In this article we describe how you can provide a SSL certificate to our software if you aren't using an external web proxy.

Correct certificate format

Our server only support certificates in .pem format. Please ensure that you generate the certificates in the correct format.

You have to keep certain file names so that our software detects your certificate correctly:

For your certificate file: server.crt.pem (If you got an intermediate certificate by your CA you have to ensure, that both certificates are inside this file)

For your private key file: server.key.pem

Certificate trust chain

To create a certificate trust chain please consult the following documentations:

• https://www.digicert.com/kb/ssl-support/pem-ssl-creation.htm
• https://sectigo.com/knowledge-base/detail/Creating-a-pem-File-for-SSL-Certificate-Installations/kA03l00000117PV

Please make sure that the certificate chain is present in the following order and can be converted into a .pem file afterwards:

-----BEGIN CERTIFICATE-----
(Your Primary SSL certificate: your_domain_name.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Intermediate certificate: intermediate.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Root certificate: TrustedRoot.crt)
-----END CERTIFICATE-----

 After every change in the ssl settings or files please delete the .jks file and restart the server.

Updating from v11

When you update your system you have to delete all files inside the subdirectory ssl inside your server maintenance folder. Additionally please remove the following configuration entry of your PowerFolder.config file: ssl.passwordobf=

After doing this please continue at First installation.

First installation

If you are installing PowerFolder you have to create a subdirectory named ssl within your server maintenance folder and place the certificate files within.

Then you need to restart your server. The software will detect our certificate and key file and use those for your ssl connections. It generates a keystore file within your ssl directory. It is very important, that you never delete this file. Else your ssl connection can't get established correctly.

 After every ssl setting please delete the .jks file and restart the server. the file is created new after any change made in PowerFolder server v14.

Renewing your certificates

Renewing your certificate is very easy.

Just login as admin in web and navigate inside your server maintenance folder within your ssl directory.

Replace your private key and certificate file with the new ones and restart your service.