Ask SSL Support Desk: Are SSL Certificate NIST compliant? NIST: National Institute of Standards and Technology

What is Ask SSL Support Desk? It is a summary of random questions that have one to the attention of Acmetek’s most awesome technical support reps. Answered and shared for the SSL Support Desk’s SSL Library which is designed to teach and educate the community. Question: Are SSL Certificates NIST compliant?  Short Answer: Yes. Actually, NIST was responsible for Certificate Authorities (CA) such as Digicert, Entrust, Comodo to start implementing the 2048 key pair bit length standard with SSL/TLS Certificates. More Information: Within the realm of Website and Network Security there are many institutions that “Set the Standard” to the way people and organizations conduct their infrastructure. Without standards there would be no consistency among product developers, manufactures, cyber security, […]

Read More

ASK SSL Support Desk – How Many Wildcard SSL Certificates Do I Need If I have Multiple IP’s?

What is Ask SSL Support Desk? It is a summary of random questions that have one to the attention of Acmetek’s most awesome technical support reps. Answered and shared for the SSL Support Desk’s SSL Library which is designed to teach and educate the community. Question: One of my customers is looking to get some Wildcard SSL Certificates. They have one main domain and 30 to 40 sub domains across 3 different Internet Service Providers, and all the domains are tagged with all the ISP’s for redundancy. They are having Internet Service provision from BSNL, TATA and National Knowledge Network with respective individual IP Address. Please help me with what they should get. Can my customer buy one single Wildcard […]

Read More

FileZilla – SSL Installation Using Digicert Certificate Utility.

These SSL Installation instructions are based from using the Digicert Certificate Utility to generate the CSR keypair. For a recap of those instructions visit article FileZilla – CSR Generation Using Digicert Certificate Utility Readying your FileZilla SSL Certificate to be installed into your FileZilla system using the Digicert Certificate Utility: After you have enrolled for your SSL Certificate using a CSR generated from the utility you will then have to Import/Install the SSL Certificate after it gets issued back into the Digicert Utility. The CA should give you a pkxs7 format certificate also known as a .p7b. The way they give you this certificate will vary. If your CA gives supplies the pkcs7 format SSL Certificate in the body of […]

Read More

Palo Alto Networks – SSL Installation

Like the majority of server systems you will install your SSL certificate on the same server where your Certificate Signing Request (CSR) was created. Your private key will always be left on the server system where the CSR was originally created. Your SSL certificate will not work without this private key file. We will assume that this is the original system. With Palo Alto Networks you will need to complete the pending request that was left on the system from when you created your CSR. Your certificate authority should have given you an Apache format or Other x509 type of SSL Certificate and Intermediate CA. To install your SSL Certificate into Palo Alto perform the following. Step 1: Downloading your […]

Read More

Digicert Certificate Utility – SSL Installation & Export

The Digicert Certificate Utility is probably one of the best certificate encryption tool out on the net. A lot of people become scared with key-pair encryption but key-pairs/certificates are actually fundamental easy to figure out. You have a secret private key that rests on a system or application, and that system/application gives to another system/application the public key. From there they scrabble and authentication communication. That’s about it. The struggles with Encryption, and SSL certificates is associated with the systems/applications that use them. Different applications from different venders tend to want things their own way, in certain formats, extensions, files, etc.. Key features of the Digicert Certificate Utility that can help with the SSL Management  are.. SSL Certificate: Install certificates […]

Read More

ASK SSL Support Desk – Where can I get a Base64 encoded .cer format certificate?

What is Ask SSL Support Desk? It is a summary of random questions that have one to the attention of Acmetek’s most awesome technical support reps. Answered and shared for the SSL Support Desk’s SSL Library which is designed to teach and educate the community. Question: I need a Base64 encoded .cer format certificate to Import into my Websense proxy server. Where can I get that? Short Answer: That is just a regular x509 certificate with a .cer extension. In the world of Public Key Infrastructure (PKI) there are many different file formats. The following are the major ones. pkcs#7/P7B x509/PEM pkcs#12/PFX/P12 x509/PEM Format: The PEM format is the most common format that Certificate Authorities (CA) issue certificates in. PEM […]

Read More

Symantec/Digicert Actions Required – Google Reissue

You May Have to Reissue your SSL Certificate!! Since announcing the acquisition, Digicert has actively engaged with the security community to explore paths that address browser concerns about Symantec/Geotrust/Thawte/Rapidssl-issued certificates while balancing the SSL/TLS implementations currently deployed. Symantec-issued certificates impacted by browser timelines will need to be replaced to bring them under the new Digicert platform. These will be replaced at no cost to all certificates issued prior to December 1st 2017, and we’ll work to ensure a smooth process. Many customers have already received information on certificate replacement, and more information will be forthcoming for affected parties. Acmetek requests that all clients/users of the SSL Partner Center to perform these reissues as soon as possible to avoid warning messages […]

Read More

ASK SSL Support Desk – Can I get an SSL Certificate that have CA= True or KeyUsage= CertSign?

What is Ask SSL Support Desk? It is a summary of random questions that have one to the attention of Acmetek’s most awesome technical support reps. Answered and shared for the SSL Support Desk’s SSL Library which is designed to teach and educate the community. Question: Can I get an SSL Certificate that have CA= True or KeyUsage= CertSign? Short Answer: Not really.. and here is why. The boolean reference of CA = True is used by applications to denote whether the certificate public key belongs to a CA (Certificate Authority). Technically all SSL Certificates (end entity) that are issued from a CA have this true attribute as they are chained from Intermediate CA and Root CA. You will not […]

Read More

SSL Partner Center: How to Download Certificate & Intermediates?

To download your Certificate and any Intermediates you may need can be found in the Download Certificate tab under the certificates Order Details. Note: In conjunction with downloading your certificate from the SSL Partner Center your web server certificate will typically be within the body or attached to your Orders Issuance email. To get to the Download Certificate tab you will have to look up the details of your certificate order. You can do this by either of the following. On the main page under Recent Orders you can click on the magnifying icon to pull up the orders details. After performing a search of your order under Reports/Search click on the order number to your certificate. Downloading your Certificate: […]

Read More

SSL Partner Center: How to Reissue / Replace?

Sometimes you may need to Replace / Reissue your web server certificate due to a technical issue, a special circumstance, or you have an environment where you need to use multiple keypairs. A Replace / Reissue of your web server certificate will not void your previously issued certificate on the order nor extend its validity. If you need to revoke a certificate due to a key compromise then please submit a Revocation Request under Manage Order(s) > Revoke Certificate within your SSL Partner Center. Note: You will be required to Submit a CSR for this replacement. Instructions on CSR generation can be found here if necessary. CSR Generation Instructions (All Systems) Note: When generating your new CSR to perform this […]

Read More