# Import SSL Certificates

Last Updated On: 14 May 2026  
12 minutes read

Every enterprise has the necessity to encrypt the data which traverses the internet. Enterprises have gone a step ahead over just using secured methods of communication to transmit corporate data, by acquiring specific third party certificates like SSL. These third party certificates ensures that the corporate data is encrypted in such a way, that only the recipient who owns the certificate can decrypt it. Device Control Plus Server supports using SSL certificates that comes in different file types such as PFX, CER, CRT. Adding these certificates will secure the communication between the Device Control Plus server, managed computers.

**Note:** This certificate is valid for a specified term. If the certificate expires, then the communication between the agent and the server will no longer be secure.

**Note:** The ongoing communication between the agents and the server won't be interfered with when you upload a third-party SSL certificate. Trusted third-party certificate providers have preinstalled root certificates on operating systems. These root certificates will be used by the agent machine to establish secure connection with the server once you import the third-party certificate. As a result, the existing communication will continue uninterrupted and be secured further using the third-party certificate.

## Create CSR and Key Files

For Device Control Plus version **11.1.2242.01** and above:

1. It is recommended to take a backup of your existing server.key and server.csr files before initiating this process. These files will be overwritten during this process.
   - Navigate to `<Server_Installed_Directory>/nginx/conf` for server.key file.
   - Navigate to `<Server_Installed_Directory>/bin` for server.csr file (if any generated before).
2. Navigate to `<Server_Installed_Directory>/bin` in command prompt with admin privileges and execute `generateCSR.bat` file.
3. `generateCSR.bat` executes two operations:
   - Creating the .csr and .key files
   - Decrypting .key files
4. Enter 1 to proceed with .csr and .key file generation.
5. Enter the country code by referring to this [document](https://www.digicert.com/kb/ssl-certificate-country-codes.htm).

   **Note:** Re-run the batch file if you entered the wrong country code.

6. Enter the necessary details for generating the .csr file.  
   [State, locality, organization, organizational unit, common name, subject alternative names (separated by commas)]
7. You have successfully generated the server.csr and server.key file under `<Server_Installed_Directory>/bin`.

For Device Control Plus version **below 11.1.2242.01**:

1. Navigate to server installation directory and access `\apache\bin`, create a file named **opensslsan.conf**, and copy the required configuration code into the file.
2. In the code, enter the two letter Country Code next to **countryName**. Check the two letter country code of your country [here](https://www.digicert.com/kb/ssl-certificate-country-codes.htm).
3. Enter the full name of your state or province next to **stateOrProvinceName**.
4. Next to **localityName**, enter the name of your locality. Specify the name of your organization next to **organizationName**.
5. Enter the name of your website or domain beside **commonName**.
6. Enter the **Subject Alternative Name (SAN)** of your website next to DNS entries.
7. Execute the openssl command to generate server.csr and private.key.
8. To verify the details, use openssl verification command.

**Note:** Do not delete private.key file under any circumstances.

## Submit the CSR to a Certificate Authority (CA) to Obtain a CA Signed Certificate

1. Submit created **server.csr** to CAs. Check their documentation / website for details on submitting CSRs. This will involve a cost to be paid to the CA.
2. This process usually takes a few days time and you will be returned your signed SSL certificate and the CA's chain/intermediate certificate as .cer files.
3. Save these files and rename your signed SSL certificate file to **server.crt**.

**Note:**

- The validity of the certificate should be less than 397 days.
- Only RSA keys are supported in Device Control Plus server.

## Upload the 3rd party Certificates to Device Control Plus

1. Click **Admin** tab on the product console.
2. Under **Security Settings**, click **Manage SSL Certificates**.
3. Browse to upload the certificate that you have received from the vendor (CA).
4. Click Save to import the certificate.

**Note:** You need to restart the Device Control Plus server service after importing the certificate for the web server to load the newly imported certificate.

You have successfully imported the third party certificates to the Device Control Plus server. These certificates will be used only when "HTTPS" mode is enabled for communication.

Click **Admin** tab and choose **Server Settings**, to enable **https** mode under **General Settings**. You can now see that the communication between the server and the agents is secure.

**Note:** Ensure that the pfx file or .cert file should match the NAT address specified in the Device Control Plus server. If Device Control Plus and Device Control Plus server are installed in the same computer, then the same pfx file will work. In the above listed case, if Device Control Plus server is moved to a different computer, then the pfx needs to be modified to specify the appropriate host name.