Before you can order your SSL Certificates, you must first generate a CSR (Certificate Signing Request) on your server. A CSR is an encrypted body of text. Your CSR will contain encoded information specific to your company and domain name; this information is known as a Distinguished Name or DN.

In the DN for most servers are the following fields: Country, State, Suburb (or City), Organisation, Organizational Unit, and Common Name. Please note:

Once your CSR is created, you will be able to simply copy and paste it into the online order form.

The Secure Socket Layer (SSL) uses a third party, a Certificate Authority (CA), to identify one end or both end of the transactions. This is is how it works.

1.    A browser requests a secure page (usually https://).

2.    The web server sends its public key with its certificate.

3.    The browser checks that the SSL Digital Certificate was issued by a trusted party (usually a trusted root CA), that the SSL Digital Certificate is still valid and that the SSL Digital Certificate is related to the site contacted.

4.    The browser then uses the public key, to encrypt a random symmetric encryption key and sends it to the server with the encrypted URL required as well as other encrypted http data.

5.    The web server decrypts the symmetric encryption key using its private key and uses the symmetric key to decrypt the URL and http data.

6.    The web server sends back the requested html document and http data encrypted with the symmetric key.

7.    The browser decrypts the http data and html document using the symmetric key and displays the information

The encryption using a private key/public key pair ensures that the data can be encrypted by one key but can only be decrypted by the other key pair. This is sometime hard to understand, but believe me it works. The keys are similar in nature and can be used alternatively: what one key encrypts, the other key pair can decrypt.

The key pair is based on prime numbers and their length in terms of bits ensures the difficulty of being able to decrypt the message without the key pairs. The trick in a key pair is to keep one key secret (the private key) and to distribute the other key (the public key) to everybody.

Anybody can send you an encrypted message, that only you will be able to decrypt. You are the only one to have the other key pair, right? In the opposite , you can certify that a message is only coming from you, because you have encrypted it with you private key, and only the associated public key will decrypt it correctly. Beware, in this case the message is not secured you have only signed it.  Everybody has the public key, remember!

To revoke a SSL Digital Certificate certificate simply issue the command: openssl -revoke newcert.pem

The database is updated and the certificate is marked as revoked. You now need to generate the new revoked list of certificates:

openssl ca -gencrl -config /etc/openssl.cnf -out crl/sopac-ca.crl

This Certificate Revokation List (CRL) file should be made available on your web site.

Contact Web IP for assistance on SSL renewals on  (03) 9869 7128 or info@webip.com.au  We can coordinate SSL renewal, and provide you with better pricing the actual Certified Authority for the same certificate.

Dont renew a SSL again.  Web IP will manage your renewals, and will manage all of your invoicing and re-issues.

First you have to revoke the SSL Certificate the previous certificate and sign again the certificate request.

To find the old certificate, look in the index.txt file for the Distinguished Name (DN) corresponding to the request. Get the serial Number <xx>, and use the file cert/<xx>.pem as certificate for the revocation procedure.

You may want to sign the request manually because you have to ensure that the start date and end date of validity of the new certificate are correct.

openssl ca -config /etc/openssl.cnf -policy policy_anything -out newcert.pem \

-infiles newreq.pem -startdate [now] -enddate [previous enddate+365days]

replace [now] and [previous enddate+365days] by the correct values.