After approval and generation, receive/download the certificate files from the CA. There should be two or more files:
The signed identity certificate which needs to be in PKCS#7/P7B or PEM format
Zero, one or more intermediate certificates in PEM format
The root certificate should be downloaded in PEM and DER format and put aside for later distribution to IP Office systems.
Copy all to the original CSR directory.
See Certificate File Naming and File Formats for more information on certificate file formats.
On the same server the certificate request was created on, open the MMC Certificates snap-in for the Local Computer account.
Expand Certificates (Local Computer).
Right-click Personal, then click Select All Tasks > Import.
Click Next.
Browse and select the signed identity certificate received from the CA, then click Open.
Ensure that these options are always selected:
Mark the Private Key Exportable
Import all Extended Properties
Import all Certificates in the Chain
Click Next.
Select Place all certificates in the following store. Under Certificate Store, make sure Personal is selected. and click Next.
Complete the Certificate Import Wizard and click Finish.
Check there is a key icon on the new certificate, if not the private key is not present.
Repeat the import process to import the intermediate certificate file(s); there will be no key icon with these new certificates. Again these must go into the Personal certificate store.
Select the identity certificate and click Open, select Details and verify the content are as expected. Select Certification Path and verify all the certificates are present to the root certificate.
