SSL Certificates
What are they and how to create them here
Most web traffic is sent unencrypted. That is, anyone with access to the right tools can view most of the traffic that travels the Web. In some circumstances this can be undesirable, such as in credit card and bank transactions.
Where greater web data security is needed, the Secure Socket Layer (SSL) is used to encrypt the data stream between the server and the client (usually a web browser).
If it is true that SSL securely encrypts data travelling over the Internet, then why is a certificate necessary?
The simple answer is that it is NOT!
However, certificates are still useful: A certificate, signed by a trusted Certificate Authority (CA), is designed to ensure that the certificate holder is really who they claim to be. Without a trusted, signed certificate, your data may still be encrypted but you can't be sure who you are communicating with.
If you need a certificate then keep reading and find out more below.
Specifications for certificate requests
Enter the ISO short-name (2 letter) country ID here.
Valid inputs:
Enter two uppercase letters. Special characters (e.g. umlauts), digits and other special characters are disallowed and will result in an error message.
-
Examples:
- ' AU ' for Australia
- ' US ' for U.S.A.
Full official name of the region, state or province.
Valid inputs:
Alphanumeric characters (letters, country-specific letters and digits). Some additional special characters ('.', ' _ ', ' - ' and the blank) are allowed. NB: semicolon and some others are disallowed.
-
Examples:
- ' New South Wales '
- ' new jersey '
- ' Germany; Bathe ' results in error message because of semicolon
Valid inputs:
Alphanumeric characters (letters, country-specific letters and digits) and some special characters ('.', ' _ ', ' - ' and the blank) are allowed (NB: semicolon and some others are disallowed).
-
Examples:
- ' Sydney '
- ' Washington D.C. '
- ' Frankfurt a.d. Or '
- ' Frankfurt/Oder ' results in error message because of diagonal stroke
Name of the organisation (e.g. company, national authority, association etc..)
Valid inputs:
Alphanumeric characters (letters, country-specific letters and digits) and certain special characters ('.', ' _ ', ' - ' and the blank) are allowed (NB: semicolon and some others are disallowed).
-
Examples:
- ' Microshaft Inc. ' is permitted
- ' Karneval /Stimmungsverein ' results in error message because of diagonal stroke
Valid inputs
Alphanumeric characters (letters, country-specific letters and digits) and certain special characters ('.', ' _ ', ' - ' and the blank) are allowed (NB: semicolon and some others are disallowed).
-
Examples:
- ' IT Department '
- ' Network Services Division '
- ' information & communication ' results in error message because of & (Ampersand)
- ' Abbott 08/15 ' results in error message because of diagonal stroke
If you are registering a certificate for a server, then the Common Name MUST be the fully qualified domain name of that server.
Otherwise....
If the certificate is for electronic mail or client identity, the Common Name is usually the first name and surname of a person (your own name!).
Valid inputs
Alphanumeric characters (letters, country-specific letters and digits) and certain special characters ('.', ' _ ', ' - ' and the blank) are allowed (NB: semicolon and some others are disallowed).
-
Examples:
- ' www.secure.site.com' is a valid name for a server certificate.
- ' Elvis Presley ' is a valid name for a client certificate.
- ' Elvis, the large one ' results in error message because of the comma (irrespective of the bad grammar; -)
If your organization commonly uses a name contraction (for example, MS instead of Microsoft), then enter this here please. This may also be the well known initials of a person - e.g. HRH or FUBAR
Valid inputs
Enter up to a maximum of five (5) alphanumeric characters (letters, country-specific letters and digits).
-
Examples:
- ' KL ' is a valid specification
- ' a-dG ' results in error message because of the hyphen
NB: You MUST enter a valid E-Mail address. This certificate request will fail unless a valid email address is entered. The E-Mail address is checked for plausibility before the request is processed.
Valid inputs
All characters which are likely to be found in a valid email address are permitted. This includes are letters and special special characters ('@', '. ', ' = ', ' / ', ' - ', ' _ ' and the blank), but excluding country-specific characters such as umlaut.
-
Examples:
- ' michael@badexaple.com.au ' Won't work - it's not a registered domain name
- ' ben.venudo@to.no.where ' results in error message because of invalid Internet domain
For more exact identification, the specification of telephone and FAX numbers is sometimes helpful. This information is not required, and even if entered here, it will not be published.
Valid inputs:
Plus sign and numbers only. The numbers must be entered in standard international telephone number format (or an error message will be generated).
- +[CountryCode] [AreaCode] [LocalNumber]
The CountryCode may consist only of 2 digits.
-
Examples:
- ' +49 7219 6506 ' is valid
- ' +41 7219/9650 ' is invalid because of diagonal stroke
Valid inputs:
The name of a contact person is sometimes helpful. Alphanumeric characters (letters, country-specific letters and digits) and some special characters ('.', ' _ ', ' - ' and the blank) are allowed.
-
Examples:
- ' Michael Stroeder ' is a valid entry
- ' Bernie, at reception ' is invalid because of the comma
Enter the number of days from now, until the time this certificate will expire (e.g. valid for one year is 365 days!). The actual validity period is usually fixed by the Certification Authority as a matter of Policy .
This is the Challenge Secret or Initial Master Secret password. This is a password, which you have choose to use for communication with with the certification body. This is not always required but it does provide additional protection.
This is an optional password which you use to manage your certificate. This password protects against non-authorized recall of the certificate by third parties. This password is not displayed during input. In order to check for typing errors, the password must be input twice.
Enter the length of the RSA code. The RSA code is NOT the same as the certificate: The RSA key is used by some browsers when transmitting a certificate request to the server.
Note:
It is usually advisable to select the longest key available (usually 1024 bits).
The actual key length may depend on the browser version.
Because of U.S. regulations, some versions of Netscape navigator can only use RSA code with a maximum of 512 bits. Please visit these links for more information: www.fortify.net is worthwhile anyhow, and also ftp.replay.com .
Valid inputs:
Enter the key length (number of bits) used by the browser. For RSA code, possible values are 512 bits, 768 bits and 1024 bits.
Some types of certificates have a fixed minimum length. Please consult the local CA Policy documents for further information.