Step Two: Configuring an SSL Certificate
- CSR Generation
- Site Seal Installation
'Configuration' consists of gathering and submitting the specific information so that your order and domain ownership can be validated. Proving you are who you say you are, and that you control/own the domain and website you're going to attach the SSL certificate to, is part of what makes SSL certificates secure and trustworthy.
- The CSR Key obtains in Step One
- Requester information (Your individual and/or organization information)
- Email address that your SSL Certificate should be sent to once generated
The steps below should be followed only once a CSR Key has been obtained (as was covered in Step One).
- Once logged into your account at www.webnames.ca, browse to: My Account > Manage >SSL Certificates
- Click on the Not Configured section on the left, and then on the domain name of the certificate
Enter Certificate background info
Quite a bit of information is required in order to configure an SSL certificate. You'll be providing information about the
Paste in the aforementioned CSR key from Step One in its entirety and click the Decode button. The information used to create the CSR Key in Step One should successfully be decoded and displayed below. This information should be reviewed for accuracy, in particular the domain name which is displayed. If any information is incorrect, go back to Step One and repeat the steps to generate an updated CSR Key.
Certificate validation is the process of proving you control the domain (and website) that the SSL certificate will be attached to. This is a security measure to ensure that SSL certificates are only issued to the legitimate owner of a website.
Validation can be performed either by email or DNS record. Either method can be used, and your choice is based on preference, convenience and feasibility.
Verification via Email or DNS
Verification of control of your domain name can be performed either by:
- Responding to a verification email which is sent to a predetermined email address, or
- Inserting predetermined DNS records into the DNS zone for the domain.
Verification via Email
Pros: Conceptually, this verification method is easier to understand than DNS, and therefore often more convenient
Cons: The list of possible verification email addresses is fixed. If none of the selectable email addresses exist, and you cannot create one of them temporarily, then email verification cannot be used.
Verification Overview: A verification email will be sent to a specified email address @yourdomain.com . If you can receive and respond to this email, it demonstrates that your have control over the domain and related email services - i.e. you are the owner of the domain.
Process: Specify the Verification email address that the Verification Email and eventual SSL Certificate will be sent to once generated. Only one of several generic predetermined alternatives can be used.
The generic, predetermined addresses are:
Once all the configuration information on this page is submitted, watch the selected email inbox for a verification from the Certificate Authority (GeoTrust, RapidSSL, Digicert, etc). Within the email will be a link to click on. Click the link to visit the verification webpage for your SSL Certificate and complete the steps presented on-screen.
Verification via DNS
Domain validation via DNS Record requires a one-time DNS record to be applied to the domain name by the domain owner. The Certificate Authority (CA - GeoTrust, Sectigo etc) will then check for the existence of this record. Once found, ownership (or control of) the domain name will be validated and the certificate can then be issued.
Pros: If Webnames also hosts your DNS records, we can create and add the necessary records for you automatically.
Cons: If you don't have easy access to your domain's DNS (which is most often located within your website hosting account), then DNS verification can prove difficult.
Verification Overview: DNS is a behind-the-scenes component of domain names that is used to connect a domain name to services like web hosting and email. Typically only the domain owner has access to the DNS of a domain, and so by adding a specified record to the DNS of a domain, you can demonstrate that you are the owner of a domain.
Process: When selecting DNS as a Domain Validation method, you will need to add specific DNS records to your DNS Zone. This task is done via your DNS provider, which is often also your web hosting provider.
Applying the DNS Record to your domain
- If you have Webnames DNS Hosting, Webnames can automatically apply the required DNS Record to your domain name. If applying the record can be done automatiallyc, then a corresponding message stating so will appear after submitting the configuration data on this page
- In other cases, Webnames cannot automatically apply the required DNS Record to your domain name. A corresponding message will appear after submitting the configuration dataon this page which will contain the specific DNS record which needs to be manually inserted into the DNS zone of your domain.
Once all the configuration information on this page is submitted, the specific DNS record that needs to be added will be displayed on-screen along with further instructions. The issuing Certificate Authority (GeoTrust, RapidSSL, Digicert, etc) will automatically look for the presence of the required DNS record. Typically lookups happen at an interval of diminished frequency, for example once every 5 minutes, then once every 15 minutes, then 30, 60 etc.
Admin Contact Information
Accuracy and completeness of the Contact information in the next three sections is important. While basic certificates only validate that you have control of the associated domain name (known as Domain Validated, or DV Certificates) higher-security certificates that employ processes such as Organizational Validation (OV) and Extended Validation (EV) will result in the information you submit being verified by actual humans against available government records.
On the page, specify the Administrative Contact information for the Certificate. This is typically the same individual as the Admin Contact for the domain name.
Include Technical Contact Information, if different than that of the Administrative Contact defined above.
Include Organization Information (this section only appears for Organization Validated certificates)
Note: It is best practice that the contact information you provide for the SSL certificate match the contact information for the domain name.
Additionally, the WHOIS information for the domain must be publicly viewable so that the contact information you submit via this step can be verified via a WHOIS lookup by the Certificate Vendor (GeoTrust, Digicert, Symantec etc.).
In the case of Organizationally Validated SSL Certificates, domain privacy services typically need to be disabled so that it can be shown that the domain name, certificate and business / organization are all the same party.
Click Continue to Proceed to the next page.
Once the above information has been submitted, approval and validation steps will commence.
|Note: If the SSL Certificate will be for a Major Corporation, a well-known Trademark, or any Financial Institution, the Admin Contact must be an employee of the company. Additional verification will also be performed in this case via telephone.|