InfoCenter Home >
5: Securing applications -- special topics >
5.5: Certificate-based authentication >
5.5.4: Requesting certificates >
5.5.4.1: Getting a test certificate from acertificate authority
To obtain a certificate from a certificate authority, you
must create file containing a certificate signing request (CSR).
You then send the file to the CA. The procedure for getting
the file to the CA varies with the CA and with the type of
certificate, test or production, being requested. It is often
helpful to request a test certificate from a CA before requesting
a production certificate.
This file describes how to get a test certificate from a specific
commercial CA, VeriSign, which offers a test certificate for free.
The test certificate is a legitimate certificate, fully signed
and endorsed for actual use, and it can be used to validate
your configuration before you acquire a production certificate.
However, the test certificate is only good for two weeks after
receipt, so it is not useful for production use.
After you have created file containing a certificate signing request,
request a test certificate by following these steps:
- Start your Web browser and link to VeriSign's home page at
http://www.verisign.com.
- Choose the free trial SSL trial ID option. This displays
a page where you can request a
free trial of a secure server ID.
- Follow the instructions for requesting a free trial ID. Be sure
to read the frequently asked questions (FAQ) list, the
legal
agreement for VeriSign trial subscribers, and the information
comparing Trial Secure
Server IDs to Secure Server Digital IDs. VeriSign also
provides online help for each step of the process.
-
When you get to the page on which you submit the CSR file, scroll
down to the edit box. This is where you insert the CSR.
- Open the file containing the CSR; use any text editor that
supports cut-and-paste actions.
- In your editor window, select all of the text, including the header
-----BEGIN NEW CERTIFICATE REQUEST-----
and the corresponding trailer.
- Paste the test into the edit box on the Enrollment page in your
browser.
- Click the Continue button.
- On the resulting page, verify and complete the following information:
- Verify Distinguished Name: Check all of the
information displayed about your certificate. In particular,
ensure that the Common Name is correct and unique.
- Enter Technical Contact Information: Enter the
requested information about you. VeriSign needs this
information to send you your signed certificate. In
particular, make sure that your e-mail address is correct.
VeriSign will e-mail your certificate to this address.
- Read the Digital ID Subscriber Agreement: Read the
terms and conditions stipulated by VeriSign about the Test
ID you are requesting.
If you do not accept these conditions, do not continue.
- When the information is complete, and if you accept the VeriSign's
Subscriber Agreement, click the Accept button.
You will recieve an acknowledgement, usually by e-mail, that you have
successfully completed your request. You will probably be instructed
to download the certificate and to install it in your browser.
Do not install the certificate in your browser. For use with
WebSphere, the certificate must be installed in a keyring,
not in your browser.
|
|