2) Certificates

See why customers choose Pleasant Password Server with a KeePass client

A Certificate is, simply put, a form of identification software uses to identify it as trustworthy when it interacts with other software. They are one of the foundations of authentication and security for software and websites.

This trust is established by a well-known Certificate Authority, who provides a Certificate after verifying that the software in question has not been tampered with by a 3rd party. Usually Certificate Authorities charge a fee in exchange for this service.

Have Questions?  Contact Us!


  1. Limitations of the Temporary Certificate
  2. Replacing your Temporary Certificate
  3. Importing your Certificate
  4. Distributing your Certificate


Temporary Self-Signed Certificate

Pleasant Password Server comes with a default, Self-Signed Certificate. This means, that the Certicate Authority verifying the software, is the developer of the software (Pleasant Solutions).

Browser Security Warnings

Using this Temporary Certificate will still generate warnings in your browser, even if it is properly installed into the Trusted Root Certificate Store. This is due to the browser security policies.

  • These browser warnings will be displayed until a proper certificate is added: the name of the Certificate does not match the domain, which is displayed in the full URL address in the address bar.

To resolve these errors, see the details below.

   Chrome Browser:
Chrome Certificate Error


   Firefox Browser:

Firefox Certificate Error

   Edge Browser:

Edge Certificate Error Picture

   Internet Explorer Browser:

Internet Explorer Certificate Error Picture


Resolving Browser Warnings

1. In this case, since we are connecting to our own computer, on a trusted internal connections, temporarily setting up the software, you can choose to Continue and prevent further error messages such as those above:

  • Chrome: Click Advanced, and, Proceed to localhost (unsafe)

2. Permanently remove these errors by either:

  • A) Following the steps below to generate a certificate or use a third-party one
  • B) Firefox: Choose to "add a permanent certificate exception" in your browser

Replacing Your Certificate

We recommend using a purchased Certificate from a reputable Certificate Authority. This provides an additional level of security. If making your Pleasant Password Server available in an external domain, this is the appropriate safeguard.


  • Pleasant Password Server has provided a self-signed certificate to use as a placeholder by default, with a name of PasswordServer_Temporary_Placeholder_Certificate.


Replace this Temporary Certificate with one that matches your domain URL, by either:


  • Self-Signed Certificates, are generally considered a less secure option than Third Party Certificates. It is been recommended that these could be more susceptible to man-in-the-middle attacks and so you may not feel that they are as ideal for your servers used in a production environment or connected to the internet.

Importing a Certificate

(versions 4.1.2+)

To change the Certificate that Password Server uses, run the Pleasant Service Configuration Utility that was packaged and installed with the server.

Follow these steps:

  1. Start the Service Configuration Utility.
    • Programs -> Pleasant Password Server -> Service Configuration
  2. Click Certificate Configuration -> Click Import Certificate
  3. Browse for and select the Certificate file (must be a *.pfx or *.p12 private key certificate file):
    • If necessary, convert the Certificate to *.pfx, or *.p12 format, by either:
      • Using mmc run command, first import the certificate, then export into the pfx format
      • Using OpenSSL commands
  4. Enter the password for your certificate.
  5. Restart the Password Server service (click here for instructions).
  6. Point your browser at the server.

The Certificate used can be reverted back to the default placeholder certificate at any time by clicking the Clear button within the Certificate Configuration section of the Service Configuration Utility.

This setting will persist through future updates of Pleasant Password Server.

For Legacy Versions

(versions 4.1.1 and earlier)

To avoid the certificate error page on an intranet, you must configure Pleasant Password Server to use a certificate name that matches your computer name.

  1. Stop the Pleasant Password Server service.
  1. Find the name of your computer.
    • Open the System control panel.
    • Right-click on My Computer and select Properties... or press Windows+Pause.
    • Look for the Computer name, domain, and workgroup settings.
  2. Open and modify the Pleasant Password Server configuration file.
    • By default, it will be in C:Program Files (x86)Pleasant SolutionsPleasant Password ServerPassMan.WindowsService.exe.config
      • NOTE: To edit and save the file, you may need to run your text editor (such as Notepad) with administrative privileges; right-click the program file and click Run as adminstrator.
    • Find the following section and change PasswordServer_Temporary_Placeholder_Certificate to your computer name.

<serviceCertificate findValue="PasswordServer_Temporary_Placeholder_Certificate"
    x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="Root" />

  1. Save and close the config file.
  2. Restart the Pleasant Password Server service.

Now, to get back to the Pleasant Password Server admin page securely, use https://<hostname>:10001

Distribute the Certificate to Other Machines

The last optional step is to install the certificate on other networked computer workstations. This can be done by exporting the certificate from the server computer and importing it on other computers.

Some customers may wish to further automate the distribution using scripts or using their directory's Group Policy.

Here are the simple steps.

  1. Open the Microsoft Management Console (MMC).
    • Type mmc.exe in the Start menu search box or open a Run... dialog, type mmc.exe and click OK.
  2. Click File -> Add/Remove Snap-in...
  3. Add the Certificates snap-in.
    • (Windows Vista/7) Click Certificates from the left pane and click Add.
    • (Other Windows versions) Click Add... then select Certificates and click Add.
  4. Select Computer Account and click Next.
  5. Select Local Computer and click Finish.
  6. Exit the open dialog(s).

In the list of folders on the left, the top folder should be Personal followed by Trusted Root Certification Authorities.

These folders represent the various certificate stores for the local computer.

  1. Open Trusted Root Certificate Authorities -> Certificates.
  2. Locate the certificate with your computer name.
  3. Right-click on the certificate and select All Tasks -> Export...
  4. Follow the Certificate Export Wizard to save the certificate file.
    • Select: No, do not export the private key
    • Select: Base-64 encoded X.509 (.cer)
  5. Specify a location and file name for the certificate.

Securely transport the certificate to your other workstation so that it can be imported. Use the MMC Certificate snap-in as above.

  1. Right-click on Trusted Root Certification Authorities and select All Tasks -> Import...
  2. Select your certificate file.
  3. Complete the Certificate Import Wizard.