Search in this section

Skip to end of metadata
Go to start of metadata

How to order an SSL Certificate. Sample Certificate: GeoTrust - True BusinessID

Before Ordering

  • Create the CSR key on the server where the certificate will later be used.
  • Create SSL contacts if the required contacts do not exist in the system.
    • Administrative contact = applicant (identical to the details in the CSR key). The contact corresponds to the company that will use the certificate.
    • Technical Contact = Reseller/Provider
  • Check if a MX-Record is created so that the confirmation email of the CA can be sent. (Only required for authentication method EMAIL)

Order Certificates with the SSL Manager

  • Click Order Certificate in the menu group SSL Certificates.
  • In the section Product Choice:

  • Select the desired certificate in the Product list
  • Select the desired validity period in the Certificate Lifetime list
  • Under Server Software, select the operating system of the web server for which the certificate is issued.
    All Windows servers are automatically PKCS7 encoding format, all other PKCS12.
  • For the SHA Fingerprint Version, choose between:

    • SHA-256 Cert + Root: The current default. Returns a certificate chain in the SHA2 algorithm.
    • SHA-256 Cert + SHA-1 Root: Returns a SHA2 certificate with the older SHA1 root certificate of the CA.
Certificates are only issued in the SHA-256 algorithm. The selection here allows you to choose between SHA-1 and SHA-2 root certificate issuance. The current standard is the complete SHA-2 chain (SHA-256 Cert + Root). The root certificate in SHA-1 is only recommended for old devices before 01/08/2013.
  • 'Certificate Transparency' is enabled by default.

What is 'Certificate Transparency'?

With the 'Certificate Transparency' procedure, certificates issued by mistake or maliciously are to be better recognized for a domain. The digital certificates issued by a 'Certificate Authority' for encrypted Internet connections are checked and logged per default in a revision-proof logbook.

  • In the CSR Key section, insert the pre-created CSR key
    Note that when copying the CSR key, mark the first line "-----BEGIN CERTIFICATE REQUEST-----" and the last line "-----END CERTIFICATE REQUEST-----" including the lines with.

You can use a DigiCert tool to check the correctness of the CSR key beforehand
  • Click the Check CSR Key button.
  • The Common Name (certificate name) from the CSR key is displayed in the Name field in the Certificate Details section. The following form field "Additional Domains" is only required for ordering multidomain certificates.

  • Select the contacts in the Contact section:
    • Administrative Contact = Applicant (must be identical to the details in the CSR key)
    • Technical Contact = Reseller/Provider
    You can also create new contacts here by clicking on the icon. Sometimes, however, the contact is already predefined and cannot be changed by you.

  • Select the desired authentication method in the Authentication Settings area.

Follow the instructions that appear in the yellow box after you select the authentication method.

  • Email: An email will be sent to the confirmation email address selected here.
    Select the email address in the Approver Email field.
    Click on the confirmation link in the email. This confirms the domain ownership. (MX-Record must be created for this).
Please make sure that for the selected email address no greylisting is activated to avoid problems with the delivery of the confirmation email.
  • File: Create a file with the data generated by the system and store it on the web server.

FILE Name:
File Content : 2018112007555401i23owspz4su5ry9q31j6rlhw89e4wwd2tz8jt9a0rpl36u1n

  • DNS: Enter the DNS record generated by the system in the zone. For example, this method is used by default for the free Basic SSL certificate.

  • Confirm the note for GDPR.
  • Click on Submit to start the order process.

  • No labels