[1] This online manual assumes the reader has a basic knowledge of the function and purpose of an SSL or TLS Certificate and also some of the issues surrounding day-to-day management of the Certificates’ life cycle.
To gain a basic understanding of Digital Certificates [2], CA [3] systems, their functions and uses, download and read the Digi-CA™ [4] Manual.
The Basic Issues
Digital Certificates are issued and are valid for a specific period of time or ‘life’. So the life of the Certificate is set for a period of time and after this, it expires. An expired Certificate must be replaced if the security and integrity of the server or device is to be maintained. The life cycle of an SSL Certificate is circular and repetitive in nature.
Certificate Life cycle
How SSL Certificates are Issued
To initiate this process, the Administrator in your organisation must go to the specific server and generate a Certificate Signing Request [CSR [6]] and submit it, along with other legal contact and domain ownership information to the CA. On receiving the CSR & supporting information, a Department within the CA called the Registration Authority [RA] verifies and approves, or rejects, the request accordingly. This process is called validations [7].
If the Validation process is successful and the RA can accurately determine that your organisation does have legal ownership of the domain name used in the SSL Certificate [5] you are requesting, then the Certificate is issued. Your Administrator then installs the Certificate, thereby activating the HTTPS:// connection to the server and the ‘little yellow lock’ that appears in the browser whenever a connection is made to the specific server.
Links:
[1] https://www.digi-sign.com/downloads/download.php?id=aacd-digi-ssl-pdf
[2] http://www2.digi-sign.com/digital+certificate
[3] http://www2.digi-sign.com/certificate+authority
[4] http://www2.digi-sign.com/download/digi-ca-manual
[5] http://www2.digi-sign.com/ssl+certificate
[6] http://www2.digi-sign.com/support/digi-ssl/generate+csr
[7] http://www2.digi-sign.com/validations