4D WebSTAR Server Suite 5.1.2 (Mac OS 10.0.4 +)

Generate a Key

Use the Key Generator application in the SSL Tools folder to generate a file containing a private key for use with your secure server. Follow these steps:

Launch the Key Generator application (in the Tools & Examples folder, SSL Tools folder).

Enter a password to protect your key. You'll need it later to authorize WebSTAR SSL to use your public/private key pair. Do not forget this password! If you do, the private key cannot be recovered: there is no "back door" to this security. Make sure that the password is at least 8 characters long, includes letters, numbers and punctuation, and is not a name or a word.

Write the password down and store it in a secure place, such as a safety deposit box. If you lose the password, you will have to purchase a new certificate.

Click the Create Key button to generate your private key file.

Name the file something like "Private Key File" (the default), and save it in the root folder for the SSL host (the WebSTAR folder or the host folder if you have a secondary IP host).

When the key file is created, the Key Generator will beep and allow you to click OK , then it will quit.

Make sure that the key file is in your WebSTAR folder: if it's not there, move it into that folder now.

Create the Certificate Signing Request

The Certificate Signing Request process requires that you supply an email address and certain identifying information, as described below.

Launch the CSR Utility application (in the Tools & Examples folder, SSL Tools folder).

Type the host name of your Web site in the "Common Name" field, for example:

www.entrust.com

Make sure that the Common Name you specify will be the actual host name of your SSL server--it will be encoded into the signed Certificate and cannot be changed later without purchasing a new Certificate. Furthermore, this host name should be the main "A name" entry for your machine on your DNS server. Your Certificate may have problems if you use an IP address or if the host name is a "CNAME" entry (DNS alias), for example. Contact your network administrator for guidance if necessary.

Type the name of your organization in the "Organization" field, for example: Entrust Inc.

Type the name of the department or other organization unit in the "Org Unit" field, for example: Support

You must enter something in the Org. Unit field.

Type the name of the city or town in which your organization is located in the "Locality" field, for example: Ottawa

Type the name of the state or province in which the organization is located in the "State/Province" field, for example: Ontario

Do not abbreviate the state or province name: spell it out as shown above.

Type a two-letter code for the country in which you are located in the "Country Code" field, for example:CA

Type the email address of the site's Webmaster or administrator in the "Email Address" field, for example: webmaster@domain.com

In the "Phone Number" field, type a phone number where the Certificate Authority can reach you, and type your fax number in the "FAX Number" field.

Click Choose and select the Private Key file you created. Once you select a private key file, the key file and the Certificate you will receive will be a signed Certificate pair, and cannot be separated.

If you lose the Private Key file and generate a new one, your Certificate will no longer match. You will have to send a request to the Certificate Authority for a new Certificate, which you may be charged for. For this reason, be sure to keep backup copies of your file in a secure location.

Enter the password required to access your public/private key pair (the password you entered when generating the key pair, as described in Generate a Key).

Click the Create button to generate your encrypted Certificate request form.

The application creates a file named Certificate Request by default. You can use that name or rename it.

Quit the CSR Utility program.

Take the CSR that was generated and submit to Entrust.

• New - Extended Validation SSL