~ubuntu-branches/ubuntu/maverick/pyca/maverick

« back to all changes in this revision

Viewing changes to htdocs/help/client-enroll.html.en

Committer: Bazaar Package Importer
Author(s): Lars Bahner
Date: 2003-12-02 19:39:35 UTC
Revision ID: james.westby@ubuntu.com-20031202193935-fzzt289mntvy6a8q

Tags: upstream-20031118

Import upstream version 20031118

files added:

bin/ca2ldif.py

bin/certs2ldap.py

bin/copy-cacerts.py

bin/ldap2certs.py

bin/ns-jsconfig.py

bin/print-cacerts.py

cgi-bin

cgi-bin/browser-check.py

cgi-bin/ca-index.py

cgi-bin/cert-query.py

cgi-bin/client-enroll.py

cgi-bin/get-cert.py

cgi-bin/ns-check-rev.py

cgi-bin/ns-revoke.py

cgi-bin/pycacnf.py

cgi-bin/scep.py

cgi-bin/view-cert.py

conf

conf/cacert_AuthCerts.cnf

conf/cacert_CodeSigning.cnf

conf/cacert_EmailCerts.cnf

conf/cacert_Root.cnf

conf/cacert_ServerCerts.cnf

conf/openssl.cnf

conf/ssl_server_csr.cnf

docs

help

htdocs

htdocs/changes.html

htdocs/config.html

htdocs/demo.html

htdocs/download.html

htdocs/faq.html

htdocs/features.html

htdocs/feedback.html

htdocs/files.html

htdocs/help

htdocs/help/client-enroll.html.de

htdocs/help/client-enroll.html.en

htdocs/install.html

htdocs/news.html

htdocs/overview.html

htdocs/pyca.html

htdocs/related.html

htdocs/roadmap.html

htdocs/security.html

htdocs/ssi

htdocs/ssi/footer.html

htdocs/ssi/head.html

htdocs/ssi/navigation.html

pylib

pylib/certhelper.py

pylib/cgiforms.py

pylib/cgihelper.py

pylib/cgissl.py

pylib/charset.py

pylib/htmlbase.py

pylib/ipadr.py

pylib/ldapbase.py

pylib/ldif.py

pylib/openssl

pylib/openssl/__init__.py

pylib/openssl/cert.py

pylib/openssl/cnf.py

pylib/openssl/db.py

pylib/vbs.py

sbin

sbin/ca-certreq-mail.py

sbin/ca-cycle-priv.py

sbin/ca-cycle-pub.py

sbin/ca-make.py

sbin/ca-revoke.py

sbin/pickle-cnf.py

Show diffs side-by-side

added added

removed removed

htdocs/help/client-enroll.html.en

<HTML>

<HEAD>

<TITLE>SSL Certificates - User help</TITLE>

</HEAD>

<P>

<h1>SSL Certificates</H1>

<H2>What are they and how to create them here</H2>

</CENTER>

</P>

<P>

Most web traffic is sent unencrypted. That is, anyone with

access to the right tools can view most of the traffic that travels the Web.

In some circumstances this can be undesirable, such as in credit card and

bank transactions.

</P>

<P>

Where greater web data security is needed, the <B>S</B>ecure <B>S</B>ocket

<B>L</B>ayer (SSL) is used to encrypt the data stream between the server

and the client (usually a web browser).

</P>

<P>

If it is true that SSL securely encrypts data travelling over the Internet,

then why is a certificate necessary?

</P>

<P>

The simple answer is that it is NOT!

</P>

<P>

However, certificates are still useful:

A certificate, signed by a trusted <I>Certificate Authority</I> (CA), is

designed to ensure that the certificate holder is really who they claim to be. Without a trusted, signed certificate, your data may still

be encrypted but you can't be sure who you are communicating with.

</P>

<P>

If you need a certificate then keep reading and find out more below.

<P>

<hr>

<P>

<h2>Specifications for certificate requests</h2>

</P>

<P>

<h3>Country Code (ISO designation of the country)</h3></a>

Enter the ISO short-name (2 letter) country ID here.

<h4>Valid inputs:</h4>

Enter two uppercase letters. Special characters (e.g. umlauts),

digits and other special characters are disallowed and will result in an error message.

</P>

<P>

<dl>

<dt><h4> Examples:</h4><P>

<dl>

<dt> ' AU ' for Australia

<dt> ' US ' for U.S.A.

</dl>

<hr>

<a name="stateOrProvinceName" ><h3>State or Province</h3></a>

Full official name of the region, state or province.

<h4>Valid inputs:</h4>

Alphanumeric characters (letters, country-specific

letters and digits). Some additional special characters ('.', ' _ ', ' - '

and the blank) are allowed. NB: semicolon and some others are disallowed.

<dl>

<dt><h4>Examples:</h4><P>

<dl>

<dt> ' New South Wales '

<dt> ' new jersey '

<dt> ' Germany; Bathe ' results in error message because of semicolon

</dl>

<hr>

<a name="localityName" ><h3>City or Locality(LN)</h3></a>

<h4>Valid inputs:</h4>

Alphanumeric characters (letters, country-specific

letters and digits) and some special characters ('.', ' _ ', ' - '

and the blank) are allowed (NB: semicolon and some others are disallowed).

<dl>

<dt><h4>Examples:</h4><P>

<dl>

<dt> ' Sydney '

<dt> ' Washington D.C. '

<dt> ' Frankfurt a.d. Or '

100

<dt> ' Frankfurt/Oder ' results in error message because of diagonal stroke

101

</dl>

102

</dl>

103

104

<hr>

105

106

<a name="organizationName" ><h3>Name of Organisation</h3></a>

107

Name of the organisation (e.g. company, national authority,

108

association etc..)

109

<h4>Valid inputs:</h4>

110

Alphanumeric characters (letters, country-specific

111

letters and digits) and certain special characters ('.', ' _ ', ' - '

112

and the blank) are allowed (NB: semicolon and some others are disallowed).

113

<dl>

114

<dt><h4>Examples:</h4><P>

115

<dl>

116

<dt> ' Microshaft Inc. ' is permitted

117

<dt> ' Karneval /Stimmungsverein ' results in error message because of

118

diagonal stroke

119

</dl>

120

</dl>

121

122

<hr>

123

124

<a name="organizationalUnitName" ><h3>Department or Organisational Unit</h3></a>

125

<h4>Valid inputs</h4>

126

Alphanumeric characters (letters, country-specific

127

letters and digits) and certain special characters ('.', ' _ ', ' - '

128

and the blank) are allowed (NB: semicolon and some others are disallowed).

129

<dl>

130

<dt><h4>Examples:</h4><P>

131

<dl>

132

<dt> ' IT Department '

133

<dt> ' Network Services Division '

134

<dt> ' information & communication ' results in error

135

message because of & (Ampersand) <dt> ' Abbott 08/15 '

136

results in error message because of diagonal stroke

137

</dl>

138

</dl>

139

140

<hr>

141

142

<a name="commonName" ><h3>Common Name</h3></a>

143

If you are registering a certificate for a server, then the <B>Common

144

Name</B> MUST be the fully qualified domain name of that server.

145

<P>

146

Otherwise....

147

<P>

148

If the certificate is for electronic mail or client identity, the

149

<B>Common Name</B> is usually the

150

first name and surname of a person (your own name!).

151

<h4>Valid inputs</h4>

152

Alphanumeric characters (letters, country-specific

153

letters and digits) and certain special characters ('.', ' _ ', ' - '

154

and the blank) are allowed (NB: semicolon and some others are disallowed).

155

<dl>

156

<dt><h4>Examples:</h4><P>

157

<dl>

158

<dt> ' www.secure.site.com' is a valid name for a server certificate.

159

<dt> ' Elvis Presley ' is a valid name for a client certificate.

160

<dt> ' Elvis, the large one ' results in error message because of the

161

comma (irrespective of the bad grammar; -)

162

</dl>

163

</dl>

164

165

<hr>

166

167

<a name="initials" ><h2>Initials</h2></a>

168

If your organization commonly uses a name contraction (for example, MS

169

instead of Microsoft), then enter this here please. This may also be

170

the well known initials of a person - e.g. <I>HRH</I> or <I>FUBAR</I>

171

<h4>Valid inputs</h4>

172

Enter up to a maximum of five (5) alphanumeric characters (letters,

173

country-specific letters and digits).

174

<dl>

175

<dt><h4>Examples:</h4><P>

176

<dl>

177

<dt> ' KL ' is a valid specification

178

<dt> ' a-dG ' results in error message because of the hyphen

179

</dl>

180

</dl>

181

182

<hr>

183

184

<a name="emailAddress" ><h3>E-mail Address</h3></a>

185

<B>NB:</B> You MUST enter a valid E-Mail address.

186

This certificate request will fail unless a valid email address is entered.

187

The E-Mail address is checked for plausibility before the request is processed.

188

<h4>Valid inputs</h4>

189

All characters which are likely to be found in a valid email address

190

are permitted.

191

This includes are letters

192

and special special characters ('@', '. ', ' = ', ' / ', ' - ', ' _ '

193

and the blank), but excluding country-specific characters such as umlaut.

194

<dl>

195

<dt><h4>Examples:</h4><P>

196

<dl>

197

<dt> ' michael@badexaple.com.au ' Won't work - it's not a registered domain name

198

<dt> ' ben.venudo@to.no.where ' results in error message because of invalid Internet domain

199

</dl>

200

</dl>

201

202

<hr>

203

204

205

<a name="phone" ><h3> Telephone and FAX Numbers</h3></a>

206

For more exact identification, the specification

207

of telephone and FAX numbers is sometimes helpful. This information

208

is <b>not required</B>, and <B>even if entered here, it will not be

209

published</B>.

210

211

<h4>Valid inputs:</h4>

212

Plus sign and numbers only. The numbers must be entered in standard

213

international telephone number format (or an error message will be generated).

214

<BR>

215

<dl>

216

<dt> +[CountryCode] [AreaCode] [LocalNumber]

217

</dt>

218

</dl>

219

The <I>CountryCode</I> may consist only of 2 digits.

220

<dl>

221

<dt><h4>Examples:</h4><P>

222

<dl>

223

<dt> ' +49 7219 6506 ' is valid

224

<dt> ' +41 7219/9650 ' is invalid because of diagonal stroke

225

</dl>

226

</dl>

227

228

<hr>

229

230

<a name="contactPerson" ><h3>Contact Person</h3></a>

231

<h4>Valid inputs:</h4>

232

The name of a contact person is sometimes helpful.

233

Alphanumeric characters (letters, country-specific letters and digits) and

234

some special characters ('.', ' _ ', ' - ' and the blank) are allowed.

235

<dl>

236

<dt><h4>Examples:</h4><P>

237

<dl>

238

<dt> ' Michael Stroeder ' is a valid entry

239

<dt> ' Bernie, at reception ' is invalid because of the comma

240

</dl>

241

</dl>

242

243

<hr>

244

245

<a name="days" ><h3>Valid Number Of Days</h3></a>

246

Enter the number of days from <b>now</b>, until the time

247

this certificate will expire (e.g. valid for one year is 365 days!).

248

The actual validity period is usually fixed by the Certification Authority

249

as a matter of Policy </a>.

250

251

252

<hr>

253

254

<a name="challenge" ><h3>Challenge Password</h3></a>

255

This is the <I>Challenge Secret</I> or <I>Initial Master Secret</I> password.

256

This is a password, which you have choose to use for communication with

257

with the certification body. This is not always required but

258

it does provide additional protection.

259

<hr>

260

261

<a name="userpassword" ><h3>User Password</h3></a>

262

This is an optional password which you use to manage your certificate.

263

This password protects against non-authorized recall of the certificate

264

by third parties. This password is not displayed during input. In order to

265

check for typing errors, the password must be input twice.

266

<hr>

267

268

<a name="SPKAC" ><h3>RSA Key length</h3></a>

269

Enter the length of the RSA code. The RSA code is NOT the same as the

270

certificate: The RSA key is used by some browsers when transmitting a

271

certificate request to the server.

272

273

274

275

It is usually advisable to select the longest key available (usually 1024 bits).

276

<p>

277

<p>

278

The actual key length may depend on the browser version.

279

<br>

280

Because of U.S. regulations, some versions of

281

Netscape navigator can only use RSA code with a maximum of 512 bits.

282

Please visit these links for more information:

283

www.fortify.net <a href="http://babel.altavista.com/translate.dyn?lp=de_en&doit=done&url=http%3A%2F%2Fwww.fortify.net" > is worthwhile anyhow, </a> and also <a href="ftp://ftp.replay.com/pub/crypto/browsers/" >

284

ftp.replay.com </a>.

285

286

287

<h4>Valid inputs:</h4>

288

Enter the key length (number of bits) used by the browser.

289

For RSA code, possible values are 512 bits, 768 bits and 1024 bits.

290

<P>

291

Some types of certificates have a fixed minimum length.

292

Please consult the local CA Policy documents for further information</a>.

293

</body>

294

</html>

295

Older »