Applying for an SSL Certificate

Step One: Choose an SSL Product that fits your needs

ExtendedSSL - Extended validation (EV) Certificates

Vetting Requirements:
The issuance process of EV Certificates is strictly defined in the EV Guidelines, as formally ratified by the CA/Browser forum in 2007, that specify all the steps required for a Certification Authority (CA) before issuing a certificate, and includes:

- Verifying the legal, physical and operational existence of the entity
- Verifying that the identity of the entity matches official records
- Verifying that the entity has exclusive right to use the domain specified in the EV Certificate
- Verifying that the entity has properly authorised the issuance of the EV Certificate

Ideal Applications:
When the highest levels of identity assurance, visible trust and encryption levels, for example:

- For incorporated companies and organisations
- All brands susceptible to phishing attacks and wishing to protect against copycat websites
- All brands wishing to “level the playing field” with major brands
- All other high value online services

Plus all standard applications:
credit card transactions, system logins, web servers, web forms, protected areas, webmail, Outlook Web Access, Exchange, Office Communications Server, workflow and virtualization applications like Citrix Delivery Platforms, cloud based computing platforms, email client to email server, file transfer and secure FTP, internal networks, extranets and database, SSL VPNs

OrganisationSSL – Organisation validation (OV) Certificates

Vetting Requirements & Issuance Speed:
OV vetting usually takes 1-2 business days and includes:

- Verifying the legal existence of the entity
- Verifying that the identity of the entity matches third party records
- Verifying that the entity has right to use the domain specified in the Certificate

Ideal Applications:
When identity assurance and higher trust is as important as encryption:

- For incorporated companies and organisations

Plus all standard applications:
credit card transactions, system logins, web servers, web forms, protected areas, webmail, Outlook Web Access, Exchange, Office Communications Server, workflow and virtualization applications like Citrix Delivery Platforms, cloud based computing platforms, email client to email server, file transfer and secure FTP, internal networks, extranets and database, SSL VPNs

DomainSSL – Domain validation Certificates

Vetting Requirements & Issuance Speed:
DV vetting is quick and does not require any company paperwork. Only the domain control is vetted:

- Verifying that the applicant has right to use the domain specified in the Certificate

Ideal Applications:
When just encryption is all that’s needed.  For example:

- When the applicant is not a legally incorporated entity
- When the SSL is needed quickly and when company docs are not available or accessible
- Low value, low volume ecommerce

Plus all standard applications:
credit card transactions, system logins, web servers, web forms, protected areas, webmail, Outlook Web Access, Exchange, Office Communications Server, workflow and virtualization applications like Citrix Delivery Platforms, cloud based computing platforms, email client to email server, file transfer and secure FTP, internal networks, extranets and database, SSL VPNs

 

Step Two: Create a Certificate Signing Request

A Certificate Signing Request (usually referred to as a CSR) is a block of encrypted text file generated on a Web Server that the SSL  Certificate will be installed on – the server hosting the domain name or hostname contained within the Certificate.  The CSR contains information included within the Certificate, typically Organisation Name, Common Name (domain name), Locality and Country. 

The CSR will be passed to the Certificate Authority (GlobalSign) during the Certificate application process, parsed and the information it contained is vetted in accordance with the type of Certificate being applied for.  At the time the server creates the CSR a private key is also created, this is cryptographically “married” to the CSR (and hence the issued Certificate), meaning that if the private key is lost before the Certificate is installed, a new CSR will need to be generated.

Example CSR and how it looks:

Alternatives to creating your own CSR –
GlobalSign’s unique AutoCSR feature

AutoCSR is a unique GlobalSign innovation designed to speed up the application process for DomainSSL and OrganizationSSL. Certificate Signing Request (CSR) generation remains one of the consistent problem areas faced by customers wishing to secure their server. Often customers are unfamiliar with the CSR generation process or make time-consuming mistakes.

AutoCSR removes the need for the customer to create the CSR on the web server, instead GlobalSign securely creates the CSR on the fly during the Certificate application process instead of requiring the CSR file.  AutoCSR also means you do not have to install the SSL Certificate on the same computer used during the online SSL application process.
Currently the GlobalSign AutoCSR option can be used when applying for DomainSSL Certificates and OrganizationSSL Certificates.

AutoCSR with DomainSSL Certificates
AutoCSR with OrganizationSSL Certificates

 

Step Three: Time to be vetted

The vetting activities will differ based on the type of Certificate applied for.  As GlobalSign has conveniently divided its SSL products into three categories based on the level of vetting, it is always obvious which vetting processes and identity information will be needed to issue a Certificate.

Extended Validation requires that you prove your organisation’s legal, physical and operational status, that you have exclusive rights to use the domain contained within the EV application, and that the entity being vetted has properly authorised the EV application to take place.  GlobalSign vetting staff will walk you and your organisation through the vetting process and detail the typical company documents that will be required. Once the vetting is complete the Certificate will be issued.

Organisation Validation requires that you prove your organisation’s legal status, that you have rights to use the domain contained application.  GlobalSign vetting staff will walk you and your organisation through the vetting process and detail the typical company documents that will be required.  Once the vetting is complete the Certificate will be issued.

Domain Validation requires that you prove your right to use the domain contained application.  An automated domain control check is executed for all applications, typically with an “approver email” challenge sent to the owner of the domain (such as the contact associated with the domain in the WHOIS database) or to a canned email associated with control of the domain such as admin@domain.com or webmaster@domain.com.  Once the automated approval is complete the Certificate will be issued.

 

Step Four: Install your Certificate

Once the Certificate has been issued it needs to be installed on the server.  Installing is usually straight forward but the method of installation will differ for each type of server software.  Full instructions for all servers are available at http://www.globalsign.com/support/installcert.php

 

Step Five: Install your Secure Site Seal

The final stage of using SSL is to install the trust enhancing Secure Site Seal.  You can install the SSL Secure Site Seal by adding a simple script into your web pages. We recommend you place the Secure Site Seal on any pages being secured by your GlobalSign SSL Certificate. For your convenience you can select different sizes and file types (static gif images or animated Flash seals).  GlobalSign SSL customers can obtain the Secure Site Seal code from http://www.globalsign.com/support/ssl-site-seal.html.