SSL Certificates

SSL Certs, SSL Certificate, SSL Certificates

Securing Your Online Business

Entrust Chain Certificate FAQ for Entrust EV SSL Certificates

  1. What is an Entrust Chain Certificate?
  2. How do I know if I have the correct Chain certificate?
  3. How many Entrust Chain certificates are there?
  4. Details Chain Certificate One (1) - Entrust EV Root Certificate
  5. How do I install the Entrust chain certificate?
  6. Do I need to install an Entrust Chain certificates on my client web browser?
  7. When will the Entrust Chain Certificates expire?
  8. When would I need to install an Entrust Chain Certificate on my web server?
  1. What is an Entrust Chain Certificate?
    The Entrust Chain Certificate contains the Entrust Root CA public key and is signed by Entrust Root Certification Authority (CA). Entrust is a Root CA in all major browsers. By installing the Entrust L1A Chain Certificate in your Web server, you create a chain of trust between end users and your Entrust EV SSL Certificate.

    (top)

  2. How do I know if I have the correct Chain certificate?
    The Entrust Chain Certificate you are importing tells your Web browser what sites it can trust on the Web. Before you can trust the chain certificate, however, you must be sure that you are importing the correct one. To do this, compare the certificate MD5 Fingerprint (Netscape) or the SHA1 Thumbprint (Internet Explorer) on the certificate you are importing to the one(s) below. Firefox will show both SHA1 and MD5 thumbprints. If the two prints match you can be sure you are importing the correct certificate. If they do not match, please contact Entrust Certificate Services immediately and do not import the chain certificate.

    (top)

  3. How many Entrust Chain certificates are there?
    There are two (2) Entrust Chain Certificates: the Entrust EV Root Certificate and Entrust LIA Chain Certificate)

    (top)

  4. Details Chain Certificate One (1) - Entrust EV Root Certificate
    Certificate:
    Data:
    Version: 3 (0x2)
    Serial Number: 1116155212 (0x42872d4c)
    Signature Algorithm: sha1WithRSAEncryption
    Issuer: C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
    Validity
    Not Before: Jan 5 19:20:39 2007 GMT
    Not After: Jan 5 19:50:39 2017 GMT
    Subject: C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority

    Fingerprints of Chain Certificate One (1)

    The SHA1 Thumbprint for the Entrust 1st chain certificate as presented through Internet Explorer is: be e7 72 b3 19 0a c8 4b f8 31 f9 60 7d 98 89 ec 6a 96 6c 16

    The MD5 fingerprint for the Entrust 1st chain certificate as presented by Netscape is: MD5 59 BF 7B 66 82 BE 87 21 9A A8 14 A5 32 41 61 82

    Below is a copy of our Chain certificate 1 (Entrust EV Root Certificate)

    -----BEGIN CERTIFICATE-----
MIIEmzCCBASgAwIBAgIEQoctTDANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC
VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u
ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc
KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u
ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNzAx
MDUxOTIwMzlaFw0xNzAxMDUxOTUwMzlaMIGwMQswCQYDVQQGEwJVUzEWMBQGA1UE
ChMNRW50cnVzdCwgSW5jLjE5MDcGA1UECxMwd3d3LmVudHJ1c3QubmV0L0NQUyBp
cyBpbmNvcnBvcmF0ZWQgYnkgcmVmZXJlbmNlMR8wHQYDVQQLExYoYykgMjAwNiBF
bnRydXN0LCBJbmMuMS0wKwYDVQQDEyRFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlv
biBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2lbZD
QvrGbSpvSN+UTDlXBe7DeRFBaDbt7P6aAY+hOCj89xBGZi5NHhqxGk7G0cCViLDJ
/zGLMwPbt4N7PiCEXu2yViin+OC5QHE3xctHDpcqaMAilWIV20fZ9dAr/4JLya0+
3kzbkIBQPwmKhADsMAo9GM37/SpZmiOVFyxFnh9uQ3ltDFyY/kinxSNHXF79buce
tPZoRdGGg1uiio2x4ymA/iVxiK2+vI+sUpZLqlGN5BMxGehOTZ/brLNq1bw5VHHK
enp/kN19HYDZgbtZJsIR/uaT4veA5GX7NDcOKYBwTa84hi6ef1evnheu6xzLKCFf
thzY56IEIvnT2tjLAgMBAAGjggEnMIIBIzAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0T
AQH/BAUwAwEB/zAzBggrBgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9v
Y3NwLmVudHJ1c3QubmV0MDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwuZW50
cnVzdC5uZXQvc2VydmVyMS5jcmwwOwYDVR0gBDQwMjAwBgRVHSAAMCgwJgYIKwYB
BQUHAgEWGmh0dHA6Ly93d3cuZW50cnVzdC5uZXQvQ1BTMB0GA1UdDgQWBBRokORn
pKZTgMeGZqTx90tD+4S9bTAfBgNVHSMEGDAWgBTwF2ITVT2z/woAa/tQhJfz7WLQ
GjAZBgkqhkiG9n0HQQAEDDAKGwRWNy4xAwIAgTANBgkqhkiG9w0BAQUFAAOBgQAM
sIR8LRP+mj2/GAWVPSBIoxaBhxVQFaSIjZ9g1Dpv6y1uOoakqdLBnYl6CBykLbNH
jg9kSm9mA4M/TzSUNqopbYuNAiIrjM13pXCVhpHRtr9SvjNqa5n5b+ESvgTLM7/1
EhpORLpbFk0wufO0dM5u8mhWWN3Yof1UBfQjkYXJ+Q==
-----END CERTIFICATE-----

    Details of Chain Certificate 2 - Entrust L1A Chain Cerificate

    Certificate:
    Data:
    Version: 3 (0x2)
    Serial Number: 1164660941 (0x456b50cd)
    Signature Algorithm: sha1WithRSAEncryption
    Issuer: C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
    Validity
    Not Before: Jan 5 18:27:14 2007 GMT
    Not After: Jan 5 18:57:14 2017 GMT
    Subject: C=US, O=Entrust, Inc., OU=AND ADDITIONAL TERMS GOVERNING USE AND RELIANCE, OU=CPS CONTAINS IMPORTANT LIMITATIONS OF WARRANTIES AND LIABILITY, OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Certification Authority - L1A

    Fingerprints of Chain Certificate 2

    The MD5 fingerprint for the Entrust 2nd chain certificate as presented by Netscape is: DD 56 E5 EF CB E6 D5 BA 48 54 2C 42 18 7C 67 9B

    The SHA1 Thumbprint for the Entrust 2nd chain certificate as presented through Internet Explorer is: 82 39 a6 35 43 38 5f d4 18 fa 86 3c e2 f8 b3 bb 0f 21 34 e7

    Below is a copy of our Chain certificate 2 (Entrust L1A Chain Certificate)

    -----BEGIN CERTIFICATE-----
MIIFjjCCBHagAwIBAgIERWtQzTANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMC
VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0
Lm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW
KGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsGA1UEAxMkRW50cnVzdCBSb290IENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MDEwNTE4MjcxNFoXDTE3MDEwNTE4
NTcxNFowggE0MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjE4
MDYGA1UECxMvQU5EIEFERElUSU9OQUwgVEVSTVMgR09WRVJOSU5HIFVTRSBBTkQg
UkVMSUFOQ0UxRzBFBgNVBAsTPkNQUyBDT05UQUlOUyBJTVBPUlRBTlQgTElNSVRB
VElPTlMgT0YgV0FSUkFOVElFUyBBTkQgTElBQklMSVRZMTkwNwYDVQQLEzB3d3cu
ZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVuY2UxHzAd
BgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLjAsBgNVBAMTJUVudHJ1c3Qg
Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMUEwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDGRXpU6aql+KQv+Jo800ZMXsLRDTgT/E3snIWwcSv6KD3J
qkto8Rd972Pyo6xcSP1Ln2MKPuLLmNFtEpcfzK0Njsl2wemfuxeEbkfyy3N+sxUD
QBOoC98WqkHIUNxN7CGTnL+QV8ZZ+XKPp7Qi81CbkvhbZ0vlosJ8EMzNxdh73wOv
3lJJ0LabQvMg3/ZgfSjB6uct6d5lj5id/NryvN8USarH0KI8UG1S7iVl7GgUmAxh
ko7gN4Mf9yXVO7mWcX450/e8CET5D+d3jxipC1zrjLv25YnNicREoP1P/mlfGRMP
BD/3s2shdRMuVwOhBhstvMiXfuzOTNwXgFFIRo3lAgMBAAGjggEnMIIBIzAOBgNV
HQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAzBggrBgEFBQcBAQQnMCUwIwYI
KwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0MDMGA1UdHwQsMCowKKAm
oCSGImh0dHA6Ly9jcmwuZW50cnVzdC5uZXQvcm9vdGNhMS5jcmwwOwYDVR0gBDQw
MjAwBgRVHSAAMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuZW50cnVzdC5uZXQv
Q1BTMB0GA1UdDgQWBBR+t/xMJuawevtU4jxFc8ZDkF4oBDAfBgNVHSMEGDAWgBRo
kORnpKZTgMeGZqTx90tD+4S9bTAZBgkqhkiG9n0HQQAEDDAKGwRWNy4xAwIAgTAN
BgkqhkiG9w0BAQUFAAOCAQEALgFiTnpwN6I8YX/wQeMDrmbruMoITR8C9y3smSbn
m6df3SPGSuP6wfhp7azE7NtWuGv6hpmJCxmhWFPbWkNy64OdeLad23+8SVy4SW/D
W3PJsw8p/vadXxV50dAMHPrlNPq3lxJDombV+VczeJ61AG3W10SRiuavga31BtaB
JbNioHorzffkKijAZN439AvxJNeoZj1UQ6cb1bjAJ/x5RcTWvk7aPVW9RamtTAZ1
kL4YHOzlaxlOjk4v4HlxQyv3NLEO3+u8qS4ehcQr3Oke4/icg3UsYptLwvCARpdp
VunwO1f+RgS+KY9/d11Po2WUcAYLOfC2/oadzFrgEAFNNA==
-----END CERTIFICATE-----

    (top)

  5. How do I install the Entrust Chain Certificate?

    You must install both chain certificates in addition to your Entrust EV SSL Certificate to provide maximum browser support to your Web server. Below are general steps. Consult your server's documentation for more detailed information.

    1. Open a text editor
    2. Select the Entrust Root Chain Certificate in your Web browser. The certificate begins with the line "----BEGIN CERTIFICATE-----" and ends with "-----END CERTIFICATE-----". You must include both these lines.
    3. Paste the certificate into the text editor and save it as a file. If you are installing the certificate in a Microsoft Windows-based Web server the filename should have the extension .crt (for example, "entrustrootchain.crt").
    4. Select the Entrust L1A Chain Certificate in your Web browser (including the "----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" lines).
    5. Paste the certificate into the text editor and save it as a file. If you are installing the certificate in a Microsoft Windows-based Web server, the filename should have the extension .crt (for example, "entrustL1Achain.crt").
    6. Make a backup of the chain certificate files (for instance, on a floppy disk) and store the backups in a secure location.
    7. Close the text editor.
    8. Install the Entrust chain certificates into your Web server as described in your server's documentation. The chain certificate should be installed as a trusted root (or trusted signer CA).

    Please consult our support section for more information: http://www.entrust.net/ssl-technical/webserver.cfm

    (top)

  6. Do I need to install an Entrust Chain certificates on my client web browser?
    If you are using a web browser which is in our supported list, you do not need to install a chain certificate in your client web browser. New versions of web browser from the same vendor will normally inherit the same trust.

    Please see http://www.entrust.net/ssl-technical/browsers/index.cfm for a complete list of web browsers.

    (top)

  7. When will the Entrust Chain Certificates expire?
    The Entrust Chain Certificates will expire on January 5th, 2017

    Please see http://www.entrust.net/ssl-technical/browsers/index.cfm for a complete list of web browsers.

    (top)

  8. When would I need to install an Entrust Chain Certificate on my web server?
    If you purchase an Entrust Standard SSL Certificate or Entrust Advantage SSL Certificate, you will not need to install the chain certificates on your web server. If you purchased an Entrust EV SSL Certificate you will need to install the Chain certificates on your web server.

    (top)

Contact Me
Need
Assistance?

SSL Secured Server

Entrust understands that before customers send sensitive information through the Internet, they first look for signs of assurance that their information does not end up in the wrong hands. That's why purchasing a SSL cert from Entrust effectively equips your web properties with the SSL security technology needed to give your clients peace of mind in knowing that their data is protected by robust encryption algorithms. Entrust provides websites with advanced SSL server certificates, including EV SSL certificates, to protect customer data, build consumer confidence, and protect your website?s security reputation.

Entrust SSL solutions deliver powerful encryption in the form of the certificate https protocol in your website?s URL - an indicator customers are trained to look for to determine if a secure SSL connection is actively protecting their information. Savvy website visitors also know to search for the tiny lock icon in their browser to verify if a certificate SSL is in use. Not providing your visitors with these critical beacons of secure computing can make the difference between gaining a customer a losing one. Entrust recognizes that in the competitive marketplace of the Internet, a website must deploy SSL security to successfully attract and retain consumers.

In addition to playing a major role in securing transactions over the World Wide Web, Entrust offers powerful network security solutions for website administrators. Learn more about purchasing Entrust SSL certificates or other SSL server encryption products and services to understand why Entrust network security solutions have been the choice for website administrators and e-commerce sites for over a decade.