What to do | Help Center | Order

SSL Secure Server

Server Wide Certificate

Customer wants a secure certificate for the fictitious site domain.com, here is what they should do:

1) Begin in the Control Panel of domain.com.
2) Click on the Secure Server button.
3) Then click on Generate Request.
4) Fill-out the form with the correct information.
5) Click on Generate Request at the bottom of the screen.

This will generate a Certificate Signing Request [CSR]. The CSR looks like this:

-----BEGIN CERTIFICATE REQUEST-----
MIIBRzCB8gIBADCBjDELMAkGA1UEBhMCVVMxDjAMBgNVBAgTBVRleGFzMRMwEQYD
VQQHEwpTdWdhciBMYW5kMSYwJAYDVQQKEx1JbnRlcmdyb3VwIFRlY2hub2xvZ3ks
IEwuTC5DLjEeMBwGA1UECxMVV2ViIHByb2R1Y3RzIGRpdmlzaW9uMRAwDgYDVQQD
EwcwODAubmV0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAN4sJTLUlOaBNbCX2Uwi
xJB16UE+XPsooNQgZV3QwL+eBDuf5fQUClqWWZrpRsVczzj2l/ptiQKVhQmjt4yK
4rcCAwEAAaAAMA0GCSqGSIb3DQEBBAUAA0EAnAGcRQhkQZJS01aqWLfSPKNmLglg
0qXsWLN7SyPTXcpBLKRdCHXjECNPfRBfPpVhd6S4N1e7N8KVuebbW12mRQ==
-----END CERTIFICATE REQUEST-----

6) Make and save a back-up copy of the CSR and key (and key decryption password)
7) Then send the CSR to Verisign, Equifax or Thawte.

After asking for a lot of business verification information, Verisign, Equifax or Thawte, will
send back a certificate. The certificate looks like this:

-----BEGIN CERTIFICATE-----
MIICjTCCAfYCAQAwDQYJKoZIhvcNAQEEBQAwgY4xCzAJBgNVBAYTAlVLMRcwFQYD
VQQIEw5XZXN0IFlvcmtzaGlyZTEOMAwGA1UEBxMFTGVlZHMxGzAZBgNVBAoTElJh
bmRvbSBDb21wYW55IEx0ZDEeMBwGA1UECxMVV2ViIHByb2R1Y3RzIGRpdmlzaW9u
MRkwFwYDVQQDExB3d3cucmFuZG9tLmNvLnVrMB4XDTk5MDIxMDAxMzYxMVoXDTk5
MDMxMjAxMzYxMVowgY4xCzAJBgNVBAYTAlVLMRcwFQYDVQQIEw5XZXN0IFlvcmtz
aGlyZTEOMAwGA1UEBxMFTGVlZHMxGzAZBgNVBAoTElJhbmRvbSBDb21wYW55IEx0
ZDEeMBwGA1UECxMVV2ViIHByb2R1Y3RzIGRpdmlzaW9uMRkwFwYDVQQDExB3d3cu
cmFuZG9tLmNvLnVrMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQML/6LOpg
N9lx3ynjE4K914a8JblYKSzdfQrHqDPUxTIODfgX0PfdJDVWbj1/J/C5yrLs2tsN
9Ns+yDE9X0CUVATeMjR4s42/3ypBJQc3685BsAgzAFfcinXAo973YtgIHEzgr3n+
yJg6yFjwtClvJGkXL0MbvoEBy/BRupa+1wIDAQABMA0GCSqGSIb3DQEBBAUAA4GB
ACXMuDUuovLzAVwNDAZqfcQyZwGlKiJz7OceI4jDlm8bsNZsC4qXSl6/Y4aC/Iuv
UuS7/Zzgc7ETBZ/5XRakilw60N1mnjqcXKuz0gMKd5UUn3DL0AXir1QQS7MvKQbE
+3bxTVxCcPpm3w/7tg8oR7rHP/o6dSb0sR/DKO58xEFP
-----END CERTIFICATE-----

9) Using Control Panel -- install the certificate and previously saved key.

The private key looks like this:

-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQDQML/6LOpgN9lx3ynjE4K914a8JblYKSzdfQrHqDPUxTIODfgX
0PfdJDVWbj1/J/C5yrLs2tsN9Ns+yDE9X0CUVATeMjR4s42/3ypBJQc3685BsAgz
AFfcinXAo973YtgIHEzgr3n+yJg6yFjwtClvJGkXL0MbvoEBy/BRupa+1wIDAQAB
AoGAcM0JJ47wiqOYEIe+1Uc7/oppeUXjT643neZjUdyEANO7lDvjYVwbAFnfAG6I
qX3Fg5UdLxJBwCUcKb8kVsFmZj17qlUGP9Srd/Y3qqBHP6ySBKCUpmwiAlrbjMiw
gkjVwR8GXkVssZhqMTkvyDRB+BhLuawWXghRSOt34y5GEpkCQQDtzCNzGWscYuwH
J+Ak+iIePR4VN+F1+5WevluAk3+WZJGdlk4ve0BEv+1EP/VB/18NwcKbCFi+V6ay
jQbtWSedAkEA4CBvXBC+oEciah5UvprPBaMRSdevwUdjRO07BMK9ukwg5ETeu+1r
diQtc/DyBAZCGw19BnwFTQiUfPOdAKnoAwJADoVivMqWkdswkpdKxrdHkhUlWyJY
cD32uwTgzY80QVjO05K0H44lNI2LzZkiPu97PHnSimkOEkGD+m9GNwQ0uQJAQcYj
CDC90MmvdtcZ5aoG8U+Oxk3u/VjW8CZyuI3yIhcvW+4+M4aUj+JEGI9wZu/zPH8z
3tBMufO3qAfSXpx+QwJAZcH7ngIDMgLdRtGhShJfG9H0mZQMgW7DVrklTAs2Tjbr
fPOdU+vaS5FpX0yUocy8AP7uLO/burPh2VEF3Ovhjg==
-----END RSA PRIVATE KEY-----

For accounts with their own certificates:

Call the file from within your html pages, scripts or browser using:

https://$domain.com/file.html

To call file in personal cgi-bin:
https://$domain.com/cgi-bin/file.html

To call file in global cgi-bin:
https://$domain.com/cgi-sys/file.html

*** POLICY: THERE IS NO SUPPORT FOR FAKE CERTIFICATES***

Support will not be able spend time getting fake or temporary certificates to work. If you would like to investigate this option, you may, but we will not support it. Support *will* do everything it takes to get real certificates to work.

GENERAL INFO:
There are two kinds of dummy or test secure certificates

1) The kind we can create. These are also called "snake oil" certificates. They secure information but they do not look secure when they are being used. They are more for internal use than anything else.

2) free test certificates from verisign or thawte. They are available from these cert issuing companies and they work only for a few weeks.

As far as we know right now, there is no test certificate which looks secure but is not secure.

[NOTE: Most servers are now being set up to have an already existing dummy certificate for each domain, that is a "snake oil" cert. This dummy cert serves only to show that the secure server is functioning correctly and to allow for testing of a site's secure calls while that site waits for an actual secure certificate to arrive. Again, these dummy certs are offered as a courtesy and are not supported.]

Where to get a Secure Certificate:

Here are some links:

www.thawte.com
www.verisign.com
www.equifax.com

Note: We do not currently support certificates from other companies

There is a server-wide certificate available for your use as well.

The address for this is:

https://hostX.dnsdomain.net/$domain/file

For example, https://host.dnsdomain.net/supportpages/ssh.htm

would call this page that you see now.
Your host (server certificate number) can be provided by support. Replace $domain with your domain name, minus the extension (for joe.com, simply put joe, not the .com)

To call file in personal cgi-bin:
https://hostX.dnsdomain.net/$domain/cgi-bin/file.html

To call file in global cgi-bin: https://hostX.dnsdomain.net/$domain/cgi-sys/file.html

 
home | web hosting | maintenance | contacting | order

FernGullyGraphics.com All Rights Reserved©