Introduction
IMPORTANT NOTE: Before obtaining a Certificate, you must generate a Private Key and CSR pair on the web server.
- A CSR (Certificate Signing Request) is the Public Key created on a server that verifies the specific details about the web server and the associated company.
- Digital IDs utilize Public Key Cryptography, which employs Public and Private Key files.
- The Public Key, or CSR, is the key sent to the SSL Provider.
The Private Key remains on the server and must never be shared publicly:
- The SSL Provider does not have access to the Private Key.
- It is generated locally on the client's server and is never transmitted to the SSL Provider.
- The security of the Digital ID relies on the Private Key being exclusively controlled by its owner.
You cannot generate a CSR without a Private Key, nor can you create a Private Key without a CSR. In some web server platforms, like Microsoft IIS, both are generated simultaneously through the server wizard.
To generate the Private Key and CSR pair, provide the following company information:
- Organization Name (e.g., My Company)
- Organizational Unit (e.g., My Department)
- Country Code (e.g., ZA)
- State or Province (e.g., Western Province)
- Locality (e.g., Cape Town)
- Common Name (e.g., www.domain.com)
IMPORTANT NOTE: The term "common name" in X.509 refers to the name that best represents the Certificate and associates it with the company. For SSL Web Server Certificates, enter the exact host and domain name to secure, which may include the root server or intranet name.
Example: To secure www.my-domain-name.co.za, enter the exact host (www) and domain name.
Certificate Renewals
To renew an SSL Certificate, generate a new Key/CSR pair on the server. Back up the Key, and submit the new CSR through the renewal process.
For SSL Certificates requested for any server software platforms, you do not need to submit a new CSR for renewal. The previous CSR will be used, meaning the renewal Certificate will only work with the original Private Key file that was submitted to the SSL Provider when creating the CSR.