An Authorization Contact must be a senior member of the organization that owns the domain and has the authority to request an Entrust SSL Certificate on behalf of the organization. This person will receive notification when the certificate is issued and is contacted if further information is required to process your request. Please record the name, address information, telephone number, official title, and email address of the authorization contact.
Please record the name, address information, company name, address, phone number and email address of the billing contact.
Certificate Signing Request
The Certificate Signing Request (CSR) is generated with your Web server software, and contains both the public key portion of your Web server’s key pair and the Distinguished Name (DN) of your Web server. Please follow the instructions provided in your Web server’s documentation to generate a CSR for each Entrust SSL Certificate you will require. Entrust also provides documentation for some of the popular web servers.
If an Internet Service Provider (ISP) hosts your Web server, the ISP can provide you with a Certificate Signing Request (CSR) or submit a request on your behalf. More about Certificate Signing Request.
Common Name (CN)
The Common Name (CN) is the fully qualified domain name of the Web server that will receive the certificate (e.g. www.entrust.com or buy.entrust.net). Do not include the protocol specifier (i.e., http:// or https://) or any port numbers or pathnames in the common name. Do not use wildcard characters such as ‘*’ or ‘?’, and do not use an IP address.
Most Web browsers will display a warning message when connecting to your Web site if the Web server’s fully qualified domain name does not match the common name in the certificate.
Distinguished Name (DN)
When you create your Certificate Signing Request (CSR), your Web server application will prompt you for information about your organization and your Web server. This information is used to create your Web server certificate’s Distinguished Name (DN).
If you are not sure of the ownership of your domain name as listed with the domain name registrar, you should look up this information before submitting your certificate request. The domain ownership information held by the domain name registrar must match the information contained within your application. This is one of the primary causes for application delays or rejection.
When you purchase any Entrust SSL Certificate or Certificate Service, you must provide a selection of information that will be used to: 1) verify that the organization is a legitimate organization operating under the name identified in the organization name in the certificate 2) verify the right of the organization to use the domain name included in the Certificate Signing Request (CSR) 3) verify the individual requesting the certificate (the Technical Contact) is in the employment of and is an authorized representative of the organization verified in Step 1. The Enrollment Guides can help you be prepared to provide the appropriate contact information. Different enrollment guides are available for various Entrust SSL Certificate products and services.
EV Multi-Domain SSL Certificates provide all the benefits of the Advantage SSL Certificates while following the new guidelines for validation defined by the CA/Browser Forum — providing Microsoft Internet Explorer 7 users with prominent new trust indicators like a green address bar.
Lifetime can refer to the lifetime of validity of an Entrust SSL Certificate (Standard and Advantage) or the lifetime of the service agreement you have with Entrust to manage an inventory of SSL Certificates.
New and Renew
Advantage SSL and Standard SSL certificates can be renewed through this online buy process. Existing Standard or Mutual SSL Certificate customers can upgrade their SSL certificate at renewal by renewing to an Advantage SSL certificate. If you would like to renew an Enhanced or Web Hoster service, please contact your Entrust representative.
Promotional Code/Purchase Order
If you have already purchased a block of certificates from your Entrust sales representative, you should have received an email with a purchase order number.
Server Gated Crypto (SGC)
Some SSL vendors may try to mislead you into purchasing “step-up” or server gated crypto (SGC) encryption certificates. It has been several years since U.S. Export Regulations were changed enabling 128-bit encryption browsers to be distributed outside the U.S. and Canada. According to industry collected data, approximately 99 percent of Web browsers in use today are capable of 128-bit and stronger encryption without the use of an SGC certificate. Server gated crypto is no longer required.
Self Signed Certificate Request (SSCR) for WAP
The Self-Signed Certificate Request (SSCR) contains your WAP server’s public key along with other information such as your server’s Distinguished Name (DN). You generate the SSCR using your WAP server software and submit it to Entrust in the online request form. When your request is approved, the data in the request is packaged into a certificate and signed by the Entrust Certification Authority (CA).
Follow the instructions in your WAP server’s documentation to generate a SSCR. When you fill in the online request form, paste the SSCR into the space provided. If your WAP server is hosted by an Internet Service Provider (ISP), the ISP will be able to provide you with a SSCR.
Secure Sockets Layer (SSL) technology is a security protocol that is today’s de-facto standard for securing communications and transactions across the Internet. SSL has been implemented in all major browsers and Web servers, and as such, plays a major role in today’s e-commerce and e-business activities on the Web.
The subject alternative names (SubjectAltName) extension allows one SSL certificate to be used to secure one Web server with multiple names (such as a different DNS name, IP address or URI). Alternatively, the SubjectAltName extension can be used to secure up to two virtual Web servers using the same SSL certificate.
SubjectAltName extension is a new feature for Entrust SSL Certificates and is available in Advantage SSL Certificates. When submitting the CSR (Certificate Signing Request), you have the option to provide an alternative identity to be bound to the subject of the certificate (i.e. valid domain name, IP address or URI). If you do not need this functionality, please leave the SubjectAltName field blank.
The Technical Contact is usually the person responsible for the daily operation of the Web server on which the Entrust SSL Certificate will be installed. The Technical Contact will receive the Entrust SSL Certificate when it is issued, and is notified about certificate renewals and updates. If your server is hosted by a third-party or ISP, someone within that organization should be listed as the technical contact. PLEASE NOTE: The location of the Technical Contact and where the SSL Certificate is delivered impacts the pricing of the SSL certificate. If your SSL Certificate is being deployed outside of the U.S., U.K., and Canada, the certificate will be charged international prices.
UC Multi-Domain SSL Certificates
Unified Communications (UC) Multi-Domain SSL Certificates enable security for the diverse communications protocols in new servers like Microsoft Exchange 2007 and Microsoft Office Communications Server (formerly Live Communications Server).
WAP (wireless application protocol) Server Certificates provide Web site identification and enable WTLS (Wireless Transport Layer Security) encryption between mobile devices, micro-browsers and servers that support the WTLS protocol.
Internet Service Providers (ISP) and Web Hosts have unique requirements to manage and control multiple Web servers and their associated SSL certificates while minimizing the costs and enabling delegated administration of client accounts. If you are purchasing more than five SSL services on behalf of another organization, you should request Entrust Cloud.