InfoCenter Home >
5: Securing applications -- special topics >
5.5: Certificate-based authentication >
5.5.4: Requesting certificates >
5.5.4.1: Getting a test certificate from acertificate authority

5.5.4.1: Getting a test certificate from a certificate authority

To obtain a certificate from a certificate authority, you must create file containing a certificate signing request (CSR). You then send the file to the CA. The procedure for getting the file to the CA varies with the CA and with the type of certificate, test or production, being requested. It is often helpful to request a test certificate from a CA before requesting a production certificate.

This file describes how to get a test certificate from a specific commercial CA, VeriSign, which offers a test certificate for free. The test certificate is a legitimate certificate, fully signed and endorsed for actual use, and it can be used to validate your configuration before you acquire a production certificate. However, the test certificate is only good for two weeks after receipt, so it is not useful for production use.

After you have created file containing a certificate signing request, request a test certificate by following these steps:

  1. Start your Web browser and link to VeriSign's home page at http://www.verisign.com.
  2. Choose the free trial SSL trial ID option. This displays a page where you can request a free trial of a secure server ID.
  3. Follow the instructions for requesting a free trial ID. Be sure to read the frequently asked questions (FAQ) list, the legal agreement for VeriSign trial subscribers, and the information comparing Trial Secure Server IDs to Secure Server Digital IDs. VeriSign also provides online help for each step of the process.
  4. When you get to the page on which you submit the CSR file, scroll down to the edit box. This is where you insert the CSR.
  5. Open the file containing the CSR; use any text editor that supports cut-and-paste actions.
  6. In your editor window, select all of the text, including the header
    -----BEGIN NEW CERTIFICATE REQUEST-----
    and the corresponding trailer.
  7. Paste the test into the edit box on the Enrollment page in your browser.
  8. Click the Continue button.
  9. On the resulting page, verify and complete the following information:
    • Verify Distinguished Name: Check all of the information displayed about your certificate. In particular, ensure that the Common Name is correct and unique.
    • Enter Technical Contact Information: Enter the requested information about you. VeriSign needs this information to send you your signed certificate. In particular, make sure that your e-mail address is correct. VeriSign will e-mail your certificate to this address.
    • Read the Digital ID Subscriber Agreement: Read the terms and conditions stipulated by VeriSign about the Test ID you are requesting.
      If you do not accept these conditions, do not continue.
  10. When the information is complete, and if you accept the VeriSign's Subscriber Agreement, click the Accept button.

You will recieve an acknowledgement, usually by e-mail, that you have successfully completed your request. You will probably be instructed to download the certificate and to install it in your browser.

Note   Do not install the certificate in your browser. For use with WebSphere, the certificate must be installed in a keyring, not in your browser.

Go to previous article: Requesting certificates Go to next article: Getting a production certificate

 

 
Go to previous article: Requesting certificates Go to next article: Getting a production certificate