| 1. |
What is the relationship between Netrust and Entrust
Limited?
(top)
|
| |
Netrust Pte Ltd is an independent third party Registration Authority of
Entrust
Limited. As an independent third party Registration Authority, Netrust performs background checks to verify all necessary documentation related to certification
applications. Once the checks are completed successfully, a digital certificate will be issued to the applicant.
|
| 2. |
How are Netrust Web certificates trusted by older/newer versions of browsers?
(top)
|
| |
Netrust Web certificates are automatically and transparently trusted by browsers. This trust
is established because Netrust Web certificates are signed by
Entrust Limited's CA and Entrust Limited's CA root already exists in all new versions of browsers like IE
5.X or Netscape 4.X onwards.
For older browsers, Entrust Limited's CA root is linked to one of the existing root CAs (GTE)
in the browser. The Root CA linked to Entrust Limited's CA for older browsers is owned by Baltimore.
Thus, most bowsers trust Netrust Web certificates directly through the Entrust root, while
older browsers trust Netrust Web certificates as chained to the GTE root.
|
| 3. |
How strong are Entrust certificates?
(top)
|
| |
You determine the strength of the public key in the certificate when you generate the key pair for
your Web server. If you generate a 1024-bit key pair and submit the associated CSR, then the certificate
you receive contains the 1024-bit public key. If you generate a 512-bit key pair then the certificate
contains the 512-bit public key. Entrust certificates are signed with a 1024-bit RSA key (the Entrust CA
private signing key).
|
| 4. |
How do I get 128 bit / full strength sessions?
(top)
|
| |
The strength of the SSL session between a browser and server depends on the strength of the session key
that is generated during session negotiation. This is a symmetric key used to encrypt and decrypt
data exchanged by the browser and server.
Browsers and servers usually negotiate the strongest
mutually supported session. This means that if the user's browser and your Web server both support
128-bit SSL sessions, a 128-bit session is established. If the user's browser only supports 40-bit
SSL sessions, then a 40-bit session is established even if your Web server supports 128-bit sessions.
In general, browsers that have been exported from the UnitedStates only support 40-bit SSL sessions.
These "international" versions are also relatively common within the United States. Browsers that are
exclusively distributed within the United States or manufactured by companies outside of the United States
support 128-bit SSL sessions.
|
| 5. |
What browsers will my server certificate work with?
(top)
|
| |
Netrust Web certificates work with all major browsers. For a full list take a look at the
compatibility page.
|
| 6. |
Is my certificate tied to my IP address?
(top)
|
| |
No, certificates do not contain any information about IP addresses. However, the domain name listed in
the certificate must match the domain name of the server on which the certificate is installed. The domain
name can be mapped to any IP address.
|
| 7. |
I am using several Web servers in a load balancing configuration. How many Netrust Web
certificates do I need?
(top)
|
| |
You will need one Netrust web certificate for each of your secure Web servers (including any
virtual Web servers). For more information, see the Entrust
Limited
Certification Policy Practice Statement at
http://www.entrust.net/about/cps.htm.
|
| 8. |
How much does a server certificate cost?
(top)
|
| |
The cost of a server certificate depends on its validity period. See our pricing page for the
latest details.
|
| 9. |
How long does it take to get a certificate?
(top)
|
| |
Companies that have been in existence for more than a year under their current name and address will
usually receive a certificate within two-three business days. However, newer companies may have to wait
longer.
|
| 10. |
How do I renew my server certificate?
(top)
|
| |
Some other public CAs will simply repackage your old public key in a new certificate and call it a
"renewal". Because cryptographic keys can be compromised by a sustained computational attack over many
years, Entrust asks that you generate a new key pair and CSR and request a fresh certificate. By renewing
your public key along with the certificate you ensure maximum security for your transactions.
|
| 11. |
What is the renewal fee?
(top)
|
| |
The renewal fee depends on the type of certificate you are requesting. See our
pricing page for the latest details.
|
| 12. |
How do I correct my server certificate after it is issued to me?
(top)
|
| |
Unfortunately we cannot correct certificates once they have been issued. If we make a processing error
we will issue a new certificate based on your submitted information at no cost. Otherwise you must buy
a new certificate.
|
| 13. |
How do I check the status of my certificate request?
(top)
|
| |
You can check the status of your order online. Simply enter theorder number generated when you requested
your certificate to see the online status page.
|
| 14. |
How will I know if my enrollment was successful?
(top)
|
| |
You will receive an email when your order has been processed.This email includes a link to your request
status page and links to each of the certificates that have been issued. If any of your Certificate
requests have not been approved the status page explains why.
|
| 15. |
What do I do if any of the contact information changes?
(top)
|
| |
If your contact information changes please fax the updated information to Netrust at (65) 6212-1366.
|