Frequently Asked Questions (FAQs)

Entrust Chain Certificate FAQ for Entrust EV Multi-Domain SSL Certificates

  1. What is an Entrust Chain Certificate?
  2. How do I know if I have the correct Chain certificate?
  3. How many Entrust Chain certificates are there?
  4. Details Chain Certificate One (1) - Entrust EV Root Certificate
  5. How do I install the Entrust chain certificate?
  6. Do I need to install an Entrust Chain certificates on my client web browser?
  7. When will the Entrust Chain Certificates expire?
  8. When would I need to install an Entrust Chain Certificate on my web server?
  1. What is an Entrust Chain Certificate?
    The Entrust Chain Certificate contains the Entrust Root CA public key and is signed by Entrust Root Certification Authority (CA). Entrust is a Root CA in all major browsers. By installing the Entrust L1E Chain Certificate in your Web server, you create a chain of trust between end users and your Entrust EV Multi-Domain SSL Certificate.

    (top)

  2. How do I know if I have the correct Chain certificate?
    The Entrust Chain Certificate you are importing tells your Web browser what sites it can trust on the Web. Before you can trust the chain certificate, however, you must be sure that you are importing the correct one. To do this, compare the certificate MD5 Fingerprint (Netscape) or the SHA1 Thumbprint (Internet Explorer) on the certificate you are importing to the one(s) below. Firefox will show both SHA1 and MD5 thumbprints. If the two prints match you can be sure you are importing the correct certificate. If they do not match, please contact Entrust Certificate Services immediately and do not import the chain certificate.

    (top)

  3. How many Entrust Chain certificates are there?
    There are two (2) Entrust Chain Certificates: the Entrust EV Root Certificate and Entrust L1E Chain Certificate)

    (top)

  4. Details Chain Certificate One (1) - Entrust EV Root Certificate
    Certificate:
    Data:
    Version: 3 (0x2)
    Serial Number: 1116155212 (0x42872d4c)
    Signature Algorithm: sha1WithRSAEncryption
    Issuer: C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
    Validity
    Not Before: Jan 5 19:20:39 2007 GMT
    Not After: Jan 5 19:50:39 2017 GMT
    Subject: C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority

    Fingerprints of Chain Certificate One (1)

    The SHA1 Thumbprint for the Entrust 1st chain certificate as presented through Internet Explorer is: be e7 72 b3 19 0a c8 4b f8 31 f9 60 7d 98 89 ec 6a 96 6c 16

    The MD5 fingerprint for the Entrust 1st chain certificate as presented by Netscape is: MD5 59 BF 7B 66 82 BE 87 21 9A A8 14 A5 32 41 61 82

    Below is a copy of our Chain certificate 1 (Entrust EV Root Certificate)

    -----BEGIN CERTIFICATE-----
    MIIEmzCCBASgAwIBAgIEQoctTDANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC
    VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u
    ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc
    KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u
    ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNzAx
    MDUxOTIwMzlaFw0xNzAxMDUxOTUwMzlaMIGwMQswCQYDVQQGEwJVUzEWMBQGA1UE
    ChMNRW50cnVzdCwgSW5jLjE5MDcGA1UECxMwd3d3LmVudHJ1c3QubmV0L0NQUyBp
    cyBpbmNvcnBvcmF0ZWQgYnkgcmVmZXJlbmNlMR8wHQYDVQQLExYoYykgMjAwNiBF
    bnRydXN0LCBJbmMuMS0wKwYDVQQDEyRFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlv
    biBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2lbZD
    QvrGbSpvSN+UTDlXBe7DeRFBaDbt7P6aAY+hOCj89xBGZi5NHhqxGk7G0cCViLDJ
    /zGLMwPbt4N7PiCEXu2yViin+OC5QHE3xctHDpcqaMAilWIV20fZ9dAr/4JLya0+
    3kzbkIBQPwmKhADsMAo9GM37/SpZmiOVFyxFnh9uQ3ltDFyY/kinxSNHXF79buce
    tPZoRdGGg1uiio2x4ymA/iVxiK2+vI+sUpZLqlGN5BMxGehOTZ/brLNq1bw5VHHK
    enp/kN19HYDZgbtZJsIR/uaT4veA5GX7NDcOKYBwTa84hi6ef1evnheu6xzLKCFf
    thzY56IEIvnT2tjLAgMBAAGjggEnMIIBIzAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0T
    AQH/BAUwAwEB/zAzBggrBgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9v
    Y3NwLmVudHJ1c3QubmV0MDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwuZW50
    cnVzdC5uZXQvc2VydmVyMS5jcmwwOwYDVR0gBDQwMjAwBgRVHSAAMCgwJgYIKwYB
    BQUHAgEWGmh0dHA6Ly93d3cuZW50cnVzdC5uZXQvQ1BTMB0GA1UdDgQWBBRokORn
    pKZTgMeGZqTx90tD+4S9bTAfBgNVHSMEGDAWgBTwF2ITVT2z/woAa/tQhJfz7WLQ
    GjAZBgkqhkiG9n0HQQAEDDAKGwRWNy4xAwIAgTANBgkqhkiG9w0BAQUFAAOBgQAM
    sIR8LRP+mj2/GAWVPSBIoxaBhxVQFaSIjZ9g1Dpv6y1uOoakqdLBnYl6CBykLbNH
    jg9kSm9mA4M/TzSUNqopbYuNAiIrjM13pXCVhpHRtr9SvjNqa5n5b+ESvgTLM7/1
    EhpORLpbFk0wufO0dM5u8mhWWN3Yof1UBfQjkYXJ+Q==
    -----END CERTIFICATE-----
    

    Details of Chain Certificate 2 - Entrust L1E Chain Cerificate

    Certificate:
    Data:
    Version: 3 (0x2)
    Serial Number: 1164679900 (0x456b9adc)
    Signature Algorithm: sha1WithRSAEncryption
    Issuer: C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
    Validity
    Not Before: Dec 10 20:55:43 2009 GMT
    Not After: Dec 10 21:25:43 2019 GMT
    Subject: C=US, O=Entrust, Inc., OU=AND ADDITIONAL TERMS GOVERNING USE AND RELIANCE, OU=CPS CONTAINS IMPORTANT LIMITATIONS OF WARRANTIES AND LIABILITY, OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Certification Authority - L1E

    Fingerprints of Chain Certificate 2

    The SHA1 Thumbprint for the Entrust 2nd chain certificate as presented through Internet Explorer is: 17 9a 76 96 db 43 22 81 3f 1c 95 72 b8 50 33 84 1d ec 02 0e

    Below is a copy of our Chain certificate 2 (Entrust L1E Chain Certificate)

    -----BEGIN CERTIFICATE-----
    MIIFCjCCA/KgAwIBAgIERWua3DANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMC
    VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0
    Lm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW
    KGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsGA1UEAxMkRW50cnVzdCBSb290IENl
    cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA5MTIxMDIwNTU0M1oXDTE5MTIxMDIx
    MjU0M1owgbExCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkw
    NwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvcnBhIGlzIGluY29ycG9yYXRlZCBieSBy
    ZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA5IEVudHJ1c3QsIEluYy4xLjAsBgNV
    BAMTJUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMUUwggEiMA0G
    CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2WwRUd90OJGbcKqHbgMxdx1/9UhZY
    2l+UBqm4trljDEcgguzHlU6LuHdSaj21h6nW4cx05abIwNRWT40u1gg+DExDPvBB
    k15G7znn2WUqDHZQJ71bDTMzB+D3oqmc4REzrWb80ix6qqNzFr6ThXUP1zeM+iO3
    ZPjjTG7tswW94jbbfN52RNqCcna2bv+UodCG9xDNSlqLsHWMZlKATkhMSYOmQNd3
    gRNNXnJ+SEYiqg/iPmWUOOFycf5KcQm6NX9ViT2B1bgoARB3NloQhdK9YIQrSWGU
    DN5MQGoqxHlghCSCMmlKmEviVhC6A0VRINPP2o5UG0W2erqXmlrYxtFfAgMBAAGj
    ggEnMIIBIzAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAzBggrBgEF
    BQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0MDMG
    A1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwuZW50cnVzdC5uZXQvcm9vdGNhMS5j
    cmwwOwYDVR0gBDQwMjAwBgRVHSAAMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cu
    ZW50cnVzdC5uZXQvQ1BTMB0GA1UdDgQWBBRbQYqyxEPBvb/IVEFVneCWrf+5oTAf
    BgNVHSMEGDAWgBRokORnpKZTgMeGZqTx90tD+4S9bTAZBgkqhkiG9n0HQQAEDDAK
    GwRWNy4xAwIAgTANBgkqhkiG9w0BAQUFAAOCAQEAsjvSnsG8O0i23NhaGGZTw701
    DUhCLDUB2BCi4uONLLqmAxHta7FJy1/N7GCzutQC62FPTn7435BfTtOQAhxS2hIA
    L5tx2gQSFMGQgy4o0hBAEYsmLeuZVVRvYI7Fgx3Aoz/VihQ5ahsN79NadznPabS9
    aW9PeNOhhqObt9f7qi3w+iah+WcsiEulNNWD+0zxW3AiZhubWU9NzpjbQaT+GqPr
    OOb58TkCnUa2ycKePoK2H5/KSqixBl8QNDv92nusM07tprdL85H1nAsRktwTasjV
    8TttlmsB5CNMscHg0hIhnynUrZU9pvfnMsV1twtX2KT5wOzsMjMMTa7oCNXsqg==
    -----END CERTIFICATE-----
    

    (top)

  5. How do I install the Entrust Chain Certificate?

    You must install both chain certificates in addition to your Entrust EV Multi-Domain SSL Certificate to provide maximum browser support to your Web server. Below are general steps. Consult your server's documentation for more detailed information.

    1. Open a text editor
    2. Select the Entrust Root Chain Certificate in your Web browser. The certificate begins with the line "----BEGIN CERTIFICATE-----" and ends with "-----END CERTIFICATE-----". You must include both these lines.
    3. Paste the certificate into the text editor and save it as a file. If you are installing the certificate in a Microsoft Windows-based Web server the filename should have the extension .crt (for example, "entrustrootchain.crt").
    4. Select the Entrust L1E Chain Certificate in your Web browser (including the "----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" lines).
    5. Paste the certificate into the text editor and save it as a file. If you are installing the certificate in a Microsoft Windows-based Web server, the filename should have the extension .crt (for example, "entrustL1Echain.crt").
    6. Make a backup of the chain certificate files (for instance, on a floppy disk) and store the backups in a secure location.
    7. Close the text editor.
    8. Install the Entrust chain certificates into your Web server as described in your server's documentation. The chain certificate should be installed as a trusted root (or trusted signer CA).

    Please consult our support section for more information: http://www.entrust.net/ssl-technical/webserver.cfm

    (top)

  6. Do I need to install an Entrust Chain certificates on my client web browser?
    If you are using a web browser which is in our supported list, you do not need to install a chain certificate in your client web browser. New versions of web browser from the same vendor will normally inherit the same trust.

    Please see http://www.entrust.net/ssl-technical/browsers/index.cfm for a complete list of web browsers.

    (top)

  7. When will the Entrust Chain Certificates expire?
    The Entrust Chain Certificates will expire on January 5th, 2017

    Please see http://www.entrust.net/ssl-technical/browsers/index.cfm for a complete list of web browsers.

    (top)

  8. When would I need to install an Entrust Chain Certificate on my web server?
    If you purchase an Entrust Standard SSL Certificate or Entrust Advantage SSL Certificate, you will not need to install the chain certificates on your web server. If you purchased an Entrust EV Multi-Domain SSL Certificate you will need to install the Chain certificates on your web server.

    (top)