• No results found

Netrust SSL Web Server Certificate New Application Enrolment Guide

N/A
N/A
Protected

Academic year: 2021

Share "Netrust SSL Web Server Certificate New Application Enrolment Guide"

Copied!
19
0
0

Loading.... (view fulltext now)

Full text

(1)

Netrust SSL Web Server Certificate

New Application – Enrolment Guide

Updated: September 2010 Version: 2.0

(2)

Table of Contents

1 Introduction 3

2 Requirements 3

3 Launching Netrust SSL Web Server Certificate Application Website 3

4 Entering the Promotional Code 4

5 Review all information before proceeding 5

6 Confirmation of your Proof of Right 5

7 Inputting the CSR and Password 6

a. Guidelines for creating CSR 7

b. Sample CSR 7

c. Web Server Type Selection 8

8 CSR and Domain Information Check 9

9 Provide Contacts 10

10 Contact Information Confirmation 11

11 Subscription Agreement 12

12 Review Supplied Information 12

13 Confirmation of Application 14

14 Telephone and Email Support 14

(3)

1

Introduction

This guide provides instructions on the application for a Netrust SSL Web Certificate

It is assumed that you are familiar with the Windows environment.

2

Requirements

Please ensure you have the following items before you start with the application:

• A Certificate Signing Request (CSR)

Learn how to generate a CSR from your web server at

http://www.entrust.net/ssl-technical/webserver.cfm

• Promotional Code obtained from Netrust Pte Ltd via email • Details of the Authorising, Technical and Billing Contacts

3

Launching Netrust SSL Web Server Certificate

Application Website

• Ensure that you are connected to the Internet

• Browse Netrust SSL Web Server Certificate Application Website at

(4)

4

Entering the Promotional Code

(5)

5

Review all information before proceeding

• Your promotional code has been verified. Click “Proceed to Step 1” to

proceed with the enrolment.

6

Prepare your Proof of Right

• Please refer to Annex A of this Enrolment Guide for the documents needed

as your Proof of Right. Submit the documents after registering the promo code. (Only applicable to companies outside of Singapore)

(6)

7

Inputting the CSR and Password

• Copy and paste the CSR (the following page will show an example of a CSR)

onto “Certificate Signing Request” box.

• Key in a “Password” which you will be using during your next renewal. • Key in the same password to confirm.

(Note: Do not forget your password as you will be asked for this upon renewal)

• Click on the drop down menu to select the “Server Type” which you are

using.

Please refer to Section 7(c) for example of Server Type drop down menu.

(7)

a. Guidelines for creating a CSR

For creating a new CSR, please use the following guidelines:

1. Do not use special characters in the challenge or revocation passphrase (if applicable). The following characters are unsupported:

".,;-@#$%^&!*)(-+=<>?/:

2. Do not use the following characters in the common name field of the CSR as they are unsupported:

"_,;@#$%^&!*)(+=<>?/:

3. Bit key length should be 2048. Starting 1 January 2011, Entrust will no longer be able to accept any Certificate Signing Requests with 1024 bit key sizes. 4. CSR should be in Base64 (pem) encoded format. Some FTP and text editor

programs might corrupt the format. b. Sample CSR

Only copy and paste the content highlighted.

Do not include any blank spaces before or after the CSR, and remember to include the "----BEGIN CERTIFICATE REQUEST--- " and "--- END

(8)

c. Web Server Type Selection

Click on the drop down menu to display the list of server types. Then select the server type used. Server Type information is needed for reference purposes only. If your server is not in the list, you may select the closest option or “Others”.

(9)

8

CSR and Domain Information Check

• The displayed information is extracted from the CSR, please ensure that all

details are correct. If any of this information is incorrect, a new CSR needs to be generated to be used to request for SSL Web Certificate.

Note: Ensure that the organization field (O=) in the CSR matches the legally registered name of the organization for which you are requesting the certificate for (authorising contact’s organization).

(10)

9

Provide Contacts

• Key in all required information in the text box provided. Please do not leave

(11)

Note: The “Technical Contact” and “Authorising Contact” must be different individuals. Email address for the Authorising contact must not be a group or generic email.

• If you are applying on behalf of another organization, the “Authorising

Contact” MUST be a representative from the domain owner’s company.

• Please refer to Annex A if you are applying on behalf of your customer.

• Once completed, click “Verify Information” to proceed.

10 Contact Information Confirmation

• Ensure all the details entered are correct. Click “Previous Step” to make any

amendments.

(12)

11 Subscription Agreement

• Read through the subscription agreement and once you agree, click on the

check box “I have read and agreed with this agreement”.

(13)

12 Review Supplied Information

• Please click “Submit Order” if you no longer need to make any amendments

(14)

13 Confirmation of Application

• Confirmation page indicates that you have successfully enrolled the promo

code and your application will be processed.

• A “Tracking ID” is given to monitor the progress of your order.

• Your certificate will be processed within 2-5 working days. Once your

application is approved, the Authorising and Technical Contact will receive an email with the certificate from Netrust.

14 Telephone and Email Support

• Netrust provides helpdesk support during office hours from Mondays to Fridays, 9:00am – 5:30pm GMT +08:00. Contact us at (+65) 62121388. Email support is also available at sslsupport@netrust.net.

(15)
(16)

Proof of Right Documents and Authorisation Letter

Case 1: If you are applying on behalf of a Private Company, Society or Government Agency

We need A copy of Authorisation Letter (Template 1)

Case 2: If you are a Private Companybased in Singapore applying on your own We need A copy of the Company Registration which we can retrieve from

Accounting and Corporate Regulatory Authority online

Case 3: If you are a Society based in Singapore applying on your own

We need A copy of the Society’s Registration which we can retrieve from Registry of Societies online

Case 4: If you are a Government Agency applying on your own

We need A copy of the registration details of the entity which we can obtain online from Unique Entity Number

Case 5: If you are applying on behalf of a Private Company based outside of Singapore

We need (a) A copy of your Company’s Business/Company Registration Certificate (b) A copy of Authorisation Letter (Template 1)

Case 6: If you are applying on behalf of a Government Agency outside of Singapore

We need A copy of the Authorisation Letter (please use Template 1)

Case 8: If you are a Private Company based outside of Singapore applying on your own

We need A copy of your Company’s Business/Company Registration Certificate Please email the required documents to sslsupport@netrust.net or send them via fax to (65) 62121366.

Authorisation and Technical Contacts

If you are applying on behalf of another company (i.e. domain owner), appoint the applicant as the technical contact. This person will be in-charge of the pre-certificate application / certificate application / any post processes e.g. certificate installation. Appoint a representative from the domain owner’s company as the authorising contact. Authorising and technical contacts must be different individuals.

(17)

Other important information

1. Supported web server, CSR generation and installation instructions:

http://www.entrust.net/ssl-technical/webserver.cfm

2. Supported web browser:

http://www.entrust.net/ssl-technical/browsers/index.cfm

3. Subscriber Agreement:

http://www.entrust.net/buy/pdf/subscription_agreement_20080418.pdf

4. SSL provides a secure channel for data transmission. Additionally, it also provides server verification.

5. Certificate signed by Entrust will be trusted by the browser upon installation of the chain certificate which is issued to the applicant together with the server certificate.

6. The web addresses (cn=) are tied to the certificate

7. DNS poisoning will redirect the traffic to another webpage that is insecure. It cannot be secured since all CAs verify the owner of the site address (e.g.

www.netrust.net) before issuing the certificate tied to the web address. Even if the hacker tries to create his own self-signed certificate that looks similar to the authentic site, the certification path does not originate from a trusted CA and hence the browser will prompt user with an error message

8. There are only 4 ways to compromise the trust

a. Loss of PKCS#12 package by administrator (that includes the private key) b. Server has been compromised

c. Client’s machine is compromised by trojans that populate the un-trusted CA to the trusted CA certificate store

d. Web browser is buggy and has been compromised by malicious web application.

What happens after you finish Online Enrolment?

1. When you have submitted your SSL online enrolment application, Netrust SSL Support will receive your application and it will be pending for verification.

2. Netrust SSL Support will send an email to the Authorising Contact to confirm employment of the person indicated as the Technical Contact. This is a simple process done purely via email. Hence, please kindly check your email promptly to avoid any delay in your application.

3. Verification of your SSL application takes about 2-5 working days.

4. When the SSL Certificate is ready, Netrust SSL Support will send an email to the authorising and technical contacts containing the certificate.

(18)

Each Standard server certificate comes with a one-time replacement within a period of 30 days starting from the original issuance date. If you require a replacement after thirty days, you must purchase a new certificate.

Please note:

Promotional Code has a validity of 3 months from the date of issuance. Extension or replacement of Promotional Code is strictly not permitted.

(19)

Template 1 – Authorisation Letter for Applying On Behalf of Organisation - - - PRINT THIS LETTER ON AUTHORISING CONTACT’S COMPANY

LETTERHEAD - - - [Date]

To: Netrust Pte Ltd Verification Officer

70 Bendemeer Road, #05-03, Luzerne, Singapore 339940

FAX: (65) 6212 1366

RE: APPLICATION FOR WEB SERVER CERTIFICATE

I, [Name of Authorising Contact], approve the acquisition(s) of a limited right to use one or more Entrust SSL Web Server certificate(s) (including any renewal certificates) on behalf of [Authorising Contact’s Company] ("Subscriber").

I represent and warrant that: -

1. I am duly authorized to bind Subscriber to the terms and conditions of the Entrust SSL Certification Practice Statement available on the internet at

http://www.entrust.net/about/practices.cfm and the Entrust SSL Web Server Certificate Subscription Agreement at

http://www.entrust.net/buy/pdf/sslsubagree011405.pdf (collectively the “Terms”); 2. Subscriber hereby agrees to the Terms; and

3. Subscriber has sufficient legal power, corporate or otherwise, to enter into such agreements. I acknowledge that an Entrust digital certificate may be used to bind Subscriber in electronic commerce transactions and that the protection of the Subscriber's private keys associated with an Entrust digital certificate is solely the responsibility of Subscriber.

I authorize [Name of Technical Contact] from [Technical Contact’s Company] to request one or more certificate(s) for [Domain Name] on our behalf (including any renewal certificates), and to act as a technical contact on my behalf in respect of such certificate.

IN WITNESS WHEREOF, I have executed this authorisation letter.

Yours Sincerely,

[Name of Authorising Contact] [Designation]

References

Related documents

A SSL certificate valid for the back-end IP address (or domain name if the back-end server has a domain name) will be created using openSSL in the directory of the Ciphermail

i) Certificate of Incorporation of the Company or (as appropriate) Certificate evidencing Change of Name of Company or Certificate of Registration for inspection and return.

Request for New UConn Certificate Program Program information Name of certificate program: Special Education Transition to Adulthood (Online Graduate Certificate) Name

In our web application you should enter the certificate from the steps if you are signed ssl folder par godaddy cert without any configuration file access my godaddy ssl

Domains Because SSL certificates are tied to submit domain names you use simply pay an SSL certificate you registered with reverse domain send to a server for numerous different

City, State, Zip - print city, state and zip code of software company Contact Name(s) - print contact name(s) for the software company Telephone # - print telephone number

Step 6 Select the SSL certificate that you wish to install from the Certificate menu. Note: If no certificates are listed on this screen, your domain name

Administrative and Technical contacts are authorized to request service changes or information, including the contact name, contact e-mail address and contact phone number