SSL Web Server Certificates

Information Required in Step 2

CSR Generation and Submission

  • CSR Creation:
    The Certificate Signing Request (CSR) contains your server's public key along with other information such as your server's Distinguished Name (DN). You generate the CSR using your Web server software and submit it in the online request form. When your request is approved, the data in the request is packaged into a certificate and signed by the Entrust Certification Authority (CA).

    Follow the instructions in your Web server's documentation to generate a CSR. When you go through the online request form, paste the CSR into the space provided. If your Web server is hosted by an Internet Service Provider (ISP), the ISP will be able to provide you with a CSR. For your convenience, we have provided instructions in the online request form for generating certificates using several popular Web servers. If you are ordering multiple certificates, generate a different CSR for each one. To submit each CSR simply click the "Another request" button in the online request form and paste the CSRs into the spaces provided.

    When you create a CSR, a cryptographic key pair is generated. The public key is inserted into the CSR and subsequently signed by the Entrust CA. The private key remains on your computer. Be sure to securely back up the private key. If the private key is lost or becomes corrupt you will not be able to use your certificate. Important: The private key is a very sensitive piece of information. Someone with access to your private key could decrypt the SSL-protected data sent and received by your Web server. Please take appropriate steps to ensure that no unauthorised people have access to the private key.

    Tips for creating the CSR
    When you create your CSR you are asked to enter information about your organization and your Web server. This information is used to create your Web server's Distinguished Name (DN). Please keep the following points in mind when you enter this information:


    Key-pair length 512 / 768 / 1024 bit
    Organization Preferably ISO-registered top-level organization or company name. This organization must own the domain name that will appear in the common name of your Web server. Do not abbreviate your organization's name and do not use any of the following characters: < > ~ ! @ # $ % ^ * / \ ( ) ?.
    Organizational Unit Your department within your company, such as "Sales", "Operations" etc.
    Common Name The registered domain name of the server (e.g. "www.netrust.net"). A registered domain name with a Network Information Centre (NIC) e.g. SGNIC, InterNIC is required. This name must be identical to the fully qualified domain name of the Web server for which you are requesting a certificate. If the Web server name does not match the common name in the certificate, some browsers will refuse to establish a secure connection with your site. Do not include the protocol specifier (http://) or any port numbers or pathnames in the common name. Do not use wildcard characters such as * or ?, and do not use an IP address.
    Country Two letter ISO 3166 country code, for example, "SG".
    State/Province Full name of your state or province, do not abbreviate.
    Locality Full name of the city where your company is located


  • CSR Submission:
    Important: When you generate the CSR you are asked to enter the name of your organization. Please enter the name exactly as it appears in your Proof of Right. Processing may be delayed if the name in your CSR is not identical to the name in your Proof of Right.

    To submit the CSR, simply paste it into the field provided in the online request form. Remember to include the "-----BEGIN NEW CERTIFICATE REQUEST-----" and "-----END NEW CERTIFICATE REQUEST-----" lines. In most cases the CSR looks similar to this:

    -----BEGIN NEW CERTIFICATE REQUEST-----
    MIIBOzCB5gIBADCBgTELMAkGA1UEBhMCU0cxEjAQBgNVBAgTCVNpbmdhcG9yZTEP
    MA0GA1UEBxMGTm92ZW5hMRgwFgYDVQQKEw9OZXRydXN0IFB0ZSBMdGQxGTAXBgNV
    BAsTEEFsbGlhbmNlIFByb2dyYW0xGDAWBgNVBAMUD3d3dy5uZXRydXN0Lm5ldDBb
    MA0GCSqGSIb3DQEBAQUAA0oAMEcCQF9X71qeMhxuwGVHbVwS4naE5yyIMxzOMf9w
    9mmvDHVusC+cmvdHKU+zufM1PO6RuDzSVYI2/tvbeFkWT7SEL6UCAwEAAaAAMA0G
    CSqGSIb3DQEBBAUAA0EAGoeFI2QDHSpfzlJVmfklg/R2fyNInje+7VUnTfKK18X2
    YjprwBI7DS0hOA7Z9A1Ie6xRB2dZxWKlE7xz2uqxDv==
    -----END NEW CERTIFICATE REQUEST-----


    Domain Name Ownership Details

    Please record your domain name and the name and address of the registered owner of your domain name. If you are requesting multiple certificates, record the information for each certificate. You will be asked to enter the domain information for each additional certificate in the online request form.

    Domain Name:
    Name of Owner:
    Company Name:
    Address:

    InterNIC information

    The certificate you receive from Netrust includes the common name of your Web server (for example, www.netrust.net). This common name contains the domain name of your organization. Netrust can only issue the certificate to you if your organization is the registered owner of the domain name that appears in the Web server's common name. For example, to receive a certificate for a server named www.netrust.net your organization must be the registered owner of the domain name netrust.net.

    To determine the name of the registered owner of your domain name, first identify your top-level domain (for example, .com if your domain name is www.entrust.com). Then follow the appropriate link in the WHOIS lookup page and do a WHOIS search using your domain name. For instance, if your domain name is entrust.com, follow the link to the Network Solutions Web site (Network Solutions is the NIC responsible for the .com domain) and enter your domain name in the WHOIS lookup form.

    To look up Common Names (Domain Names) ending in .com, .org, .net, .sg click on one of the following links:

    http://www.sgnic.com.sg
    http://www.register.com
    http://www.networksolutions.com/cgi-bin/whois/whois


    Choosing a 1- or 2-year Web Server Certificate.

    You can purchase certificates with one- or two-year lifetimes. Both certificate lifetimes provide excellent security.

    The two-year certificate service provides 24 months of coverage using two overlapping SSL certificates. The first certificate you will receive will have a 12-month lifetime. One month prior to the first certificate's expiration, a 13-month certificate will automatically be generated and forwarded to your technical contact. This provides one month of overlapping coverage, giving you time to pick up and install the second half of your prepaid service without having to generate another CSR or pay for another certificate.

    With both the one-year and two-year options, you will be notified by email one month prior to the expiry of your certificate coverage requesting certificate renewal.

    Please record the lifetime you would like for your Entrust Limited Web server certificate.

    Certificate lifetime: 1 Year / 2 Year  


    Choose a Passphrase
    Choose a passphrase and record it in the space provided. You will need this passphrase if you ever want to revoke your certificate. You may also be asked for it if you contact Netrust support. For security reasons, please ensure that this passphrase contains:

  • at least 8 characters
  • at least one lower-case and one upper-case character, and
  • at least one non-alphanumeric character (such as "%" or "!").

    TIP: Choose a passphrases that is easy to remember but hard for others to guess.

    Passphrase:  
    Important: If you write the passphrase down, please store it in a secure location.


    Web Server Type

    Please record the type of Web server, i.e. the Web server software, for which you are requesting a certificate. You will be asked to select it from a list box in the online request form.

    Web Server:  


    Ordering Multiple Certificates

    The online request form makes it easy to request multiple certificates. For each additional certificate you wish to request simply click "Another certificate" in the online request form and enter the domain information, CSR, passphrase, and Web server type in the spaces provided.


    Top

    Review Information Required for Step:  1  3  4  5  6