file does not contain the private key.

2. Incorrect certificate format: The certificate is provided in a format that does not include the private key, such as .cer or .crt. However, you can upload the SSL certificate chain or certificate content in any supported format (.cer, .der, .crt, .pfx, .p12, .p7b, etc.) when configuring the SSL settings in the product.

3. Mismatched private key: The private key used to generate the Certificate Signing Request (CSR) does not match the uploaded certificate.

4. Incomplete certificate import: The required certificate chain (root, intermediate, and leaf certificates) is not properly imported.

 Prerequisites   

• Ensure you have admin rights on the ADManager Plus server.

• Ensure the private key used during CSR generation matches the uploaded certificate.

• Ensure the private key also be exportable while exporting the installed certificate in a .pfx or .p7b format.

Resolution  

Step 1: Verify If the certificate contains a private key   

1. Open the Certificate Manager on your Windows machine by pressing Win + R, typing certmgr.msc, and pressing Enter.

2. Navigate to Personal > Certificates.

3. Locate the certificate you are trying to upload.

4. Double-click on the certificate to open its properties.

5. Under the General tab, check for a message that states: You have a private key that corresponds to this certificate.

6. If this message is not present, the private key is missing, and the certificate cannot be used for SSL authentication.

7. Additionally, if the key symbol appears in the certificate icon within the Certificate Manager, it confirms the presence of a private key.

Step 2: Generate a new certificate If the private key Is missing   

If the certificate does not contain a private key, follow these steps to create a new CSR and obtain a new certificate:

1. Log in to ADManager Plus as an administrator.

2. Navigate to Admin > General Settings > SSL Configuration.

3. Click Generate CSR and fill in the required details.

4. Submit the CSR to your internal Certificate Authority (CA) for signing.

5. Export the signed certificate in .pfx format, ensuring it includes the private key.

6. Reapply the new .pfx certificate in ADManager Plus under SSL Configuration.

 Step 3: Install the SSL certificate in ADManager Plus   

1. Log in to ADManager Plus as an administrator.
   

2. Navigate to Admin > General Settings > SSL Configuration.

3. Click on Browse and upload the .pfx file.

4. Enter the password for the .pfx file when prompted.

5. Click Save.
   

 Step 4: Restart ADManager Plus   

1. After uploading the correct certificate, restart the ADManager Plus service for the changes to take effect.

 Tips   

• Predominantly use the .pfx or .p12 extensions: Both file extensions include both the SSL certificate and the corresponding private key, ensuring a smoother installation process.

• Store the private key securely: Keep a backup of the private key used during CSR generation to prevent future mismatches.

• Verify the certificate chain: Ensure you have all necessary certificates (root, intermediate, and leaf) to avoid SSL errors.

• Test before deploying: Before applying the certificate in a production environment, test it in a staging setup to confirm it works as expected.

 How to reach support