3
<TITLE>SSL Certificates - User help</TITLE>
5
<META NAME="AUTHOR" CONTENT="www@ms.inka.de">
6
<META NAME="ROBOTS" CONTENT="NOINDEX,NOFOLLOW">
10
<BODY TEXT="#000000" LINK="Red" VLINK="Green" BGCOLOR="#FFFFFF">
14
<h1>SSL Certificates</H1>
15
<H2>What are they and how to create them here</H2>
20
Most web traffic is sent unencrypted. That is, anyone with
21
access to the right tools can view most of the traffic that travels the Web.
22
In some circumstances this can be undesirable, such as in credit card and
26
Where greater web data security is needed, the <B>S</B>ecure <B>S</B>ocket
27
<B>L</B>ayer (SSL) is used to encrypt the data stream between the server
28
and the client (usually a web browser).
31
If it is true that SSL securely encrypts data travelling over the Internet,
32
then why is a certificate necessary?
35
The simple answer is that it is NOT!
38
However, certificates are still useful:
39
A certificate, signed by a trusted <I>Certificate Authority</I> (CA), is
40
designed to ensure that the certificate holder is really who they claim to be. Without a trusted, signed certificate, your data may still
41
be encrypted but you can't be sure who you are communicating with.
44
If you need a certificate then keep reading and find out more below.
49
<h2>Specifications for certificate requests</h2>
53
<a name="countryName" >
54
<h3>Country Code (ISO designation of the country)</h3></a>
55
Enter the ISO short-name (2 letter) country ID here.
56
<h4>Valid inputs:</h4>
57
Enter two uppercase letters. Special characters (e.g. umlauts),
58
digits and other special characters are disallowed and will result in an error message.
62
<dt><h4> Examples:</h4><P>
64
<dt> ' AU ' for Australia
65
<dt> ' US ' for U.S.A.
71
<a name="stateOrProvinceName" ><h3>State or Province</h3></a>
72
Full official name of the region, state or province.
74
<h4>Valid inputs:</h4>
75
Alphanumeric characters (letters, country-specific
76
letters and digits). Some additional special characters ('.', ' _ ', ' - '
77
and the blank) are allowed. NB: semicolon and some others are disallowed.
79
<dt><h4>Examples:</h4><P>
81
<dt> ' New South Wales '
83
<dt> ' Germany; Bathe ' results in error message because of semicolon
89
<a name="localityName" ><h3>City or Locality(LN)</h3></a>
90
<h4>Valid inputs:</h4>
91
Alphanumeric characters (letters, country-specific
92
letters and digits) and some special characters ('.', ' _ ', ' - '
93
and the blank) are allowed (NB: semicolon and some others are disallowed).
95
<dt><h4>Examples:</h4><P>
98
<dt> ' Washington D.C. '
99
<dt> ' Frankfurt a.d. Or '
100
<dt> ' Frankfurt/Oder ' results in error message because of diagonal stroke
106
<a name="organizationName" ><h3>Name of Organisation</h3></a>
107
Name of the organisation (e.g. company, national authority,
109
<h4>Valid inputs:</h4>
110
Alphanumeric characters (letters, country-specific
111
letters and digits) and certain special characters ('.', ' _ ', ' - '
112
and the blank) are allowed (NB: semicolon and some others are disallowed).
114
<dt><h4>Examples:</h4><P>
116
<dt> ' Microshaft Inc. ' is permitted
117
<dt> ' Karneval /Stimmungsverein ' results in error message because of
124
<a name="organizationalUnitName" ><h3>Department or Organisational Unit</h3></a>
125
<h4>Valid inputs</h4>
126
Alphanumeric characters (letters, country-specific
127
letters and digits) and certain special characters ('.', ' _ ', ' - '
128
and the blank) are allowed (NB: semicolon and some others are disallowed).
130
<dt><h4>Examples:</h4><P>
132
<dt> ' IT Department '
133
<dt> ' Network Services Division '
134
<dt> ' information & communication ' results in error
135
message because of & (Ampersand) <dt> ' Abbott 08/15 '
136
results in error message because of diagonal stroke
142
<a name="commonName" ><h3>Common Name</h3></a>
143
If you are registering a certificate for a server, then the <B>Common
144
Name</B> MUST be the fully qualified domain name of that server.
148
If the certificate is for electronic mail or client identity, the
149
<B>Common Name</B> is usually the
150
first name and surname of a person (your own name!).
151
<h4>Valid inputs</h4>
152
Alphanumeric characters (letters, country-specific
153
letters and digits) and certain special characters ('.', ' _ ', ' - '
154
and the blank) are allowed (NB: semicolon and some others are disallowed).
156
<dt><h4>Examples:</h4><P>
158
<dt> ' www.secure.site.com' is a valid name for a server certificate.
159
<dt> ' Elvis Presley ' is a valid name for a client certificate.
160
<dt> ' Elvis, the large one ' results in error message because of the
161
comma (irrespective of the bad grammar; -)
167
<a name="initials" ><h2>Initials</h2></a>
168
If your organization commonly uses a name contraction (for example, MS
169
instead of Microsoft), then enter this here please. This may also be
170
the well known initials of a person - e.g. <I>HRH</I> or <I>FUBAR</I>
171
<h4>Valid inputs</h4>
172
Enter up to a maximum of five (5) alphanumeric characters (letters,
173
country-specific letters and digits).
175
<dt><h4>Examples:</h4><P>
177
<dt> ' KL ' is a valid specification
178
<dt> ' a-dG ' results in error message because of the hyphen
184
<a name="emailAddress" ><h3>E-mail Address</h3></a>
185
<B>NB:</B> You MUST enter a valid E-Mail address.
186
This certificate request will fail unless a valid email address is entered.
187
The E-Mail address is checked for plausibility before the request is processed.
188
<h4>Valid inputs</h4>
189
All characters which are likely to be found in a valid email address
191
This includes are letters
192
and special special characters ('@', '. ', ' = ', ' / ', ' - ', ' _ '
193
and the blank), but excluding country-specific characters such as umlaut.
195
<dt><h4>Examples:</h4><P>
197
<dt> ' michael@badexaple.com.au ' Won't work - it's not a registered domain name
198
<dt> ' ben.venudo@to.no.where ' results in error message because of invalid Internet domain
205
<a name="phone" ><h3> Telephone and FAX Numbers</h3></a>
206
For more exact identification, the specification
207
of telephone and FAX numbers is sometimes helpful. This information
208
is <b>not required</B>, and <B>even if entered here, it will not be
211
<h4>Valid inputs:</h4>
212
Plus sign and numbers only. The numbers must be entered in standard
213
international telephone number format (or an error message will be generated).
216
<dt> +[CountryCode] [AreaCode] [LocalNumber]
219
The <I>CountryCode</I> may consist only of 2 digits.
221
<dt><h4>Examples:</h4><P>
223
<dt> ' +49 7219 6506 ' is valid
224
<dt> ' +41 7219/9650 ' is invalid because of diagonal stroke
230
<a name="contactPerson" ><h3>Contact Person</h3></a>
231
<h4>Valid inputs:</h4>
232
The name of a contact person is sometimes helpful.
233
Alphanumeric characters (letters, country-specific letters and digits) and
234
some special characters ('.', ' _ ', ' - ' and the blank) are allowed.
236
<dt><h4>Examples:</h4><P>
238
<dt> ' Michael Stroeder ' is a valid entry
239
<dt> ' Bernie, at reception ' is invalid because of the comma
245
<a name="days" ><h3>Valid Number Of Days</h3></a>
246
Enter the number of days from <b>now</b>, until the time
247
this certificate will expire (e.g. valid for one year is 365 days!).
248
The actual validity period is usually fixed by the Certification Authority
249
as a matter of Policy </a>.
254
<a name="challenge" ><h3>Challenge Password</h3></a>
255
This is the <I>Challenge Secret</I> or <I>Initial Master Secret</I> password.
256
This is a password, which you have choose to use for communication with
257
with the certification body. This is not always required but
258
it does provide additional protection.
261
<a name="userpassword" ><h3>User Password</h3></a>
262
This is an optional password which you use to manage your certificate.
263
This password protects against non-authorized recall of the certificate
264
by third parties. This password is not displayed during input. In order to
265
check for typing errors, the password must be input twice.
268
<a name="SPKAC" ><h3>RSA Key length</h3></a>
269
Enter the length of the RSA code. The RSA code is NOT the same as the
270
certificate: The RSA key is used by some browsers when transmitting a
271
certificate request to the server.
275
It is usually advisable to select the longest key available (usually 1024 bits).
278
The actual key length may depend on the browser version.
280
Because of U.S. regulations, some versions of
281
Netscape navigator can only use RSA code with a maximum of 512 bits.
282
Please visit these links for more information:
283
www.fortify.net <a href="http://babel.altavista.com/translate.dyn?lp=de_en&doit=done&url=http%3A%2F%2Fwww.fortify.net" > is worthwhile anyhow, </a> and also <a href="ftp://ftp.replay.com/pub/crypto/browsers/" >
287
<h4>Valid inputs:</h4>
288
Enter the key length (number of bits) used by the browser.
289
For RSA code, possible values are 512 bits, 768 bits and 1024 bits.
291
Some types of certificates have a fixed minimum length.
292
Please consult the local CA Policy documents for further information</a>.