How to get a ca certificate

how to get a ca certificate

Santronics Software, Inc.,

How to obtain a certificate for Wildcat! SSL operations

SSL uses a "trusted signed certificate" concept to secure the connection and conversation between an SSL server and a SSL client. If you are unfamiliar with trusted signed certificates, the following discussion will help give you a simple understanding.

Example Situation:

Let's use a web browser for this discussion, however, please keep in mind the same ideas discussed here apply for all other types of SSL client/server options such as an FTP, POP3 or SMTP clients.

When a user uses a web browser to connect to a web site in "SSL mode", the web server will send a "signed certificate" to the web browser.

Next, the web browser will analyze the certificate to see if it's valid, whether it has expired and whether it was signed by a trusted Certificate Authority (CA).

If the certificate is valid and has not expired, however, it was signed by someone other than a trusted CA, the browser will inform the user of this situation and give the user the opportunity to accept the certificate as is.

So in order to make everyone happy about the security of a web site, you must obtain (purchase) a signed certificate from a trusted CA vendor such as Thawte, Verisign or others. Wildcat! allows you to create a self signed certificate which you can use temporarily while you await the receipt of a trusted certificate from a CA vendor.

Getting a trusted signed certificate:

Obtaining a trusted signed certificate from a CA vendor is typically a five (5) step process:
  1. Select one of the trusted CA vendors in the market place to purchase a trusted signed certificate. Thawte (http://www.thawte.com ) and Verisign (http://www.verisign.com ) are popular CA vendors. Follow their specific instructions to apply for a trusted certificate. At some point during the application the CA will ask you to provide a "certificate request" that will contain specific customer information. It is at this point where you will use the Wildcat! Certificate Wizard to create this certificate request.
  2. Using the Wildcat! Certificate Wizard, create a new private key and a certificate request using specific information you provide including domain name information (common name) for the server you wish to secure. In this step, a temporary self signed certificate will also be created which can be used for SSL operations while you wait for your request to be processed by the CA. Send the certificate request information to a CA vendor for processing. How this information is sent to the CA depends on the vendor. However, typically, when you apply for a trusted signed certificate, it is usually done via the WEB and during the application they will eventually ask you to cut and paste the certificate request information into a web page. This is the method used by Thawte.
  3. Receive the trusted signed certificate from the CA vendor. The CA might email the trusted signed certificate to you and/or they might show it to you on a web site which you will then copy and paste it into a local file (*.crt)
  4. Finally, add the trusted signed certificate to the pending certificate request.

Wildcat! SSL Configuration Manager makes the above process easy using the

Certificate Wizard.

Step 1 Details:

When you select your CA and begin the process of applying for a certificate, this is typically done using their WEB site. The typical customer information the CA will ask you to provide is:
  • Common Name
  • Country Code
  • Locality (City)
  • State/Province
  • Organization Name (company)
  • Organization Unit (i.e. division/department/etc)
  • Optional Email Address:

The most important item is the "common name." The CA will typically enforce this to be the domain name of the server you wish to secure. For example, if you are securing your web site, the common name will probably be www.yourdomain.com. Talk to your CA about using a certificate common name for all services (Web, FTP, POP3, SMTP, etc). This might be a matter of CA cost policy.

After you provide this information on their web site, they will ask you to provide a "certificate request" which is basically a block of information containing the above information in encrypted format. This block will typically look like this:

-----BEGIN CERTIFICATE REQUEST-----

MIICBjCCAW8CAQAwgcUxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdGbG9yaWRhMRIw

EAYDVQQHEwlIb21lc3RlYWQxJDAiBgNVBAoUGyJTYW50cm9uaWNzIFNvZnR3YXJl

LCBJbmMuIjEoMCYGA1UECxQfV2lsZGNhdCEgSW50ZXJhY3RpdmUgTmV0IFNlcnZl

cjEbMBkGA1UEAxMSd3d3LnNhbnRyb25pY3MuY29tMSMwIQYJKoZIhvcNAQkBFhRo

ZWN0b3JAd2luc2VydmVyLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA

ummSm9It/XRwgZLppxWt+4htLliHSU1nC1fIE7xa5mWRR/rNDTWeJxq2fwgnEdh2

E4RuFzO7IVsOrVYp6LYVucgC6/oiCDmaXNE9uUj//ZHJaKmB9I0y12TkVuq5IiLn

hrRRNw9pBat683JKHSSkMKcmB3vsBK6rSqm3yUXlXrMCAwEAAaAAMA0GCSqGSIb3

DQEBBAUAA4GBACVEVGOlkCkrMArDWuPfvtpNG49k3kVmTFA87FQwM/VJagguBi/U

yVhrkx7WjXCqLOAbee2SeQg24AxWf+t0WkrzhsG+hD3nkk3r2Oq/8IlrqFzb2Taj

2l19w5sLiH5adBQPfnBJzieuxIWKm/IA+Lqz8RBw8S6Pvfr9HlQT/hKX

-----END CERTIFICATE REQUEST-----

Why is the CA asking you for this block if you have already provided the information during the application?

This is part of the verification process. The certificate request you provide will be encrypted using the private key only you will know, not the CA.

So when they finally ask you to provide this funny looking certificate request block, you will use the Wildcat! Certificate Wizard to create it using the same information you already provided to them.

Step 2 Details:

Use the wizard to create a new key and certificate request. You must provide the same information you already provided to the CA. It is especially important that the common names match. In the final stage in the wizard, it will show you the certificate request block.

Also in this step, the wizard will create a temporary self signed certificate which you can use temporarily while you wait for the trusted certificate request to be processed.

Step 3 Details:

In step 2, the wizard displays the certificate request block which you can copy/paste to the CA certificate request input form. Once the CA has the certificate request block, they will begin the process of processing your request which may take 1 day or more. Talk to your CA about the turn around time.

Step 4 Details:

When the CA has completed your application, the CA will contact you (probably via email) instructing you on how to get your new trusted certificate. Depending on the CA, they might email it to you or they might instruct you to get it from their web site. In either case, it will look something like this:

-----BEGIN CERTIFICATE-----

MIIC6zCCAlSgAwIBAgIDMPMiMA0GCSqGSIb3DQEBBAUAMIGHMQswCQYDVQQGEwJa

QTEiMCAGA1UECBMZRk9SIFRFU1RJTkcgUFVSUE9TRVMgT05MWTEdMBsGA1UEChMU

VGhhd3RlIENlcnRpZmljYXRpb24xFzAVBgNVBAsTDlRFU1QgVEVTVCBURVNUMRww

GgYDVQQDExNUaGF3dGUgVGVzdCBDQSBSb290MB4XDTAyMTAwNzA2MDgxN1oXDTAy

MTAyODA2MDgxN1owgcUxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdGbG9yaWRhMRIw

EAYDVQQHEwlIb21lc3RlYWQxJDAiBgNVBAoUGyJTYW50cm9uaWNzIFNvZnR3YXJl

LCBJbmMuIjEoMCYGA1UECxQfV2lsZGNhdCEgSW50ZXJhY3RpdmUgTmV0IFNlcnZl

cjEbMBkGA1UEAxMSd3d3LnNhbnRyb25pY3MuY29tMSMwIQYJKoZIhvcNAQkBFhRo

ummSm9It/XRwgZLppxWt+4htLliHSU1nC1fIE7xa5mWRR/rNDTWeJxq2fwgnEdh2

E4RuFzO7IVsOrVYp6LYVucgC6/oiCDmaXNE9uUj//ZHJaKmB9I0y12TkVuq5IiLn

hrRRNw9pBat683JKHSSkMKcmB3vsBK6rSqm3yUXlXrMCAwEAAaMlMCMwEwYDVR0l

BAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQCB

Psf3CDR62rXCJZZBUThNqbbaBGwiXQIX3I2L2AmmJlF9kXnvBm9K+VU9HwlqmfUE

TxncuF/XRnhIoxLysWdIbRNWFxJI92ULcfHkPOh26A2arEBoEOUSpFTBKv/4ilZm

RzXxoXKoxr3oEOms/SvnFeV7NvJfplpZh7u63SbpBg==

Finally, you need to add the trusted certificate block or *.crt file to the pending request created in step 2. Use the Wildcat! Certificate Wizard option, "Add trusted certificate to pending request".

Source: www.winserver.com

Category: Insurance

Similar articles: