This can be an IP address or the name of a standard host, such as
www.IdenTrust.com. We will confirm that the domain is registered
to the organization you list in your application before we
approve your certificate application. To avoid filing an
inappropriate application, we suggest you confirm this yourself
prior to completing the application by visiting
Please note that the server name you list must match exactly with
the URL your clients will use to establish an SSL connection.
Otherwise, they may see a warning message that the domain name
in your certificate does not match that of the URL.
Dun and Bradstreet's Data Universal Numbering System, or D-U-N-S number is
considered a standard tool for identifying businesses and organizations
worldwide. We use the D-U-N-S number as part of our research into the
legitimacy of your organization. While we do not require that you have
or provide us with a D-U-N-S number, it certainly helps us review your
application in a speedy manner.
Certificate Signing Request (CSR)
A Certificate Signing Request contains information about your server
name, your organization, the location at which the server is operating,
and the server's public key. When your server generates this CSR, it
signs the CSR with its corresponding private key.
Our application requires that you submit a CSR generated in
PKCS#10 format. If we are able to verify the information contained within the CSR, we will sign it
with the private key belonging to the CA and return the signed certificate to you in the form of a
We provide online instructions for generating a CSR with some of the most widely used servers (listed below).
- Apache + Raven
- Apache + Mod SSL
- IBM HTTP Server
- iPlanet Web Server 4.1
- Lotus Domino
- Microsoft IIS 4
- Microsoft IIS 5
- ZEUS Web Server
If we have not listed your server, we recommend that you refer to the instructions provided with your server software to generate your CSR.
Organization Name, Address and Phone
Please provide the officially registered name of your organization, which should match exactly with the name associated your D-U-N-S number or other official enterprise registration documents. This name must also be listed as the registered owner of the server name you would like to secure.
We will mail you information regarding your certificate request at the address you provide in your application. This address must be a street address and does not have to be that of your headquarters.
You will use this password to retrieve an approved server certificate, identify yourself to our customer service representatives and gain access to restricted, customer-only web pages. The password is stored in an encrypted format and is unknowable to any of our employees. Therefore, it is imperative that you remember this password for as long as the server certificate is valid.
Retrieving a Certificate
If we are able to approve your application for a server certificate, we will sign your CSR with the private key belonging to the CA. We will also build in several "extensions," which are bits of information about the certificate including how it can be validated, when it expires, etc. Once this process is complete, we package it in the form of a PKCS#7 response and place it on a secured page on our web site where it can be retrieved by your technical contact and installed.
We will notify you when the certificate is available for installation. We will also inform you of the URL where the certificate can be retrieved and the activation code required for access to the certificate. At that URL, we will provide certificate installation instructions for the following servers.
If we have not listed your server, we recommend that you refer to the certificate installation instructions provided with your server software prior to retrieving your server certificate.
- Microsoft IIS v4.0 and higher
- Lotus Domino v5.0
- iPlanet v4.1
Root Certificate Formats
The root certificate and any subCA certificate(s) will be delivered in a format appropriate to the selected server:
- PEM - a Base64 encoded certificate, includes "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" delimiters
- Stacked PEM - a single file comprised of concatenating the root and subCA PEMs
- P7B - a binary file containing a PKCS#7 SignedData structure with certificate(s) only