Once you have paid for your Digital Certificate Order, your order becomes Active within the system. However, you need to complete the Certificate Enrolment Process, before the certificate can be issued to you.
IMPORTANT
You need to successfully Enrol your Digital Certificate within 5 days, since the date this Order became Active. In the event that you do not complete your Enrolment process within this period your Digital Certificate Order will get automatically Cancelled and you would receive a refund.
Follow the instructions mentioned below to get your digital certificate issued:
Step 1. Generate a Private Key and Certificate Signature Request (CSR) from your web server
Before you can begin the process of obtaining a Certificate, you must generate a minimum of 2048-bit Private Key and CSR pair, off your web server.
A CSR is basically a Public Key that you generate on your server that validates the computer-specific information about your web server and Organization when you request a Certificate from SSL vendor.
Digital ID’s make use of a technology called Public Key Cryptography, which uses Public and Private Key files.
The Public Key, also known as a Certificate Signature Request (CSR), is the key that will be sent to SSL vendor. The CSR that you generate must be signed by at least a 1024-bit Private Key (SSL vendor will not accept a lower encryption level CSR than 1024-bit).
The Private Key will remain on the server and should never be released into the public. SSL vendor does not have access to your Private Key. It is generated locally on your server and is never transmitted to SSL vendor. The integrity of your Digital ID depends on your private key being controlled exclusively by you.
A CSR cannot be generated without generating a Private Key file nor can the Private Key file be generated without generating a CSR file. In certain web server software platforms like Microsoft IIS, both are generated simultaneously through the Wizard on the web server.
Typically, you will be prompted to enter the following information about your Organization in order to generate the Private Key and CSR (Public Key) pair off the web server:
Organization Name
Organizational unit – This maybe either a Sole Proprietorship, Trading As, University Department, University Administration, Government Department, Doing Business As, University Faculty, Public (Listed) Company, Private (Unlisted) Company, Registered Non-Profit Organization, Non-Government Organization, Interest Group, Registered Charity.
- Country Code
- State or Province
- Locality
Common Name – This is the name that distinguishes the Certificate best and ties it to your Organization. Here you need to enter your exact host and domain name that you wish to secure. This may also be the root server or intranet name for your Organization.
For example,
a. if you wish to secure www.yourdomain.com, then you need to enter www.yourdomain.com as the Common Name. If you just enter yourdomain.com as the Common Name (without the host www), then the Certificate will only get issued to yourdomain.com. Similarly, if you need to secure pay.yourdomain.com, then you need to mention the Common Name as pay.yourdomain.com.
b. if you are buying a Wildcard Server Certificate for securing all sub-domains of your domain name yourdomain.com, then you need to enter the Common Name as *.yourdomain.com; otherwise you will get an error while submitting your CSR.
You need to get in touch with your Web Hosting provider and request them to generate a CSR for your business after supplying them the abovementioned information.
Step 2. Validate your Certificate Signature Request (CSR) at SSL vendor
Prior to enrolling for a Digital Certificate, it is recommended that you confirm that nothing is amiss with the CSR that you have generated.
Step 3. Submit your Organization Details, Contact Details and Certificate Details to SSL vendor
Before a Digital Certificate can be issued to you, we need to send a request to SSL vendor with some information about yourself and your business. Follow the process mentioned below to request your Digital Certificate:
1. Login to your Control Panel and search for the domain name for which you have ordered a Digital Certificate. Click here to find instructions to do so >>
2. Upon clicking on the order, you need to click on the Enrol Certificate button.
3. Mention the following details and click on the Enrol button
A. Organization Details
Organization Type – Select if your business is a Sole Proprietorship, Trading As, University Department, University Administration, Government Department, Doing Business As, University Faculty, Public (Listed) Company, Private (Unlisted) Company, Registered Non-Profit Organization, Non-Government Organization, Interest Group or Registered Charity.
IMPORTANT
In case you are ordering a SSL certificate, then you will be also prompted to select your Authorizing Contact. This indicates to SSL vendor whether they should contact you on your Corporate Contact details or your Technical Contact Details, to authenticate your domain name before issuing the Digital Certificate.
B. Contact Details
Corporate Contact Details – Provide your complete contact details while giving special emphasis to the email address that you mention herein. You need to either
i. matches the email address inserted, to one of the contacts specified in your Domain Name’s Whois details. Please ensure that this information is not kept hidden for anonymity purposes.
OR
ii. match a pre-determined email with the domain name for which you are requesting the certificate. You need to either select – admin, administrator, host master, info, SSLadmin, SSLadministrator, SSLwebmaster, sysadmin, webmaster from the drop-down list.
IMPORTANT
If you have selected to match the email address inserted, to one of the contacts specified in your Domain Name’s Whois details, then you have to ensure that the email address mentioned herein, matches either the Registrant Contact Email Address or the Administrative Contact Email Address.
If Privacy Protection is enabled for the Domain Name, it needs to be disabled before submitting the Contact details to SSL vendor.
Privacy Protection may be enabled again once the Certificate has been issued. Click here to read how to enable/disable Privacy Protection >>
Until SSL vendor verifies that both email addresses match, you would not be issued your Digital Certificate.
Technical Contact Details – You may either choose to mention the same details as the one provided as the Corporate Contact by selecting the available check box or mention separate information.
SSL vendor will contact either your Corporate Contact or your Technical Contact depending upon the settings you have selected above.
C. Certificate Details
Software Type – Select the Web Server software on which your website/domain name is hosted.
Certificate Maintenance Password – You may mention a password here that will be used to maintain your certificate with SSL vendor.
Certificate Signature Request – This is the CSR (Public Key) you have generated for the purpose of obtaining a Digital Certificate from SSL vendor.
Step 4. Complete the SSL vendor Authentication formalities
After you have enrolled for a Digital Certificate, SSL vendor would contact your Corporate / Technical Contact and request you to provide them with some documentation:
Proof of Organizational Name
Proof of Right to Use Domain Name
Proof of Organizational Telephone Number
Click here to know the documentation needed by SSL vendor before issuing you your Digital Certificate >>
IMPORTANT
The above-mentioned process is to be followed in case you have ordered a SGC SuperCert, Web Server Certificate or a Wildcard Server Certificate.
In case you have ordered a SSL Certificate, SSL vendor would try to automatically complete the authentication process. However, if they encounter any discrepancy, they may contact you to authenticate your request.
If you do not complete your verification process soon, SSL vendor may reject your Digital Certificate request and may send you an email informing you that your Digital Certificate has been “Bogused / Rejected.”
However, should you subsequently complete the authentication formalities within 90 days of the Enrollment Date, SSL vendor would issue you your Digital Certificate.
Once you have completed all these formalities, SSL vendor will issue the certificate and email you a confirmation.
Step 5. Check the Status of your Digital Certificate and retrieve your Digital Certificate
Once you have completed the enrollment process, SSL vendor would begin verifying the data you have submitted to them and once satisfied, issue you your Digital Certificate. You can continue checking the status of your Digital Certificate request from your Control Panel and retrieve the same from your Control Panel itself.