Thank you for your purchase of a new GeoTrust® SSL digital certificate.
By covering all eventualities, the following checklist ensures a swift and trouble-free enrolment. It is designed to rule out the most easily made user data-entry errors in the enrolment process.
If you are new to SSL, you will be pleased to know that in actuality the data to be supplied is limited; you will also find the steps to be followed straightforward.
If you have purchased an SSL certificate for your The Living Net® hosting plan, it is only a matter of supplying the information specified. TLN will apply the dedicated IP address, set-up SSL on your domain, generate the Certificate Signing Request (CSR), and, once issued, install and test the certificate. For the benefit of self-install clients, CSR instructions for each server platform, and other notes are also included here.
1. Company (or Personal) Details
Company (or personal) name, contact name, address and phone or fax numbers and e-mail.
2. Correct Domain for Certificate
The domain from which you wish to serve SSL-encrypted pages. Please be sure you understand the difference between the formats discussed here. An SSL certificate allows you to serve SSL pages to web users via the domain format you choose here.
www.yourdomain.com. This is most usual format and the best choice for most applications. It will allow web users to access (via SSL) pages in the directory (and its subdirectories, such as cgi-bin) that www.yourdomain.com points to on your server.
yourdomain.com. Another possible format, this usually refers to the very same web document directory as the previous choice but would mean that your SSL pages could only be called up by browsers under: https//yourdomain.com/etc. (True BusinessID® Wildcard users should always specify this format, though, as the name suggests, they will be actually be covered for all formats discussed here).
subdomain.yourdomain.com. Having your certificate refer to a subdomain will only allow SSL access to files in the directory (and subdirectories) that your chosen subdomain refers to and you will NOT be able to serve SSL pages in the formats
https//www.yourdomain.com/etc. or https//yourdomain.com/etc.
but ONLY via: https//subdomain.yourdomain.com/etc.
3. Certificate Approver E-mail
The type of e-mail address you will use to receive and approve the GeoTrust® verification e-mail. This is always based on the domain that the certificate is for:
The Living Net® Hosting Clients
If this certificate is for a TLN hosting package then simply choose email@example.com or firstname.lastname@example.org, all TLN accounts provide catchall e-mail. If your account is already set-up then test your chosen e-mail address as you will need it to approve the certificate. If your hosting is being set-up at the same time as this certificate then The Living Net® will take care of everything, just select email@example.com on the form.
If there is e-mail set-up on the domain, then you should select firstname.lastname@example.org or email@example.com. Send a test message to this address and check that you can receive it, you may need to create a mailbox for admin (or webmaster). Do not proceed until you can receive the test message.
Only if there is no e-mail set up on the domain, then you can use the administrative contact e-mail address for the domain in question, this will be presented to you as a possible choice when you reach the form, but you should only choose this option if the previous is not available. Please refer to the registrar or registry for you domain name, if you do not know what the administrative contact e-mail address is currently listed as.
If you are requesting a certificate on a subdomain (i.e. subdomain. yourdomain.com) then on top of the above two options, the form will present you with the option of selecting an e-mail address such as: firstname.lastname@example.org, choose this only if you have e-mail thus set-up and be sure to test the address.
4. Certificate Field Data
The data fields most commonly used to generate your CSR (Point 5) and also encoded in your certificate. You will also be asked for this data on the application form. Here are the most common fields and important tips on filling them in correctly.
Common Name. This is the domain for the certificate, exactly as discussed in point 2 of this checklist. Valid examples:
Organization. Your company name or a name you trade under (you cannot use: < > ~ ! @ ' , # $ % ^ * / \ ( ) ?.,& )' . Valid Examples:
Acme Trading Inc
Organization Unit. The department that your certificate relates to (you cannot use: < > ~ ! @ ' , # $ % ^ * / \ ( ) ?.,& ) ' . Valid examples:
City or Locality. Where your organisation is legally located (you cannot use: < > ~ ! @ ' , # $ % ^ * / \ ( ) ?.,& ) ' . Valid examples:
State or Province. The corresponding state or province (you cannot use: < > ~ ! @ ' , # $ % ^ * / \ ( ) ?.,& ) . Valid examples:
Cote d Azur
The ISO two-letter abbreviation for your country. Please refer to the following drop-down listing:
N.B. The correct code for the United Kingdom is GB (Not UK). Valid examples:
5. Certificate Signing Request (CSR)
The Living Net® Hosting Clients
Leave this blank. TLN will generate this for you, and install your certificate. however please be sure to meet all other requirements in this checklist, including having to hand the certificate data fields in point 4.
You or your provider will need to generate a Certificate Signing Request file on the server for the domain in question. A private key file will also be generated at the same time and will reside on your server. The domain itself should be already set-up and working and have it's own dedicated IP address for SSL to work correctly. Uninstall any previous certificates for the domain, before starting.
Select your server type from the drop-down menu for details on generating the CSR on the most popular web servers. Follow the instructions absolutely to the letter. You (or your provider) will need to use the certificate field data collected in point 4 of this checklist:
Once you have generated your CSR file on the server, keep it to hand, you will be required to cut and paste the text into the enrolment form. A valid CSR starts with the text: -----BEGIN CERTIFICATE REQUEST-----
and finishes with the text: -----END CERTIFICATE REQUEST-----
The starting and ending text should be included. If you do not see the starting and ending text as above then your csr is not acceptable. It may be in an encrypted form, refer to your server platform documentation.
Ready to Proceed
(True BusinessID® and True BusinessID® Wildcard only)
Because these two products involve more extensive identity checks of your organisation, it is advisable (though not mandatory) that you supply a D.U.N.S. number on the form. This is a worldwide free service provided to all business establishments by Dun and Bradstreet and will greatly improve the speed of issuing your certificate. For more information visit www.dnb.com and select your country from the right hand drop-down box. You will be given the chance to specify your D.U.N.S. number on the application form, though you may also leave it blank.
Avoiding Typical SSL Pitfalls(For New SSL Users)
The key to a swift and trouble-free SSL configuration is accuracy. If you take the necessary time to read all the above, and follow all instructions by the letter, and double-check all data you enter, you will find it extremely easy to accomplish the task of setting-up and installing your certificate.
One of the most usual misconceptions about SSL is that your site's SSL pages live in a special directory on the web server. This is not the case, they are pages exactly the same as any other files in your web documents directory (public_html or other) and you can place them anywhere, or in any subdirectory, where you store other documents and files. The only difference is in the manner that they are called by links in other pages and the user's browser (i.e. https//www.yourdomain.com/etc).
If you are planning to run a CGI script or PHP application, such as when securing an e-commerce application order form, it is always a good idea to check with the application's makers, they most likely have a set of recommendations.
Finally, make sure, when serving web pages via SSL, that you are not referencing any images or other files by absolute links (http://etc). Otherwise the browser will be calling up some files via http and not via https, which produces an error. By using relative links, the same files are called up via SSL, just as the browser expects.