IdenTrust Inc. Logo
Home | Login | Contact Us  

  
OVERVIEW DIGITAL CERTIFICATE INSTRUCTIONS FAQ LIBRARY HOW-TO DOWNLOADS
SERVER CERTIFICATE ISSUANCE AND CERTIFICATE
  PROTECTION INFORMATION

Support > Glossary


Server Name
This can be an IP address or the name of a standard host, such as www.IdenTrust.com. We will confirm that the domain is registered to the organization you list in your application before we approve your certificate application. To avoid filing an inappropriate application, we suggest you confirm this yourself prior to completing the application by visiting http://www.internic.net/whois.html.

Please note that the server name you list must match exactly with the URL your clients will use to establish an SSL connection. Otherwise, they may see a warning message that the domain name in your certificate does not match that of the URL.

D-U-N-S number
Dun and Bradstreet's Data Universal Numbering System, or D-U-N-S number is considered a standard tool for identifying businesses and organizations worldwide. We use the D-U-N-S number as part of our research into the legitimacy of your organization. While we do not require that you have or provide us with a D-U-N-S number, it certainly helps us review your application in a speedy manner.

Certificate Signing Request (CSR)
A Certificate Signing Request contains information about your server name, your organization, the location at which the server is operating, and the server's public key. When your server generates this CSR, it signs the CSR with its corresponding private key.

Our application requires that you submit a CSR generated in PKCS#10 format. If we are able to verify the information contained within the CSR, we will sign it with the private key belonging to the CA and return the signed certificate to you in the form of a PKCS#7 response.

We provide online instructions for generating a CSR with some of the most widely used servers (listed below).

  • Apache + Raven
  • Apache + Mod SSL
  • IBM HTTP Server
  • iPlanet Web Server 4.1
  • Lotus Domino
  • Microsoft IIS 4
  • Microsoft IIS 5
  • Netscape Enterprise Server 3.x
  • Stronghold
  • WebStar
  • ZEUS Web Server

If we have not listed your server, we recommend that you refer to the instructions provided with your server software to generate your CSR.

Organization Name, Address and Phone
Please provide the officially registered name of your organization, which should match exactly with the name associated your D-U-N-S number or other official enterprise registration documents. This name must also be listed as the registered owner of the server name you would like to secure.

We will mail you information regarding your certificate request at the address you provide in your application. This address must be a street address and does not have to be that of your headquarters.

Certificate Passphrase
You will use this passphrase to retrieve an approved server certificate, identify yourself to our customer service representatives and gain access to restricted, customer-only web pages. The passphrase is stored in an encrypted format and is unknowable to any of our employees. Therefore, it is imperative that the you remember this passphrase for as long as the server certificate is valid.

Retrieving a Certificate
If we are able to approve your application for a server certificate, we will sign your CSR with the private key belonging to the CA. We will also build in several "extensions," which are bits of information about the certificate including how it can be validated, when it expires, etc. Once this process is complete, we package it in the form of a PKCS#7 response and place it on a secured page on our web site where it can be retrieved by your technical contact and installed.

We will notify you when the certificate is available for installation. We will also inform you of the URL where the certificate can be retrieved and the activation code required for access to the certificate. At that URL, we will provide certificate installation instructions for the following servers.

  • Apache+Mod/OpenSSL
  • Apache+Raven
  • Microsoft IIS v4.0 and higher
  • Lotus Domino v5.0
  • iPlanet v4.1
If we have not listed your server, we recommend that you refer to the certificate installation instructions provided with your server software prior to retrieving your server certificate.

Root Certificate Formats
The root certificate and any subCA certificate(s) will be delivered in a format appropriate to the selected server:

  • PEM - a Base64 encoded certificate, includes "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" delimiters
    Example
  • Stacked PEM - a single file comprised of concatenating the root and subCA PEMs
    Example
  • P7B - a binary file containing a PKCS#7 SignedData structure with certificate(s) only
    Example


RELATED CONTENT
Certificate Management Center
FAQ: Before You Buy
HOW-TO: Backup a Certificate
HOW-TO: Replace a Certificate
FAQ: General
FAQ: ACES
FAQ: ECA
FAQ: State of Washington
PKI Basics
Certificate Security and Protection
Change Control Schedules
Support Main
Contact Support
 

FEDERAL AGENCY PROGRAMS
Department of State
D-Trade
Department of Labor
Department of Labor
Department of Treasury IRS
Secure Data Transfer
Electronic Filing Certificate
 © 2008 IdenTrust Inc. All Rights Reserved    Home | Contact Us | Legal Policies IdenTrust