FAQ Q & A
Yes, please see http://www.globalsign.com/free-ssl-certificate/free-ssl.htm for free 45 day Trial SSL Certificates.
If users don't have the GlobalSign root certificate installed and they go to a server secured through a GlobalSign SSL Certificate, the browser will ask them if they will trust certificates issued by GlobalSign. If they answer yes, the GlobalSign root certificates will be installed automatically. If they answer no, they can still choose to accept the secure session they are about to start but the next time they will receive the exact same question from their browser.
The user doesn't necessarily need his own personal certificate to have access to a secure server. However, the secure server can be configured to explicitly ask for the user to select and present a personal certificate (eg. a PersonalSign certificate) before entering a certain page. This is an extra feature of Secure Socket Layer (SSL) v3. In this way, the SSL server also has an idea of who is accessing the site, and can decide whether or not to let that person access certain information.
| Common Name |
= mandatory |
| Country Name |
= optional |
| State or Province Name |
= optional |
| Locality Name |
= optional |
| Organization Name |
= optional |
| Organizational Unit Name |
= optional |
| Email Address |
= optional |
* Do not use blank fields in your csr, if you do not wish a field to be in your certificate, do not create this field in your CSR. eg "Locality= " will result in our system refusing your request. *
If you access a server secured with a GlobalSign SSL Certificate, you will see a padlock at the bottom of your browser. If you click on it, you will see the details of the server's SSL Certificate.
Upgrade to Strong Encryption Pack for Windows 2000, here is the URL for Installing it:
http://www.microsoft.com/windows2000/downloads/recommended/encryption/default.asp.
GlobalSign issues Secure Server Certificates for any server compatible with the standard x509 v3 and able to make a request in PKCS#10 format. That includes the majority of all recent servers, in particular:
Microsoft Internet Information Server v3 or higher
Netscape Enterprise Server v3 or higher
Netscape Commerce Server v1 or higher
Netscape FastTrack Server
Stronghold Server
Internet Application Server 1.0
Netscape Iplanet Web Server 4.1
Note :
For Apache Servers, a patch for SSL is needed (http://www.apache-ssl.org/).
The private key sizes for SSL must be either 512 or 1024 bits, for compatibility with certain web browsers. A keysize of 1024 bits is recommended because keys larger than 1024 bits are incompatible with some versions of Netscape Navigator and Microsoft Internet Explorer, and with other browsers that use RSA's BSAFE cryptography toolkit.
Export:
You have to export the certificate from MMC.
To do this open the mmc, (start>run>mmc) and open the certificates snap in.
Select “local computer account” when prompted.
You will then see on the left, certificates, please select the “personal” folder.
Find the certificate for the correct domain, and then right click it.
Select “all tasks” and then “export”.
Insure you export the certificate WITH the private key, save the .pfx file to a USB Drive so you can import it easily.
Import:
You must now import the certificate onto the new server.
To do this open mmc, (start>run>mmc) and open the certificates snap in.
Select “local computer account” when prompter
You will then see on the left, certificates, please select the “personal” folder.
Right click the “personal” folder and select all “tasks>Import”
Find the .pfx file you saved previously and import the certificate and private key into the MMC
Now open IIS
Once you have open IIS, select the domain the certificate is for
Right click the domain, selecting properties
Then select “directory security” tab, and then “server certificates”
Now press “assign certificate”
Find the certificate you have just imported, and select it.
|
