Requests will only be processed from Sunday to Thursday between the times of 7:00 am till 3:00 pm.
PKI Support is available 24hrs a day / 7 days a week and can be reached by email at pkihelp@eim.ae or by telephone at 8002900.

Kindly use the same password that has been entered while exporting the certificate private key if it doesn't works then you have to apply for new certificate.

Kindly allow the add-on that is appearing on top of the page

Please follow the procedure given below for Internet Explorer settings
1- Open Internet Explorer, click Tools then click the Security Tab, select the Trusted Sites option in the text area. Kindly add the Comtrust site to the list of Trusted Sites

2- Click Custom Level Button & enable all ActiveX settings listed

3- Close all opened Internet Explorer windows and re-open Internet Explorer & fill up the application form and submit your application.

This product is an SSL Web Server certificate that conveniently allows you to secure multiple sub domains on one domain on the same server using *.domain.com pattern for the common name.

'No'. Etisalat is keen to provide this feature as soon as possible.

https://comtrust.etisalat.ae/enrollment/app/general/Seal

Yes

No. Etisalat is keen to provide this feature as soon as possible.

Etisalat provide standard SSL certificates. These certificates must be compatible with all vendors who have X.509 certificates implementation. Customer should consult with exchange vendor or online documentation for certificate installation.

Key length '1024' and higher is supported only.

A CSR is a file containing your IIS SSL certificate application information, including your Public Key. Generate your CSR and then copy and paste the CSR file into the webform in the enrollment process:
Generate keys and Certificate Signing Request:
- Select Administrative Tools
- Start Internet Services Manager

- Open the properties window for the website the CSR is for. You can do this by right clicking on the Default Website and selecting Properties from the menu
- Open Directory Security by right clicking on the Directory Security tab

- Click Server Certificate. The following Wizard will appear:

- Click Create a new certificate and click Next

- Select Prepare the request and click Next.

- Provide a name for the certificate, this needs to be easily identifiable if you are working with multiple domains. This is for your records only.
- We recommend you stay with the default of 1024 bit key if the option is available. Click Next

- Enter Organization and Organization Unit, these are your company name and department respectively. Click Next.

- The Common Name field should be the Fully Qualified Domain Name (FQDN) or the web address for which you plan to use your IIS SSL Certificate, e.g. the area of your site you wish customers to connect to using SSL. For example, a Basic SSL Certificate issued for Networking4allgroup.com will not be valid for secure.Networking4allgroup.com. If the web address to be used for SSL is secure.Networking4allgroup.com, ensure that the common name submitted in the CSR is secure.Networking4allgroup.com. Click Next.

- Enter your country, state and city. Click Next.

- Enter a filename and location to save your CSR. You will need this CSR to enroll for your IIS SSL Certificate. Click Next

- Check the details you have entered. If you have made a mistake click Back and amend the details. Be especially sure to check the domain name the Certificate is to be "Issued To". Your IIS SSL Certificate will only work on this domain. Click Next when you are happy the details are absolutely correct.
- When you make your application, make sure you include the CSR in its entirety into the appropriate section of the enrollment form - including
-----BEGIN CERTIFICATE REQUEST-----to-----END CERTIFICATE REQUEST-----
- Click Next
- Confirm your details in the enrollment form
- Finish
To save your private key:
- Go to: Certificates snap in in the MMC
- Select Requests
- Select All tasks
- Select Export
We recommend that you make a note of your password and backup your key as these are known only to you, so if you loose them we can't help! A floppy diskette or other removable media is recommended for your backup files.

- Open Internet Services Manager, or the custom MMC containing the Internet Information Services snap-in.

- Expand Internet Information Services (if needed) and browse to the Web site you have a pending certificate request on.

- Right-click on the site and then click Properties.
- Click the Directory Security tab.

- Under the Secure Communications section, click Server Certificate.
On the Web Server Certificate Wizard, click Next

- Choose to Process the Pending Request and Install the Certificate. Click Next.

- Type in the location of the certificate response file (you may also browse to the file), and then click Next.

- Choose which SSL port the webserver will use (default is 443) and click Next.

You will see a confirmation screen. After reading this information, click Next.

You now have an SSL server certificate installed. You may want to test the Web site to ensure that everything is working correctly. Be sure to use https:// when you test connectivity to the site.

1- Click Start, then Administrative Tools, then Internet Information Services (IIS) Manager.
2- Click on the server name.
3- From the center menu, double-click the "Server Certificates" button in the "Security" section (it is near the bottom of the menu

4- Next, from the "Actions" menu (on the right), click on "Create Certificate Request." This will open the Request Certificate wizard.

5- In the "Distinguished Name Properties" window, enter the information as follows:
Common Name - The name through which the certificate will be accessed (usually the fully-qualified domain name, e.g., www.domain.com or mail.domain.com).
Organization - The legally registered name of your organization/company.
Organizational unit - The name of your department within the organization (frequently this entry will be listed as "IT," "Web Security," or is simply left blank). City/locality - The city in which your organization is located.
State/province - The state in which your organization is located.
Country/region - Country

6- Click Next.
7- In the "Cryptographic Service Provider Properties" window, leave both settings at their defaults (Microsoft RSA SChannel and 1024) and then click next.

8- Enter a filename for your CSR file.
Remember the filename that you choose and the location to which you save it. You will need to open this file as a text file and copy the entire body of it (including the Begin and End Certificate Request tags) into the online order process when prompted.

9- Click Finish. Your new CSR is now contained within the file c:\certreq.txt
NOTE: - When you make your application, make sure you include the CSR in its entirety into the appropriate section of the enrollment form - including
-----BEGIN CERTIFICATE REQUEST-----to-----END CERTIFICATE REQUEST-----

After you download Etisalat Certificate you will first need to install it to the server from which the certificate request was generated. Installation:
1. Open the .p7b file containing your certificate. Save the file named your_domain_name.cer to the desktop of the web server you are securing.
2. Click on Start, then Administrative Tools, then Internet Information Services (IIS) Manager.
3. Click on the server name.
4. From the center menu, double-click the "Server Certificates" button in the "Security" section (near the bottom of the menu).

5. From the "Actions" menu (on the right), click on "Complete Certificate Request." This will open the Complete Certificate Request wizard.

6. Browse to your_domain_name.cer file that was provided to you by Etisalat. You will then be required to enter a friendly name. The friendly name is not part of the certificate itself, but is used by the server administrator to easily distinguish the certificate.

7. Clicking "OK" will install the certificate to the server.
Note: There is a known issue in IIS 7 giving the following error: "Cannot find the certificate request associated with this certificate file. A certificate request must be completed on the computer where it was created." You may also receive a message stating "ASN1 bad tag value met". If this is the same server that you generated the CSR on then, in most cases, the certificate is actually installed. Simply cancel the dialog and press "F5" to refresh the list of server certificates. If the new certificate is now in the list, you can continue with the next step. If it is not in the list, you will need to reissue your certificate using a new CSR. Once the SSL certificate has been successfully installed to the server, you will need to assign that certificate to the appropriate website using IIS.
8. From the "Connections" menu in the main Internet Information Services (IIS) Manager window, select the name of the server to which the certificate was installed.
9. Under "Sites," select the site to be secured with SSL.
10. From the "Actions" menu (on the right), click on "Bindings." This will open the "Site Bindings" window.

11. In the "Site Bindings" window, click "Add..." This will open the "Add Site Binding" window.

12. Under "Type" choose https. The IP address should be the IP address of the site or All Unassigned, and the port over which traffic will be secured by SSL is usually 443. The "SSL Certificate" field should specify the certificate that was installed in step 7.

13. Click "OK."

14. Your SSL certificate is now installed, and the website configured to accept secure connections.

Export Procedure:-
1. Start > Run
2. Type in MMC and click OK
3. Go into the File Tab > select Add/Remove Snap-in
4. Click on Certificates and click on Add.
5. Select Computer Account > Click Next
6. Select Local Computer > Click Finish
7. Click OK to close the Add/Remove Snap-in window.
8. Double click on Certificates (Local Computer) in the center window.
9. Double click on the Personal folder, and then on Certificates.
10. Right Click on the Certificate you would like to backup and choose > ALL TASKS > Export
11. Follow the Certificate Export Wizard to backup your certificate to a .pfx file.
12. Choose to 'Yes, export the private key'
13. Choose to "Include all certificates in certificate path if possible." (do NOT select the delete Private Key option)
14. Enter a password you will remember
15. Choose to save file on a set location
16. Finish
17. You will receive a message > "The export was successful." > Click OK
18. The .pfx file backup is now saved in the location you selected.
Import Procedure:-
1. Start > Run
2. Type in MMC and click OK
3. Go into the File Tab > select Add/Remove Snap-in
4. Click on Certificates and click on Add.
5. Select Computer Account > Click Next
6. Select Local Computer > Click Finish
7. Click OK to close the Add/Remove Snap-in window.
8. Double click on Certificates (Local Computer) in the center window.
9. Right click on the Personal Certificates Store (folder)
10. Choose > ALL TASKS > Import
11. Follow the Certificate Import Wizard to import your Primary Certificate from the .pfx file. You will need to browse for .pfx files.
12. Enter the password that was used when exporting the certificate to a .pfx file.
13. If desired, check the box to "Mark this key as exportable."
14. When prompted, choose to automatically place the certificates in the certificate stores based on the type of the certificate.
15. Click Finish to close the certificate wizard.
16. Close the MMC console. In the case that you are prompted, it is not necessary to save the changes made to the MMC console.