Step Two: Configuring an SSL Certificate

1. CSR Generation
2. Configuration
3. Validation
4. Issuance
5. Installation
6. Site Seal Installation

'Configuration' consists of gathering and submitting the specific information so that your order and domain ownership can be validated. Proving you are who you say you are, and that you control/own the domain and website you're going to attach the SSL Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide communication security over the Internet.[1] TLS and SSL encrypt the segments of network connections at the Application Layer for the Transport Layer, using asymmetric cryptography for key exchange, symmetric encryption for confidentiality, and message authentication codes for message integrity. certificate to, is part of what makes SSL certificates secure and trustworthy.

• The CSR Key obtains in Step One
• Requester information (Your individual and/or organization information)
• Email address that your SSL Certificate SSL Certificates are created for a particular server and domain, and are issued by trusted, third-party Certificate Authority (CA) - comparable to your passport. As the Certification Authority, the SSL Certificate vendor authenticates the identity of the purchaser and verifies the business that owns the domain. should be sent to once generated

The steps below should be followed only once a CSR Key has been obtained (as was covered in Step One).

Process Overview

1. Once logged into your account at www.webnames.ca, browse to: My Account > Manage >SSL Certificates
2. Click on the Not Configured section on the left, and then on the domain name of the certificate

Enter Certificate background info

Quite a bit of information is required in order to configure an SSL certificate. You'll be providing information about the

CSR

Paste in the aforementioned CSR key from Step One in its entirety and click the Decode button. The information used to create the CSR Key in Step One should successfully be decoded and displayed below. This information should be reviewed for accuracy, in particular the domain name which is displayed. If any information is incorrect, go back to Step One and repeat the steps to generate an updated CSR Key.

Domain Validation

Certificate validation is the process of proving you control the domain (and website) that the SSL certificate will be attached to. This is a security measure to ensure that SSL certificates are only issued to the legitimate owner of a website.

Validation can be performed either by email or DNS The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. A Domain Name Service resolves queries for these names into IP addresses for the purpose of locating computer services and devices worldwide. By providing a worldwide, distributed keyword-based redirection service, the Domain Name System is an essential component of the functionality of the Internet. record. Either method can be used, and your choice is based on preference, convenience and feasibility.

Verification via Email or DNS

Verification of control of your domain name can be performed either by:

1. Responding to a verification email which is sent to a predetermined email address, or
2. Inserting predetermined DNS records into the DNS zone for the domain.

Verification via Email

Pros: Conceptually, this verification method is easier to understand than DNS, and therefore often more convenient

Cons: The list of possible verification email addresses is fixed. If none of the selectable email addresses exist, and you cannot create one of them temporarily, then email verification cannot be used.

Verification Overview: A verification email will be sent to a specified email address @yourdomain.com . If you can receive and respond to this email, it demonstrates that your have control over the domain and related email services - i.e. you are the owner of the domain.

Process: Specify the Verification email address that the Verification Email and eventual SSL Certificate will be sent to once generated. Only one of several generic predetermined alternatives can be used.

The generic, predetermined addresses are:

• admin@yourdomain.com
• administrator@yourdomain.com
• webmaster@yourdomain.com
• hostmaster@yourdomain.com
• postmaster@yourdomain.com

Once all the configuration information on this page is submitted, watch the selected email inbox for a verification from the Certificate Authority (GeoTrust, RapidSSL, Digicert, etc). Within the email will be a link to click on. Click the link to visit the verification webpage for your SSL Certificate and complete the steps presented on-screen.

Verification via DNS

Domain validation via DNS Record requires a one-time DNS record to be applied to the domain name by the domain owner. The Certificate Authority (CA - GeoTrust, Sectigo etc) will then check for the existence of this record. Once found, ownership (or control of) the domain name will be validated and the certificate can then be issued.

Pros: If Webnames also hosts your DNS records, we can create and add the necessary records for you automatically.

Cons: If you don't have easy access to your domain's DNS (which is most often located within your website hosting account), then DNS verification can prove difficult.

Verification Overview: DNS is a behind-the-scenes component of domain names that is used to connect a domain name to services like web hosting and email. Typically only the domain owner has access to the DNS of a domain, and so by adding a specified record to the DNS of a domain, you can demonstrate that you are the owner of a domain.

Process: When selecting DNS as a Domain Validation method, you will need to add specific DNS records to your DNS Zone. This task is done via your DNS provider, which is often also your web hosting provider.

Applying the DNS Record to your domain

• If you have Webnames DNS Hosting, Webnames can automatically apply the required DNS Record to your domain name. If applying the record can be done automatiallyc, then a corresponding message stating so will appear after submitting the configuration data on this page
• In other cases, Webnames cannot automatically apply the required DNS Record to your domain name. A corresponding message will appear after submitting the configuration dataon this page which will contain the specific DNS record which needs to be manually inserted into the DNS zone of your domain.

Once all the configuration information on this page is submitted, the specific DNS record that needs to be added will be displayed on-screen along with further instructions. The issuing Certificate Authority (GeoTrust, RapidSSL, Digicert, etc) will automatically look for the presence of the required DNS record. Typically lookups happen at an interval of diminished frequency, for example once every 5 minutes, then once every 15 minutes, then 30, 60 etc.

Admin Contact Information

Accuracy and completeness of the Contact information in the next three sections is important. While basic certificates only validate that you have control of the associated domain name (known as Domain Validated, or DV Certificates) higher-security certificates that employ processes such as Organizational Validation (OV) and Extended Validation EV SSL Certificates provide all the benefits of the Advantage SSL Certificates while also includeing prominent new trust indicators like a green address bar. (EV) will result in the information you submit being verified by actual humans against available government records.

See also: Domain Validated Certificates

See also: Business Validated Certificates

See also: Extended Validation Certificates

On the page, specify the Administrative Contact The person identified in the Registration Information as the Administrative Contact for the Registrant’s Domain Name Registration(s). This individual is typically identified within a domain's published WHOIS information information for the Certificate. This is typically the same individual as the Admin Contact for the domain name.

Include Technical Contact Information, if different than that of the Administrative Contact defined above.

Include Organization Information (this section only appears for Organization Validated certificates)

Note: It is best practice that the contact information you provide for the SSL certificate match the contact information for the domain name. This information can be obtained via your Webnames account, if applicable or via WHOIS lookup. Additionally, the WHOIS WHOIS (pronounced as the phrase who is) is a query and response protocol that is widely used for querying databases that store the registered users of domain names, information for the domain must be publicly viewable so that the contact information you submit via this step can be verified via a WHOIS WHOIS (pronounced as the phrase who is) is a query and response protocol that is widely used for querying databases that store the registered users of domain names, lookup by the Certificate Vendor (GeoTrust, Digicert, Symantec etc.). In the case of Organizationally Validated SSL Certificates, domain privacy services typically need to be disabled so that it can be shown that the domain name, certificate and business / organization are all the same party. See also: Enabling Disabling or Canceling Webnames Privacy

Click Continue to Proceed to the next page.

Once the above information has been submitted, approval and validation steps will commence.

Note: If the SSL Certificate will be for a Major Corporation, a well-known Trademark, or any Financial Institution, the Admin Contact must be an employee of the company. Additional verification will also be performed in this case via telephone.

See also: Approval and Validation

Please click your SSL Certificate type below for more information on Validation steps

Domain Validated Certificates	Organization Validated Certificates	Extended Validation Certificates
GeoTrust QuickSSL	DigiCert OV Multi-Domain SSL Certificate	DigiCert EV SSL Certificate
GeoTrust Quick SSL Premium DV SSL Certificate	Digicert Secure Site Pro OV SSL Certificate	DigiCert EV Multi-Domain SSL Certificate
GeoTrust Quick SSL Premium DV Multi-Domain SSL Certificate	Digicert Standard OV SSL Certificate	Thawte EV Multi-Domain SSL Certificate
GeoTrust SAN SSL Certificate	Digicert OV Wildcard SSL Certificate	GeoTrust True Business ID EV SSL Certificate
Rapid SSL DV SSL Certificate	GeoTrust True Business ID OV SSL Certificate	GeoTrust True Business ID EV Multi-Domain SSL Certificate
Rapid SSL DV Wildcard SSL Certificate	GeoTrust True Business ID OV Wildcard SSL Certificate	Sectigo EV SSL Certificate
Sectigo PositiveSSL DV SSL Certificate	GeoTrust True Business ID OV Multi-Domain SSL Certificate
Sectigo DV SSL Certificate	Thawte OV Multi-Domain SSL Certificate
Sectigo DV Wildcard SSL Certificate	Thawte Web Server OV SSL Certificate
Sectigo PositiveSSL DV Wildcard SSL Certificate	Sectigo InstantSSL OV SSL Certificate
Thawte DV Multi-Domain SSL Certificate	Sectigo OV Multi-Domain SSL Certificate
Thawte DV Wildcard SSL Certificate	Sectigo InstantSSL Premium OV Wildcard SSL Certificate

See Also: SSL Certificate Guide