Sun ONE 6.x

Important Note:

Effective 1 January 2011, we will no longer support any Certificate Signing Request [CSR] generated with a 1024 bit key. This is because NIST, PKIX, WebTrust and other respective security standards no longer consider the 1024 bit key size as secure. Read more >


Request a certificate

To request a certificate, perform the following steps:

1. For the Server Manager you must first select the server instance from the drop-down list.

    Click the Request a Certificate link.
    Select if this is a new certificate or a certificate renewal.

2. Perform the following steps to specify how you want to submit the request for the certificate:

    Digi-Sign usually expects to receive the request in an email message; therefore you need to enter the email address of your account manager in Digi-Sign or Digi-Sign Production Department.

    At the end of this process, you may also copy your request in a text format and apply for your certificate online through Digi-Sign website at: or through your Digi-CA™ Service Account, if you are using the Digi-Sign certificate management system. When prompt, paste your request into a Certificate Signing Request (CSR) box.

3. Select the cryptographic module for the key-pair file you want to use when requesting the certificate from the drop-down list.

4. Enter the password for your key-pair file.

    This is the password you specified when you created the trust database, unless you selected a cryptographic module other than the internal module. The server uses the password to get your private key and encrypt a message to Digi-Sign. The server then sends both your public key and the encrypted message to Digi-Sign. Digi-Sign uses the public key to decrypt your message.

5. Enter your identification information.

    Required Information

    You need to provide the following information:
    Common Name must be the fully qualified hostname used in DNS lookups (for example, This is the hostname in the URL that a browser uses to connect to your site. If these two names don't match, a client is notified that the certificate name doesn't match the site name, creating doubt about the authenticity of your certificate.

    Email Address is your business email address. This can be used for correspondence between you and Digi-Sign.

    Organization is the official, legal name of your company, educational institution, partnership, and so on. You need to verify this information with legal documents (such as a copy of a business license).

    Organizational Unit is an optional field that describes an organization within your company. This can also be used to note a less formal company name (without the Inc., Corp., and so on).

    Locality is a field that usually describes the city, principality, or country for the organization.

    State or Province is usually required, but can be optional.

    Country is a required, two-character abbreviation of your country name (in ISO format). The country code for the United States is U.S.

    All this information is combined as a series of attribute-value pairs called the distinguished name (DN), which uniquely identifies the subject of the certificate.

    Double-check your work to ensure accuracy. The more accurate the information, the faster your certificate is likely to be approved.

6. Click OK.

7. For the Server Manager, click Apply, and then Restart for changes to take effect.

    The server generates a certificate request that contains your information. The request has a digital signature created with your private key. Digi-Sign uses a digital signature to verify that the request wasn't tampered with during routing from your server machine to Digi-Sign. In the rare event that the request is tampered with, Digi-Sign will usually contact you by phone.

    If you chose to email the request, the server composes an email message containing the request and sends the message to Digi-Sign. Typically, the certificate is then returned to you via email.

    If for any reason your network security settings or a firewall configuration prevents your server from sending the certificate request via email, copy the entire request string, that should appear on the screen and send it manually to your account manager in Digi-Sign or to Digi-Sign Production Department from a PC, that has access to Internet mail.

    Once you receive the certificate from Digi-Sign, you can install it. In the meantime, you can still use your server without SSL.