Ask SSL Support Desk: Are SSL Certificate NIST compliant? NIST: National Institute of Standards and Technology

What is Ask SSL Support Desk? It is a summary of random questions that have one to the attention of Acmetek’s most awesome technical support reps. Answered and shared for the SSL Support Desk’s SSL Library which is designed to teach and educate the community. Question: Are SSL Certificates NIST compliant?  Short Answer: Yes. Actually, NIST was responsible for Certificate Authorities (CA) such as Digicert, Entrust, Comodo to start implementing the 2048 key pair bit length standard with SSL/TLS Certificates. More Information: Within the realm of Website and Network Security there are many institutions that “Set the Standard” to the way people and organizations conduct their infrastructure. Without standards there would be no consistency among product developers, manufactures, cyber security, […]

Read More

ASK SSL Support Desk – How Many Wildcard SSL Certificates Do I Need If I have Multiple IP’s?

What is Ask SSL Support Desk? It is a summary of random questions that have one to the attention of Acmetek’s most awesome technical support reps. Answered and shared for the SSL Support Desk’s SSL Library which is designed to teach and educate the community. Question: One of my customers is looking to get some Wildcard SSL Certificates. They have one main domain and 30 to 40 sub domains across 3 different Internet Service Providers, and all the domains are tagged with all the ISP’s for redundancy. They are having Internet Service provision from BSNL, TATA and National Knowledge Network with respective individual IP Address. Please help me with what they should get. Can my customer buy one single Wildcard […]

Read More

Palo Alto Networks – SSL Installation

Like the majority of server systems you will install your SSL certificate on the same server where your Certificate Signing Request (CSR) was created. Your private key will always be left on the server system where the CSR was originally created. Your SSL certificate will not work without this private key file. We will assume that this is the original system. With Palo Alto Networks you will need to complete the pending request that was left on the system from when you created your CSR. Your certificate authority should have given you an Apache format or Other x509 type of SSL Certificate and Intermediate CA. To install your SSL Certificate into Palo Alto perform the following. Step 1: Downloading your […]

Read More

ASK SSL Support Desk – Can I get an SSL Certificate that have CA= True or KeyUsage= CertSign?

What is Ask SSL Support Desk? It is a summary of random questions that have one to the attention of Acmetek’s most awesome technical support reps. Answered and shared for the SSL Support Desk’s SSL Library which is designed to teach and educate the community. Question: Can I get an SSL Certificate that have CA= True or KeyUsage= CertSign? Short Answer: Not really.. and here is why. The boolean reference of CA = True is used by applications to denote whether the certificate public key belongs to a CA (Certificate Authority). Technically all SSL Certificates (end entity) that are issued from a CA have this true attribute as they are chained from Intermediate CA and Root CA. You will not […]

Read More

SSL Partner Center: How to Download Certificate & Intermediates?

To download your Certificate and any Intermediates you may need can be found in the Download Certificate tab under the certificates Order Details. Note: In conjunction with downloading your certificate from the SSL Partner Center your web server certificate will typically be within the body or attached to your Orders Issuance email. To get to the Download Certificate tab you will have to look up the details of your certificate order. You can do this by either of the following. On the main page under Recent Orders you can click on the magnifying icon to pull up the orders details. After performing a search of your order under Reports/Search click on the order number to your certificate. Downloading your Certificate: […]

Read More

SSL Partner Center: How to Reissue / Replace?

Sometimes you may need to Replace / Reissue your web server certificate due to a technical issue, a special circumstance, or you have an environment where you need to use multiple keypairs. A Replace / Reissue of your web server certificate will not void your previously issued certificate on the order nor extend its validity. If you need to revoke a certificate due to a key compromise then please submit a Revocation Request under Manage Order(s) > Revoke Certificate within your SSL Partner Center. Note: You will be required to Submit a CSR for this replacement. Instructions on CSR generation can be found here if necessary. CSR Generation Instructions (All Systems) Note: When generating your new CSR to perform this […]

Read More

SSL Partner Center: How to Process New Certificate / Renewal.

In order to receive a new or renew an existing digital certificate for your website you will have to process an order. During this process you will always be required to generate a new Certificate Signing Request (CSR) from the server or application running the website. This is typically done by someone within your organization that has access to those systems. It is recommended that you generate the CSR first before processing the order as you cannot submit the order for the NewCert/Renewal without it. The SSL Support Desk features many articles for various systems in CSR creation: CSR Generation Instructions In order to start Process New Certificate / Renewal log into your SSL Partner Center at www.SSLPartnerCenter.com Step 1: […]

Read More

SSL Partner Center: Error – CSR does not contain a wildcard domain as expected.

In the SSL Partner Center client may get the following Warning message: CSR does not contain a wildcard domain as expected. Causes: This warning message is caused by the following reasons. This error is caused when enrolling for a Wildcard SSL certificate product and the CSR that is being submitted within the enrollment Wizard does not have the Wildcard * attribute in the Common Name of the CSR. Resolutions: Resolution will vary depending on its cause. Double check the common name of the CSR with an SSL Certificate CSR checker. Generate a new CSR with a wildcard within the Common Name to enroll for a Wildcard  certificate product. Example: *.acmetek.com If you need a standard SSL certificate for the wildcard […]

Read More

Microsoft Azure – CSR Generation & SSL Installation Guide Using The Digicert Certificate Utility

Azure requires a pfx/p12 for its SSL Certificate installation. This file can only be generated from a Windows system or an application. You will never attain such a file from a Certificate Authority. Typically in order to get an SSL Certificate for your Azure cloud services Admins will use Windows Server IIS (Internet Information Services) to generate the pfx/p12 keypair used to import into Azure, but not everyone has IIS. The Digicert Certificate Utility for Windows allows for the ability for admins to create the .pfx file needed for Azure systems without the need for a Windows Server. This guide will carry you through the following: CSR generation SSL installation Export of installed certificate as a pfx Import pfx into […]

Read More

Microsoft Server 2016 – IIS 10 & 10.5 – SSL Installation

Like the majority of server systems you will install your SSL certificate on the same server where your Certificate Signing Request (CSR) was created. This is because your private key will always be left on the server system where the CSR was originally created. With Microsoft like Microsoft Server 2016 – IIS 10 & 10.5 the private key is hidden away and will only appear once the CSR request has been completed. Your SSL certificate will not work without this private key file. We will assume that this is the original system. To Install your SSL certificate on Windows Server 2012 – IIS 8 & 8.5 perform the following. Step 1: Picking up your SSL Certificate: If you had the option […]

Read More