Published on Digi-Sign, The Certificate Corporation (http://www2.digi-sign.com)

Home > I-Planet Web Server 6.x

By Digi-Sign
Created Feb 18 2008 - 15:16

I-Planet Web Server 6.x

Important Note:

Effective 1 January 2011, we will no longer support any Certificate Signing Request [CSR] generated with a 1024 bit key. This is because NIST, PKIX, WebTrust and other respective security standards no longer consider the 1024 bit key size as secure. Read more > [1]

Instructions

1. Restart the administration server by typing the following commands:

    # /usr/iplanet/servers/https-admserv/stop
    # /usr/iplanet/servers/https-admserv/start

2. To request the server certificate, click the Security tab near the top of this page.

    The Create Trust Database window is displayed.

3. Select the Request a Certificate link on the left frame.

IMAGE


The screenshot depicts the following options:

    New certificate or Certificate renewal; View a list of available certificate authorities; Submit to Certificate Authority (CA [2]) via CA Email Address or CA URL; a drop-down menu to select the Cryptographic Module to use with this certificate ("nobody@engineering" is displayed as the default); a field for the Key Pair File Password; a link to an overview of the certificate process; fields for Requestor name, Telephone number, Common name, and Email address.

4. Fill out the form to generate a certificate request, using the following information:

    a. Select a New Certificate.

    If you can directly post your certificate request to a web-capable certificate authority or registration authority, select the CA URL link. Otherwise, choose CA Email Address and enter an email address where you would like the certificate request to be emailed to.

    b. Select the Cryptographic Module you want to use.

    Each realm has its own entry in this pull-down menu. Be sure that you select the correct realm. To use the Sun Crypto Accelerator 1000, you must select a module in the form of user@realm-name.

    c. In the Key Pair File Password dialog box, provide the password for the user@realm-name that will own the key.

    d. Provide the appropriate information for the following fields:

    • Requestor Name: Contact information for the requestor
    • Telephone Number: Contact information for the requestor
    • Common Name: Website Domain that is typed in a visitor's browser hostname.domain
    • Email Address: Contact information for requestor
    • Organization: A value for the Organization to be asserted on the certificate
    • Organizational Unit: (Optional) A value for the Organizational Unit that will be asserted on the certificate
    • Locality: (Optional) City, county, principality, or country, which is also asserted on the certificate if provided
    • State: (Optional) The full name of the state in this field
    • Country: The two-letter ISO code for the country (for example, the United States is US)

    e. Click the OK button to submit the information.

5. Send the CSR to Digi-Sign.

  • If you choose to post your certificate request to a CA URL, the certificate request is automatically posted there.
  • If you choose the CA Email Address, copy the certificate request that was mailed to you with the headers and hand it off to your certificate authority.

6. Once the certificate is generated, copy it, along with the headers, to the clipboard.

NOTE that the certificate is different from the certificate request and is usually presented to you in text form.

Source URL: http://www2.digi-sign.com/support/digi-ssl/planet6

Links:
[1] http://www2.digi-sign.com/about/announcements/2048
[2] http://www2.digi-sign.com/certificate+authority