iPlanet 4.x Support
Entrust strongly recommends that you take the following precautions to ensure that you are able to install your Entrust SSL Certificate:
- Do not use commas in any of the fields you fill in when creating the CSR. Commas are interpreted as the end of the field and will cause an invalid CSR to be generated.
- Do not use any of the following characters in the Web server Distinguished Name: ! @ # $ % ^ * () ~ ? < > & / \
- When you generate the CSR, make sure you are logged in as an Administrator to the computer that hosts your Web server.
To generate a key pair and CSR with IPlanet 4.X follow these steps:
- Open the IPlanet Web Server Administration Server.
- On the Servers tab select your server and click Manage.
- Click the Security tab
- Check to see if a Trust Database has been created by clicking Request Certificate. If you do not see the warning message proceed to step 5. If you see a warning message at the top of the window the Trust Database has not been created.
- Click Create Database on the left.
- Choose a password minimum 8 characters and verify it. Make note of this password, as you will be required to enter it to generate the key pair and Certificate Signing Request (CSR).
- Click Request Certificate.
- Select New Certificate.
- Enter your email address in the CA Email Address box. Select New Certificate
- Leave the CA URL box blank
- Cryptographic module should be set to Internal (Software).
- Enter the password for the Trust Database in Key Pair File Password box.
- Complete the following fields: Requestor Name, Telephone Number, Common Name, Email Address, Organization, Organizational Unit, Locality, State or Province, and Country using the standards outlined in the Creating Your Distinguished Name section at the bottom of this page
- Click OK
- A page will be displayed with the CSR information and the CSR. The CSR will look like the following example:
-----BEGIN NEW CERTIFICATE REQUEST----- MIISDOIUlkmlsRRlkSllskjauASKJlalOSISLKjwBgNV BAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBU b3duMRQwEgYDVQQKEwtPcHBvcnR1bml0aTEYMBYGA1UE CxMPT25saW5lIFNlcnZpY2VzMRowGAYDVQQDExF3d3cu Zm9yd2FyZC5jby56YTBaMA0GCSqGSIb3DQEBAQUAAAkl mLKSuljSOIjsfBWu5WLHD/G4BJ+PobiC9d7S6pDvAjuy C+dPAnL0d91tXdm2j190D1kgDoSp5ZyGSgwJh2V7diuu PlHDAgEDoAAwDQYJKoZIhvcNAQEEBQADQQBf8LSLKknl sklSSLlworrr334ZmXD1AvUjuDPCWzFupReiq7UR8Z0w iJUUsllkfq/IuuIlz6oCq6htdH7/tvKhh -----END NEW CERTIFICATE REQUEST-----
- Copy the CSR (including the "-----BEGIN NEW CERTIFICATE REQUEST-----" and "-----END NEW CERTIFICATE REQUEST-----" lines) to the clipboard.
- You will use this information in the Entrust online registration process.
Creating Your Distinguished Name
- Country code: The two-letter ISO abbreviation for your country (for example, US for the United States).
- Country code: The two-letter ISO abbreviation for your country (for example, US for the United States).
- Locality: Usually the name of the city in which your organization has its head office.
- Organization: The name under which your organization is registered. This organization must own the domain name that appears in common name of your Web server. Do not abbreviate your organization's name and do not use any of the following characters: < > ~ ! @ # $ % ^ * / \ ( ) ?. This is the name you recorded in the Organization heading of the Web Server Certificate Enrollment Guide.
- Organizational unit: Normally the name of the department or group that will be using the secure Web server.
- Common name: The name of your Web server as it appears in the server's URL (for example, www.entrust.com). This name must be identical to the fully qualified domain name of the Web server for which you are requesting a certificate. If the Web server name does not match the common name in the certificate, some browsers will refuse to establish a secure connection with your site. Do not include the protocol specifier (http://) or any port numbers or pathnames in the common name. Do not use use wildcards such as * or ?, and do not use an IP address.