 |
|
SSL Certificates Support
|
CSR Generation Instructions- 4D Inc. Webstar 4.x Server
To generate a CSR,
you will need to create a key pair for your server. These two items
are a digital certificate key pair and cannot be separated. If you lose
your public/private key file or your password and generate a new one,
your SSL Certificate will no longer match. You will have to request
a new SSL Certificate and may be charged.
VeriSign recommends
that you contact the WebSTAR vendor for additional information.
Generate Key Pair
and CSR
- Launch the Key Generator application (in the Tools & Examples
folder, SSL Tools folder).
- Enter a password to protect your key. You will need it later to authorise
WebSTAR SSL to use your public/private key pair. Do not forget this
password! If you do, the private key cannot be recovered: there is no
"back door" to this security. Make sure that the password
is at least 8 characters long, includes letters, numbers and punctuation,
and is not a name or a word.
- Write the password down and store it in a secure place, such as a
safety deposit box. If you lose the password, you will have to purchase
a new certificate.
- Click the Create Key button to generate your private key file.
- Name the file something like "Private Key File" (the default),
and save it in the root folder for the SSL host (the WebSTAR folder
or the host folder if you have a secondary IP host).
- When the key file is created, the Key Generator will beep and will
allow you to click OK , then it will stop.
- Make sure that the key file is in your WebSTAR folder: if it is not
there, move it into that folder now.
- Launch the CSR Utility application (in the Tools & Examples folder,
SSL Tools folder).
- Click Choose and select the Private Key file you created. Once you
select a private key file, the key file and the Certificate you will
receive will be a signed Certificate pair, and cannot be separated.
- If you lose the Private Key file and generate a new one, your Certificate
will no longer match. You will have to send a request to the Certificate
Authority for a new Certificate, which you may be charged for. For this
reason, be sure to keep backup copies of your file in a secure location.
- Enter the password required to access your public/private key pair
(the password you entered when generating the key pair, as described
in Generate a Key).
- Click the Create button to generate your encrypted Certificate request
form.
- The application creates a file named Certificate Request by default.
You can use that name or rename it.
- Exit from the CSR Utility program.
- You have just created a key pair and a CSR.
- To copy and paste the information into the enrolment form, open the
file in a text editor that does not add extra characters (Notepad or
Vi are recommended).
- Go to Enrolment.
Terms Defined
Common Name
The Common Name
is the Host + Domain Name. It looks like "www.company.co.uk"
or "company.co.uk".
VeriSign certificates
can only be used on Web servers using the Common Name specified during
enrolment. For example, a certificate for the domain "domain.co.uk"
will receive a warning if accessing a site named "www.domain.co.uk"
or "secure.domain.co.uk", because "www.domain.co.uk"
and "secure.domain.co.uk" are different from "domain.co.uk".
Organisation Information
- If your company or department has an &, @, or any other symbol
using the shift key in its name, you must spell out the symbol or omit
it to enrol.
- The “Org Unit” field is the name of the department or organisation
unit making the request.
- The Locality field is the city or town name, for example: Guildford.
- Do not abbreviate the county name, for example: Surrey.
- Use the two-letter code without punctuation for country, for example:
GB.
Contact Information
During the verification
process, VeriSign may need to contact your organisation. Be sure to
provide an email address, phone number, and fax number that will be
checked and responded to quickly. These fields are not part of the certificate.
|
|
|
