上一篇  |  下一篇
WEB服务器
SSL certificates support

SSL certificates support

1. Generate a Certificate Signing Request (CSR)

2. SSL Certificates Support - Enrollment

3. Installation Instructions for SSL Certificates

4. Export (or Backup) a Certificate

1. Generate a Certificate Signing Request (CSR)

Description

Before you purchase an SSL Certificate, you need to generate a Certificate Signing Request (CSR) for the server where the certificate will be installed. Select CSR generation instructions for your server software. If your server is not listed or you need additional information, refer to your server documentation or contact your server vendor. If you do not know what software your server uses, contact your technical support.

 
Instructions for Financial Certificates
 
If you plan to purchase a Financial or OFX Certificate, follow instructions from these supported vendors: Generate a CSR for OFX Certificates.
 
Instructions for All Other SSL Certificates

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 


2. SSL Certificates Support - Enrollment

Description

VeriSign is the most trusted mark on the Internet

  • VeriSign secures more than one million Web servers worldwide, more than any other Certificate Authority.
  • The world’s 40 largest banks and over 93% of Fortune 500 companies choose VeriSign SSL Certificates.
  • Over 75% of Web sites using Extended Validation SSL choose VeriSign, including biggest names in e-commerce and banking.

 

Step-by-Step OverviewTo enroll for any of VeriSign’s SSL Certificate services, you will need the following information:

  1. The length of time for the certificate
  2. The number of servers hosting a single domain (up to 5 servers)
  3. The server platform
  4. The Organization, Organizational Unit, Locality/City, State and Country
  5. Payment information and a contact for invoicing
  6. The common name. This is the host + domain name such as “www.mydomain” or “webmail.mydomain.com”
  7. An email address where VeriSign can reach you to validate the information.
  8. A Certificate Signing Request (CSR) generated from the server you need to secure.

 

Authentication and Verification
Upon completion of the enrollment process, VeriSign will then proceed with the authentication process.  This requires that VeriSign can establish that your organization is legitimate, and is registered with the proper government authorities. Verification is the process of confirming that:

  • The Organization is still in business
  • The Organization owns/has rights to use the domain name listed in the common name field of the Certificate Signing Request (CSR)
  • The Corporate Contact works for the organization listed in the distinguished name
  • The Corporate Contact is aware of the certificate request
  • The Technical Contact listed is authorized to receive the Digital ID


Correct Formatting
Do not use any shift characters in any of the enrollment fields. If your company has an & or @ symbol in its name, you must spell out the symbol or omit it in the enrollment field.

The Certificate Signing Request (CSR) file should not contain any blank or trailing spaces.

  • Locality  -this field is the city or town the organization is located in. This field should be spelled out completely
  • State - this field needs to be spelled out completely. For example, "California" or "New York".
  • Country - a two character country code needs to be used. For example, US for the United States, GB for the United Kingdom.


Common Name
The Common Name is the Host + Domain Name. It looks like "www.mydomain.com" or "mydomain.com".

VeriSign SSL certificates can only be used on Web servers using the Common Name specified during enrollment.

For example, an SSL certificate  issued for the domain "www.mydomain.com " will only function properly at "www.mydomain.com". If "mydomain.com" or "secure.mydomain.com' is used to access the site, a mis-match error will appear as the SSL certificate is specifically assigned to www.mydomain.com.

Begin Enrollment
To start the enrollment for an SSL Certificate, go to the VeriSign Product pages.

If you have a VeriSign Trust Center Account, please log in here

Once VeriSign has validated the information provided, you will receive an email with installation instructions.

 

3. Installation Instructions for SSL Certificates

Description

VeriSign offers multiple types of SSL Certificates that may include Server Gated Cryptography (SGC) and Extended Validation (EV) SSL options for the strongest levels of encryption and authentication respectively. 
 
The following information provides installation instructions for the SSL certificates listed below:
 
Secure Site
Secure Site Pro
Secure Site with Extended Validation
Secure Site Pro with Extended Validation
Financial SSL Certificate for OFX 
 
Intermediate Certification Authority (CA) Certificates 
 
Note: Customers using Microsoft IIS 5.0 or Higher servers typically do not need to download the Intermediate CA as it is included with the SSL certificate upon issuance if they seleceted in the purchase as server vendor: Microsoft IIS 5.0 or higher.
 
As of April 2006, all SSL certificates purchased through the VeriSign Web site require the installation of an Intermediate Certificate Authority (CA) Certificate. The SSL certificates are signed by an Intermediate CA using a two-tier hierarchy (also known as trust chain) which enhances the security of your SSL certificates.   
 
Easily find and download the Intermediate CA Certificate for your product here. 
 
 
Free Trial SSL Certificate 
 
Additional installation instructions are required for Free Trial SSL Certificates.  You need to:
 
1.  Install the Secure Site Trial Root CA Certificate on each browser that you will use to test your Trial SSL Certificate. 
 
2.  Install the Secure Site Trial Intermediate CA Certificate on each Web server you are testing with. 
 
 
To install your SSL Certificate, use the instructions listed for your server vendor below.

=================================================================
NEW INSTALLATION CHECKING TOOL! 

Ensure you have installed your certificate correctly       
=================================================================

 
                   Vendor

SSL Certificates

SSL with Extended Validation

  4D, Inc

   Webstar 4.x

   Additional information 

   Apache

   ApacheSSL mod_ssl

   BEA Systems

   WebLogic 6.0 
   WebLogic 8.1  

   WebLogic 8.1 Secure Site w/EV
   WebLogic 8.1 Secure Site Pro w/EV

   Cisco

   ACS 3.2

   Citrix Gateway

   Citrix Access Gateway 4.5.x

   Covalent

   Additional Information

   F5

   BIG-IP 
   BIG-IP 9

   IBM

   Websphere MQ  
   HTTP Server

   Lotus 

   Domino 5
   Domino 6 or 7
   Domino 8

   Microsoft

   Netscape

   iPlanet 4.x  
   iPlanet 6.x  

   iPlanet 6.x Secure Site w/EV
   iPlanet 6.x Secure Site Pro w/EV

   Netscreen

   ScreenOS

   Nortel

   SSL Accelerator

   Oracle   Oracle Wallet Manager   Oracle Wallet Manager

   Redhat

   Secure Web Server

   SonicWALL

   SSL Offloaders

   Sun

   Additional Information

   Sybase

   Additional Information

   Stronghold

   Stronghold

   Tomcat

   Tomcat

   Tomcat Secure Site w/EV
   Tomcat Secure Site Pro w/EV
       (keytool instructions)

   Zeus

   Zeus

 

4. Export (or Backup) a Certificate

Description

When you Export (backup) an SSL certificate, the system copies the private key into an encrypted file. The private key was created on the server when the Certificate Signing Request (CSR) was generated. Select the correct software vendor and version below for backup instructions.
 
IMPORTANT!   VeriSign highly recommends that you save the file to a diskette or CD and store it in a safe place 
 
 
 
Microsoft IIS Version 4.0
 
1.  Open the Microsoft Management Console: Start > Programs > Windows NT 4.0 Option Pack > Microsoft Internet Information Server > Internet Service Manager

2.  Right-click the Web site containing the certificate and select Properties

3.  Click the Directory Security tab

4.  In the Secure Communications section, click Edit

5.  Click Key Manager

6.  Select the key to export

7.  On the menu bar, select Key > Export Key > Backup File

8.  A message warns you about placing sensitive information in a file on your hard drive. Click OK

9.  Specify the name of the file that will hold the exported key. Click Save 
 
Microsoft IIS Version 5.0,  6.0 or 7.0
 
Step 1: Create a Microsoft Management Console (MMC) Snap-in for managing certificates
 
Create a Microsoft Management Console (MMC) Snap-in for managing certificates, as described in solution SO6127.
 
Step 2: Export the certificate
 
1.  Open the Certificates (Local Computer) snap-in you added, and select Personal > Certificates

2.  The Subject field of the certificate lists the Common Name (CN). (Click Tools > Internet Options > Content to view the Common Name if you are not sure)

3.  Right-click on the desired certificate and select All Tasks > Export. The Certificate Export Wizard opens
 
4.  Select Yes, export the private key

5.  Click Next

6.  In the Export File Format window, ensure the option for Personal Information Exchange  - PKCS#12 (.pfx) is selected

7.  Select Include all certificates in the certificate path if possible and then click Next. (If you do not select the Include all certificates in the certificate path if possible option, your server may not recognize the issuer of the certificate, which may result in security warnings for your clients.

8.  De-select Require Strong Encryption. (This may cause a password prompt every time an application attempts to access the private key or it may cause IIS to fail).

9.  Click Next

10.  Enter and confirm a password to protect the PFX file and click Next

11.  Choose a file name and location for the export file (do not include an extension in your file name; the wizard automatically adds the PFX extension for you)

12.  Click Next

13.  Read the summary and verify that the information is correct. Pay special attention to where you saved the file. Ensure that the information is correct

14.  Click Finish
 
Apache
 
1.  Locate the private key and certificate files. The following directives in the httpd.conf point to the location of the key and certificate files:
 
SSLCertificateFile ... /path/to/mycertfile.crt 

SSLCACertificateFile … /path/to/intermediate.crt

SSLCertificateKeyFile ... /path/to/mykeyfile.key
 
NOTE :  Depending on the version of Apache, the directive may be SSLCACertificateFile or  SSLCertificateChainFile and the configuration file may be httpd.conf or ssl.conf file. 
 
2.  Copy the .key file, both .crt files (one is the server certificate and the other is the intermediate CA certificate), and the httpd.conf file onto a diskette or CD.
 
<filename>.key – private key

<filename>.crt – server certificate

<filename>.crt – intermediate CA certificate

httpd.conf - Web server configuration file
 
iPlanet Version 4.0 and 6.0
 
1.  Locate the alias directory within the iPlanet directory

2.  Locate the files: https < server_name > cert7.db and https <server_name> key3.db

3.  Copy them.
 
IBM Websphere Server
 
1.  Type ikeyman on a command line on UNIX or start the Key Management utility in the IBM Websphere Server folder

2.  Select Key Database File from the main menu, and then select Open

3.  In the Open dialog box, type your key database name or click the key.kdb file if you are using the default. Click OK

4.  In the Password Prompt dialog box, type your password, and click OK

5.  Select Personal Certificates in the Key Database content frame, and then click the Export/Import button on the label

6.  In the Export/Import Key window, select Export Key

7.  Select the key database file type

8.  Type the file name or browse and select the location and file name, and then click OK

9.  In the Password Prompt dialog box, type the password, and then click OK

10.  In the Select from Key Label list, select the correct label name and click OK
 
Tomcat
 
1.  Navigate to the SSL Directory where the SSL Keystore is kept. By default this can be a hidden directory. For example: /root/.keystore

2.  Make a copy of the keystore file in this directory. This contains your Private and Public keys
此文章由 flyinweb 于 2010-08-25 11:10:06 编辑

本日志由 flyinweb 于 2010-08-25 10:47:20 发表,目前已经被浏览 4270 次,评论 0 次;

作者添加了以下标签: SSL certificates

引用通告:http://www.517sou.net/Article/511/Trackback.ashx

评论订阅:http://www.517sou.net/Article/511/Feeds.ashx

评论列表

    暂时没有评论
(必填)
(必填,不会被公开)