SSL Enrolment Guide V2.0 Renewal Enrolment... · Bit key length should be 2048. Starting 1 January...

Netrust SSL Web Server Certificate

Renewal Application – Enrolment Guide

Updated: September 2010

Version: 2.0

Netrust Pte Ltd 70 Bendemeer Road

#05-03 Luzerne Singapore 339940

Tel: (65) 6212 1388 Fax: (65) 6212 1366

www.netrust.net Co. Reg. No. 199702368H

_________________________________________________________________________________________________ Copyright © 2008 by Netrust Pte Ltd. All rights reserved. 2

Table of Contents

1 Introduction 3 2 Requirements 3 3 Launching Netrust SSL Web Server Certificate Application Website 3 4 Entering the Promotional Code 4 5 Review all information before proceeding 5 6 Prepare your Proof of Right 6 7 Inputting the CSR and Password 7

a. Guidelines for creating CSR 8

b. Sample CSR 8

c. Web Server Type Selection 9 8 CSR and Domain Information Check 10 9 Provide Contacts 11 10 Contact Information Confirmation 12 11 Subscription Agreement 13 12 Review Supplied Information 14 13 Confirmation of Application 15 14 Telephone and Email Support 15 Annex A 16



Tel: (65) 6212 1388 Fax: (65) 6212 1366



1 Introduction

This guide provides instructions on the application for a Netrust SSL Web Server Certificate.

It is assumed that you are familiar with the Windows environment.

2 Requirements

Please ensure you have the following items before you start with the application:

• A Certificate Signing Request (CSR) Learn how to generate a CSR from your web server at http://www.entrust.net/ssl-technical/webserver.cfm

• Promotional Code obtained from Netrust Pte Ltd via email • Details of the Authorising, Technical and Billing Contacts

3 Launching Netrust SSL Web Server Certificate

Application Website

• Ensure that you are connected to the Internet • Browse Netrust SSL Web Server Certificate Application Website at

https://ssl.netrust.net/ssl.



Tel: (65) 6212 1388 Fax: (65) 6212 1366



4 Entering the Promotional Code

• Key in the “Promotional Code” into the text box provided and click “Submit”.



Tel: (65) 6212 1388 Fax: (65) 6212 1366



5 Review all information before proceeding

• Your promotional code has been verified, enter the Domain Name which you are renewing and the password used during the previous enrolment.

• Click “Submit” to get a list of the certificates in our database that matches the domain name and password.

• On this screen you will see a list of certificates that match the domain name and password you provided, please select the certificate that you want to renew.

Please note: If you have more than one certificate for the same domain name, kindly select the certificate with the latest date of expiry.



Tel: (65) 6212 1388 Fax: (65) 6212 1366



6 Prepare your Proof of Right

• Please refer to Annex A of this Enrolment Guide for the documents needed as your Proof of Right. Submit the documents after registering the promo code. (Only applicable to companies outside of Singapore)

• Click “Proceed to Step 2” to proceed with the enrolment.



Tel: (65) 6212 1388 Fax: (65) 6212 1366



7 Inputting the CSR and Password

• Copy and paste the CSR (the following page will show an example of a CSR) onto “Certificate Signing Request” box.

• Key in a “Password” which you will be using during your next renewal. • Key in the same password to confirm.

(Note: Do not forget your password as you will be asked for this upon renewal)

• Click on the drop down menu to select the “Server Type” which you are using. Please refer to Section 7(c) for example of Server Type drop down menu.

• Click “Proceed to check CSR” to continue.



Tel: (65) 6212 1388 Fax: (65) 6212 1366



a. Guidelines for creating a CSR For creating a new CSR, please use the following guidelines:

1. Do not use special characters in the challenge or revocation passphrase (if applicable). The following characters are unsupported:

".,;-@#$%^&!*)(-+=<>?/: 2. Do not use the following characters in the common name field of the CSR as

they are unsupported: "_,;@#$%^&!*)(+=<>?/:

3. Bit key length should be 2048. Starting 1 January 2011, Entrust will no longer be able to accept any Certificate Signing Requests with 1024 bit key sizes.

4. CSR should be in Base64 (pem) encoded format. Some FTP and text editor programs might corrupt the format.

b. Sample CSR Only copy and paste the content highlighted.

Do not include any spaces before or after the CSR, and remember to include the "----BEGIN CERTIFICATE REQUEST----- " and "----- END

CERTIFICATE REQUEST-----" lines.



Tel: (65) 6212 1388 Fax: (65) 6212 1366



c. Web Server Type Selection Click on the drop down menu to display the list of server types. Then select the server type used. Server Type information is needed for reference purposes only. If your server is not in the list, you may select the closest option or “Others”.



Tel: (65) 6212 1388 Fax: (65) 6212 1366



8 CSR and Domain Information Check

• The displayed information is extracted from the CSR, please ensure that all details are correct. If any of the information is incorrect, a new CSR needs to be generated to be used to request for the SSL Web Server Certificate.

Note: Ensure that the organization field (O=) in the CSR matches the legally registered name of the organization for which you are requesting the certificate for (authorising contact’s organization).

• If everything is correct, click “Proceed to Step 3” to go to the next step.



Tel: (65) 6212 1388 Fax: (65) 6212 1366



9 Provide Contacts

• Key in all required information in the text box provided. Please do not leave any field blank.



Tel: (65) 6212 1388 Fax: (65) 6212 1366



Note: The “Technical Contact” and “Authorising Contact” must be different individuals. Email addresses must not be a group or generic email.

• If you are applying on behalf of another organization, the “Authorising Contact” MUST be a representative from the domain owner’s company.

• Please refer to Annex A if you are applying on behalf of your customer. • Once completed, click “Verify Information” to proceed.

10 Contact Information Confirmation

• Ensure all the details entered are correct. Click “Previous Step” to make any amendments.

• If everything is correct, click “Proceed to Step 4” to go to the next step.



Tel: (65) 6212 1388 Fax: (65) 6212 1366



11 Subscription Agreement

• Read through the subscription agreement and once you agree, click on the check box “I have read and agreed with this agreement”.

• Then click on “Proceed to Step 5” to go to the next step.



Tel: (65) 6212 1388 Fax: (65) 6212 1366



12 Review Supplied Information

• Please click “Submit Order” if you no longer need to make any amendments on all the information provided.



Tel: (65) 6212 1388 Fax: (65) 6212 1366



13 Confirmation of Application

• Confirmation page indicates you have successfully enrolled the promo code and your application will be processed.

• A “Tracking ID” is given to monitor the progress of your order. • Your order will be processed within 2-5 working days. When the verification is

complete, the Authorising and Technical Contacts will receive an email containing the certificate from Netrust.

14 Telephone and Email Support

• Netrust provides helpdesk support during office hours from Mondays to Fridays, 9:00am – 5:30pm GMT +08:00. Contact us at (+65) 62121388. Email support is also available at [email protected].



Tel: (65) 6212 1388 Fax: (65) 6212 1366



ANNEX A



Tel: (65) 6212 1388 Fax: (65) 6212 1366



Proof of Right Documents and Authorisation Letter Case 1: If you are applying on behalf of a Private Company, Society or

Government Agency We need A copy of Authorisation Letter (Template 1) Case 2: If you are a Private Company based in Singapore applying on your own We need A copy of the Company Registration which we can retrieve from

Accounting and Corporate Regulatory Authority online Case 3: If you are a Society based in Singapore applying on your own We need A copy of the Society’s Registration which we can retrieve from Registry

of Societies online Case 4: If you are a Government Agency applying on your own We need A copy of the registration details of the entity which we can obtain online

from Unique Entity Number Case 5: If you are applying on behalf of a Private Company based outside of

Singapore We need (a) A copy of your Company’s Business/Company Registration Certificate

(b) A copy of Authorisation Letter (Template 1) Case 6: If you are applying on behalf of a Government Agency outside of

Singapore We need A copy of the Authorisation Letter (please use Template 1) Case 8: If you are a Private Company based outside of Singapore applying on

your own We need A copy of your Company’s Business/Company Registration Certificate Please email the required documents to [email protected] or send them via fax to (65) 62121366. Authorisation and Technical Contacts If you are applying on behalf of another company (i.e. domain owner), appoint the applicant as the technical contact. This person will be in-charge of the pre-certificate application / certificate application / any post processes e.g. certificate installation. Appoint a representative from the domain owner’s company as the authorising contact. Authorising and technical contacts must be different individuals.



Tel: (65) 6212 1388 Fax: (65) 6212 1366



Other important information

1. Supported web server, CSR generation and installation instructions: http://www.entrust.net/ssl-technical/webserver.cfm

2. Supported web browser:

http://www.entrust.net/ssl-technical/browsers/index.cfm

3. Subscriber Agreement: http://www.entrust.net/buy/pdf/subscription_agreement_20080418.pdf

4. SSL provides a secure channel for data transmission. Additionally, it also

provides server verification.

5. Certificate signed by Entrust will be trusted by the browser upon installation of the chain certificate which is issued to the applicant together with the server certificate.

6. The web addresses (cn=) are tied to the certificate 7. DNS poisoning will redirect the traffic to another webpage that is insecure. It

cannot be secured since all CAs verify the owner of the site address (e.g. www.netrust.net) before issuing the certificate tied to the web address. Even if the hacker tries to create his own self-signed certificate that looks similar to the authentic site, the certification path does not originate from a trusted CA and hence the browser will prompt user with an error message

8. There are only 4 ways to compromise the trust

a. Loss of PKCS#12 package by administrator (that includes the private key) b. Server has been compromised c. Client’s machine is compromised by trojans that populate the un-trusted CA to the trusted CA certificate store d. Web browser is buggy and has been compromised by malicious web application.

What happens after you finish Online Enrolment?

1. When you have submitted your SSL online enrolment application, Netrust SSL Support will receive your application and it will be pending for verification.

2. Netrust SSL Support will send an email to the Authorising Contact to confirm employment of the person indicated as the Technical Contact. This is a simple process done purely via email. Hence, please kindly check your email promptly to avoid any delay in your application.

3. Verification of your SSL application takes about 2-5 working days. 4. When the SSL Certificate is ready, Netrust SSL Support will send an email to the

authorising and technical contacts containing the certificate.



Tel: (65) 6212 1388 Fax: (65) 6212 1366



Each Standard server certificate comes with a one-time replacement within a period of 30 days starting from the original issuance date. If you require a replacement after thirty days, you must purchase a new certificate. Please note: Promotional Code has a validity of 3 months from the date of issuance. Extension or replacement of Promotional Code is strictly not permitted.



Tel: (65) 6212 1388 Fax: (65) 6212 1366



Template 1 – Authorisation Letter for Applying On Behalf of Organisation

- - - PRINT THIS LETTER ON AUTHORISING CONTACT’S COMPANY

LETTERHEAD - - -

[Date] To: Netrust Pte Ltd Verification Officer 70 Bendemeer Road, #05-03, Luzerne, Singapore 339940 FAX: (65) 6212 1366 RE: APPLICATION FOR WEB SERVER CERTIFICATE I, [Name of Authorising Contact], approve the acquisition(s) of a limited right to use one or more Entrust SSL Web Server certificate(s) (including any renewal certificates) on behalf of [Authorising Contact’s Company] ("Subscriber"). I represent and warrant that: -

1. I am duly authorized to bind Subscriber to the terms and conditions of the Entrust SSL Certification Practice Statement available on the internet at http://www.entrust.net/about/practices.cfm and the Entrust SSL Web Server Certificate Subscription Agreement at http://www.entrust.net/buy/pdf/sslsubagree011405.pdf (collectively the “Terms”);

2. Subscriber hereby agrees to the Terms; and 3. Subscriber has sufficient legal power, corporate or otherwise, to enter into such

agreements. I acknowledge that an Entrust digital certificate may be used to bind Subscriber in electronic commerce transactions and that the protection of the Subscriber's private keys associated with an Entrust digital certificate is solely the responsibility of Subscriber.

I authorize [Name of Technical Contact] from [Technical Contact’s Company] to request one or more certificate(s) for [Domain Name] on our behalf (including any renewal certificates), and to act as a technical contact on my behalf in respect of such certificate. IN WITNESS WHEREOF, I have executed this authorisation letter. Yours Sincerely, [Name of Authorising Contact] [Designation]

SSL Enrolment Guide V2.0 Renewal Enrolment... · Bit key length should be 2048. Starting 1 January...

Documents

Transcript of SSL Enrolment Guide V2.0 Renewal Enrolment... · Bit key length should be 2048. Starting 1 January...