map contacts back to home page
picture of tbs certificates
picture of tbs certificates
RatePoint Site Seal

Focus
VeriSign Trust Seal
Norton Secured Seal
As a VeriSign major partner, TBS internet is the first company in Europe to offer the VeriSign trust logo, the most recognized worldwide. An SSL certificate is no longer required as the seal is available after an organisation audit and comes with a malware detection system. More details...



Obtain a server certificate (X509 / SSL), create the certificate request: the CSR (Certificate Signing Request)

Preamble

If it seems too complicated, fill in the order form ant tick the 'guidance option' box (Access a request form).
We'll then go back to you to deliver a turnkey certificate.

Step 0 : Make sure your server handles SSL

Before requesting a certificate you'll have to check several points.
Fistly, make sure your server handles SSL or TLS.
If you do not host your own web site, you won't be able to request a certificate without your hosting company's help.
Note that some hosting companies provide management interface for this purpose (so contact your hosting company and make sure it offers SSL).

Step 1: Generate your certificate signing request file (CSR - PKCS #10)

You have to use one of this server function to create a certificate request (CSR, Certificate Signing Request). Search for the related section in your server manual. You'll find below some condensed instructions for the most common servers.
It is advised to generate a 2048-bit lenght minimum private key: The ANSSI (former DCSSI) made it mandatory to use 2048-bit keys from January 1, 2011. More information here.

During your certificate request you are going to create a private key. Once done, save a backup copy of this key and protect it seriously (ask your server softwer supplier how to do it). Should this key be compromised your certificate will have to be revoked. Should this key be lost you won't be able to use your certificate anymore.

During the CSR generation you'll be ask to fill-in several fields with various information. It is highly recommanded to have your administrative documentation within reach to fill-in the form properly. Any mistake might delay the issuance of your certificate!
Hosting companies: The certificate is always under the name of your customer, here we are then talking about your customer's documents.

  • CN: Common name / domain name / server name / FQDN:
    Indicate here your SSL server name, such as "secure.company.com", "www.my-domain.com" or "www.product.com". No IP address (learn more). No spaces nor blank characters.

    Even if we do not advise so, intranet addresses can be listed in the CSR (learn more)

    If you need to order a multiple-domain / SANs certificate, indicate the main address only when generating your CSR. This address will remain the same until the certificate expiration. Then enter the other addresses you want to secure in the order form. Those ones will be changeable through reissuances.

  • O: Organisation / Company Name:
    indicate the corporate name of your company (no trade name or acronym), in uppercase preferably.

  • ST: State:
    in France indicate the name of the department where your company headquarters are based (not the number).

  • L: Location / City:
    indicate the city where your company headquarters are based.

  • C: Country:
    indicate FR if your company is in France, BE for Belgium, etc, in uppercase preferably.

  • OU: Organisational unit / Department / Branch :
    If needed, indicate the department that manage the server.


Hosting companies and hosting platforms:


Common questions:


Other instructions for CSR generation

Anonymous [ settings | log in ]
Last edited on 03/26/2012 12:46:58 --- [search]