OmniRoot Certificate Center
>
Online Helpdesk
>
SSL Server Certificate FAQ's
Does Cybertrust provide test server certificates?
At the moment, Cybertrust does not provide test SureServer SSL certificates.
Does a user need the Cybertrust root certificate to access information securely on a secure server?
If users don't have the Cybertrust root certificate installed and they go to a server secured with a Cybertrust SSL certificate, the browser will ask them if they will trust certificates issued by Cybertrust. If they answer yes, the Cybertrust root certificates will be installed automatically. If they answer no, they can still choose to accept the secure session they are about to start but the next time they will receive the exact same question from their browser.
Does a user need his own personal certificate to access information securely on a webserver?
The user doesn't necessarily need his own personal certificate to have access to a secure server. However, the secure server can be configured to explicitly ask for the user to select and present a personal certificate before entering a certain page. This is an extra feature of Secure Socket Layer (SSL) v3. In this way, the SSL server also has an idea of who is accessing the site, and can decide whether or not to let that person access certain information.
How do I install the Cybertrust Root Certificate on my webserver?
Download the GTE CyberTrust Global Root.
The procedure on how to install the root certificate in a web server software will depend on the brand, product and version. Please see your manual for this.
You might have to install the full chain of Cybertrust roots, they can be found here:
Certificates issued after 23rd April 2007
- GTE CyberTrust Global Root
- Cybertrust SureServer Standard Validation CA
Certificates issued before 23rd April 2007
- GTE CyberTrust Global Root
- Cybertrust SureServer CA
Which fields are allowed in a request for a SureServer SSL certificate?
|
Common Name
|
= mandatory
|
|
Country Name
|
= mandatory
|
|
Email Address
|
= optional
|
|
Locality Name
|
= optional
|
|
Organization Name
|
= mandatory
|
|
Organizational Unit Name
|
= optional
|
|
State or Province Name
|
= optional
|
|
Domain Component
|
= optional
|
|
Street Address
|
= optional
|
* Do not use blank fields in your csr, if you do not wish a field to be in your certificate, do not create this field in your CSR. eg "Locality= " will result in our system refusing your request.
Which fields are allowed in a request for a SureServer EV SSL certificate?
|
Common Name
|
= mandatory
|
|
Country Name
|
= mandatory
|
|
Locality Name
|
= mandatory
|
|
Organization Name
|
= mandatory
|
|
Organizational Unit Name
|
= optional
|
|
State or Province Name
|
= optional
|
|
Domain Component
|
= optional
|
|
Street Address
|
= optional
|
|
Serialnumber
|
= optional
|
|
Jurisdiction Of Incorporation Country Name
|
= mandatory
|
|
Jurisdiction Of Incorporation State
|
= optional
|
|
Jurisdiction Of Incorporation
|
= optional
|
|
Unstructured Name
|
= optional
|
* Do not use blank fields in your csr, if you do not wish a field to be in your certificate, do not create this field in your CSR. eg "Locality= " will result in our system refusing your request.
How do I (as user) verify I have accessed a trusted secure server?
If you access a server secured with a GlobalSign SSL certificate, you will see a padlock at the bottom of your browser. If you click on it, you will see the details of the server's SSL certificate.
How can I have 128 bits encryption key length for SSL when using Windows 2000 with IIS 5.0?
Upgrade to Strong Encryption Pack for Windows 2000, here is the URL for Installing it:
http://www.microsoft.com/windows2000/downloads/recommended/encryption/default.asp
.
Which webservers are compatible with Cybertrust's Secure Server Certificates?
Cybertrust issues Secure Server Certificates for any server compatible with the standard x509 v3 and able to make a request in PKCS#10 format. That includes the majority of all recent servers, in particular:
Microsoft Internet Information Server v3 or higher
Netscape Enterprise Server v3 or higher
Netscape Commerce Server v1 or higher
Netscape FastTrack Server
Stronghold Server
Internet Application Server 1.0
Netscape Iplanet Web Server 4.1
Note :
For Apache Servers, a patch for SSL is needed (
http://www.apache-ssl.org/
).
What is a Cybertrust SSL Server Certificate?
Cybertrust Server Certificates, in conjunction with the Secure Socket Layer (SSL) protocol, use cryptographic technology that allows individuals accessing a Web site to authenticate your Web site's identity and be ensured that the information being exchanged with you is protected.
What is SSL?
Secure Socket Layer (SSL) is a protocol used to secure data on TCP/IP networks such as the Internet. It provides encryption, authentication, and integrity for communication between a web server and client (consumer) browser.
Why should I use a Cybertrust Server Certificate?
You should use a Cybertrust Server Certificate when you want to establish secure communications with your customers, employees, and partners over an insecure medium like the Internet. Cybertrust Server Certificates allow private information to be exchanged securely.
How does a Cybertrust Server Certificate work?
When a user initially connects with a secure server, the user's browser confirms that the organization's domain name (from the URL) matches the information contained in the server certificate. Once this session validation is complete, a secure (SSL) session is established between the browser and the server. A unique key is created by SSL for this session. This happens seamlessly and instantaneously.
What type of verification is required for a Cybertrust Server Certificate?
SureServer is a high-assurance certificate with vetting procedures that go beyond the automated domain check verification. Currently, SureServer verification is a manual process that involves, at the very least, the following proofs: a) Domain check: the domain must be owned by and registered to the applying organization; b) Applicant verification: the applicant must be identified and approved by the applying organization; c) Organization Verification: the applying organization must be authenticated by an independent third-party database. If the validation information specified above is not satisfactorily provided or readily available, Cybertrust reserves the right to request additional proof of identity or ownership at any time.
Why does the domain name need to be authenticated?
The purpose of a domain registration check is to ensure that the domain/common name is registered and that the organization has the right to use that domain name. Internet browser software compares the domain name on the certificate to the URL and if it does not match, the browser will give the user a security warning.
Why does the organization need to be authenticated?
The purpose of an organization check is to ensure the validity of the organization. This check is authenticated through a Proof of Right. A Proof of Right, or POR, is an official third party document that is used to validate the name of the organization and its right to conduct business.
Why are two separate contact names required on the application?
We must confirm the employment of the applicant/technical contact so that a server certificate is not issued to someone who is not authorized by the organization. The only way to confirm this fact is to verify that information with another person (preferably the applicant's direct manager or Human Resources) within the company. An exception to this policy will be made for small businesses with less than five employees.
Does a CPS exist for SureServer Server Certificates?
For a full description of the Certification Practice Statement (CPS), see our Repository.
Which servers do SureServer SSL Server Certificates work with?
Netscape Enterprise/Fast Track Server 2.0.1-3.6.2
iPlanet 4.1+
Microsoft Internet Information Server 3.0-6.0
C2 Net Stronghold Web Server (Apache) 2.1+
Lotus Domino Go Web Server 4.6, Domino R5+
Apache 1.x with OpenSSL
Apache with modSSL, Raven, or SSLeay
Apache with SSL-Patch 1.3.9 and 1.3.13
BEA Weblogic
Cobalt RaQ
IBM HTTP
WebSTAR 4, V
Zeus v3
Oracle Application Server 4.4.8.x
Visnetic Website Professional 2.x
What if my Web server isn't on the list of servers SureServer supports?
Since SureServer SSL Server Certificates are standard X.509 certificates, they should be interoperable with any server supporting standard X.509 certificates. If you are using a Web server that isn't on our list of supported servers, try downloading and installing a free trial certificate. If our trial certificate works with your server, you can be confident the server certificate you purchase from us will work, too.
What browsers support SureServer SSL Server Certificates?
Today's most popular browsers (Microsoft Internet Explorer 5.0 and higher, Netscape 4.5 and higher, and America Online 5.0 and higher) are supported by SureServer SSL Server Certificate technology. As a result, communication between any of the browsers and the servers supported by SureServer SSL Server Certificates will be performed automatically and be transparent to the user.
How many SureServer Certificates will I need?
The number of SureServer Server Certificates you require depends on the organizational requirements of your company. You will need a SureServer Certificate for each domain name and server type. In order to purchase multiple certificates for the same domain name, you must ensure that at least one field in the Certificate Signing Request (CSR) is different for every certificate.
|
