SSL Certificates

SSL Certs, SSL Certificate, SSL Certificates

Securing Your Online Business

C2NET Stronghold Support

Generating a key pair and CSR with C2Net Stronghold

Entrust strongly recommends that you take the following precautions to ensure that you are able to install your Entrust SSL Certificate:

  • Do not use commas in any of the fields you fill in when creating the CSR. Commas are interpreted as the end of the field and will cause an invalid CSR to be generated.

  • Do not use any of the following characters in the Web server Distinguished Name: ! @ # $ % ^ * ( ) ~ ? > < & / \

  • When you generate the CSR, make sure you are logged in as an Administrator to the computer that hosts your Web server.

To generate a key and CSR with your Stronghold Web server, follow these steps:
  1. On the command line enter genkey <server_name>, where <server_name> is the name of your Web server. The name of the files (including the full path) in which the key and certificate will be stored is displayed. If you are requesting a new certificate using an existing private key, enter genreq <server_name>.

  2. When prompted, enter the size of key (in bits) you would like to generate. It is recommended that you use a 1024-bit key if that option is available. Once you make your selection Stronghold will generate random data.

  3. When prompted, enter random key strokes as instructed. The random data you generate is used in creating your key pair.

  4. Once you have generated the random data, enter "y" to have the key pair generated.

  5. Enter O when asked "Would you like to send a certificate request to a CA?". You will be prompted to enter the information that will be used in the distinguished name (DN) for your server. Enter the necessary information keeping the following example in mind:
    "O" Organization = Entrust, Inc.
    "OU" Organizational Unit = Entrust.net
    "CN" Common Name = www.entrust.net (this is the URL of your website)
    "C" Country / Region = CA
    "St" State / Province = Ontario
    "L" Locality = Ottawa

    For more detailed information on this please see Creating Your Distinguished Name.

  6. When you have finished entering the appropriate data, your CSR will be saved to the file displayed when you ran genkey. Please be sure to back up this file. The CSR is the section of the file that looks like this: 
    -----BEGIN NEW CERTIFICATE REQUEST-----
MIISDOIUlkmlsRRlkSllskjauASKJlalOSISLKjwBgNVBAg
TDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR
QwEgYDVQQKEwtPcHBvcnR1bml0aTEYMBYGA1UECxMPT25sa
W5lIFNlcnZpY2VzMRowGAYDVQQDExF3d3cuZm9yd2FyZC5j
by56YTBaMA0GCSqGSIb3DQEBAQUAAAklmLKSuljSOIjsfBW
u5WLHD/G4BJ+PobiC9d7S6pDvAjuyC+dPAnL0d91tXdm2j1
90D1kgDoSp5ZyGSgwJh2V7diuuPlHDAgEDoAAwDQYJKoZIh
vcNAQEEBQADQQBf8LSLKknlsklSSLlworrr334ZmXD1AvUj
uDPCWzFupReiq7UR8Z0wiJUUsllkfq/IuuIlz6oCq6htdH7
/tvKhh
-----END NEW CERTIFICATE REQUEST-----

  7. Please be sure to back up your key file. If you lose your key file or it becomes corrupted you will not be able to use your Entrust SSL Certificate. Please store the backup file in a secure location. Someone with access to your private key could decrypt the SSL-protected data sent and received by your Web server.

  8. Open the request file in a text editor and copy the CSR to the clipboard (including the "-----BEGIN NEW CERTIFICATE REQUEST----" and "-----END NEW CERTIFICATE REQUEST-----" lines). You will paste this text into the appropriate form on the Entrust Web site when asked to supply a CSR.

  9. Close your text editor.

To use the CSR to obtain your Entrust SSL Certificate(s), go to http://www.entrust.com/index.htm.

Creating Your Distinguished Name
  • Country code: The two-letter ISO abbreviation for your country (for example, US for the United States).

  • State or Province: The name of the state or province in which your organization has its head office. Please enter the full name of the state or province. Do not abbreviate.

  • Locality: Usually the name of the city in which your organization has its head office.

  • Organization: The name under which your organization is registered. This organization must own the domain name that appears in common name of your Web server. Do not abbreviate your organization's name and do not use any of the following characters: < > ~ ! @ # $ % ^ * / \ ( ) ?. This is the name you recorded in the Organization heading of the Web Server Certificate Enrollment Guide.

  • Organizational unit: Normally the name of the department or group that will be using the secure Web server.

  • Common name: The name of your Web server as it will appear in the servers URL (for example, www.entrust.com). This name must be identical to the fully qualified domain name of the Web server for which you are requesting a certificate. If the Web server name does not match the common name in the certificate, some browsers will refuse to establish a secure connection with your site. Do not include the protocol specifier (http://) or any port numbers or pathnames in the common name. Do not use use wildcards such as * or ?, and do not use an IP address.

If you are having difficulty finding what you are looking for, please email us.

 

SSL Secured Server

Entrust understands that before customers send sensitive information through the Internet, they first look for signs of assurance that their information does not end up in the wrong hands. That's why purchasing a SSL cert from Entrust effectively equips your web properties with the SSL security technology needed to give your clients peace of mind in knowing that their data is protected by robust encryption algorithms. Entrust provides websites with advanced SSL server certificates, including EV SSL certificates, to protect customer data, build consumer confidence, and protect your website's security reputation.

Entrust SSL solutions deliver powerful encryption in the form of the certificate https protocol in your website's URL - an indicator customers are trained to look for to determine if a secure SSL connection is actively protecting their information. Savvy website visitors also know to search for the tiny lock icon in their browser to verify if a certificate SSL is in use. Not providing your visitors with these critical beacons of secure computing can make the difference between gaining a customer a losing one. Entrust recognizes that in the competitive marketplace of the Internet, a website must deploy SSL security to successfully attract and retain consumers.

In addition to playing a major role in securing transactions over the World Wide Web, Entrust offers powerful network security solutions for website administrators. Learn more about purchasing Entrust SSL certificates or other SSL server encryption products and services to understand why Entrust network security solutions have been the choice for website administrators and e-commerce sites for over a decade.