Sunday, July 22, 2007

Digital Certificate Enrollment

Step by Step Overview

During the enrollment process, you will need the following information:

  1. The length of time you require the certificate to be valid (up to 3 years for some certificates)
  2. The number of servers hosting a single domain (up to 5 servers)
  3. The server platform
  4. The organization, organizational unit, country, state or locality
  5. Payment information and a billing contact
  6. The common name. the host + domain name such as “www.company.com” or “company.com”
  7. An email and telephone number where VeriSign can reach you to validate the information
  8. A CSR generated from the server you need to secure

Once VeriSign has validated the information provided, you will receive an email with installation instructions and a text file containing your approved SSL Certificate.

Authentication and Verification

Upon completion of the enrollment process, Verisign will authenticate your certificate application to verify that your organization exists and is registered with the proper government authorities. VeriSign will confirm that:

  • The Organization has a valid registration
  • The Organization owns/has rights to use the domain name listed in the common name field of the Certificate Signing Request (CSR)
  • The Corporate Contact is employed by or associated with the organization listed in the distinguished name
  • The Corporate Contact is aware of the certificate request
  • The Technical Contact listed is authorized to obtain the SSL Certificate

The steps taken to verify the above information differs by certificate type. For example, Extended Validation SSL Certificates require VeriSign to confirm that the Corporate Contact is authorized by the organization to approve and request EV SSL Certificates, that the Technical Contact has the authority to obtain the SSL Certificate, and confirm the physical address of the organization.

Name Information

The organization name submitted with the CSR must match the business registration certificate for the organization. In the case of EV SSL Certificates, the country, state and locality must match the location where the organization is registered. For example, VeriSign is a corporation registered in Delaware, therefore, the CSR for EV SSL Certificates must list Delaware not California where the servers may be located.

Correct Formatting

Do not use any shift characters in any of the enrollment fields. If your company has an & or @ symbol in its name, you must spell out the symbol or omit it in the enrollment field. An error 105 in CSR generation is usually caused by a Control character such as @, #, $, or % in one of the enrollment fields.

The locality is the city or town. State or province names must be spelled out without abbreviations, “California,” for example. Countries must be specified by the two-letter country code without punctuation: US for the United States, CA for Canada, etc.

Common Name

The Common Name is the Host + Domain Name. It looks like "www.company.com" or "company.com".

VeriSign SSL Certificates can only be used on Web servers hosting the Common Name specified during enrollment. For example, an SSL Certificate for the domain "domain.com" will receive a warning if accessing a site named "www.domain.com" or "secure.domain.com", because "www.domain.com" and "secure.domain.com" are different from "domain.com".

1 comment:

Unknown said...

I was not familiar with this process but this article gave me a clear idea about how one can obtain digital certificates. With the help of this information I learn about the documents which are needed in this process.
digital certificate

Topics