Oracle iPlanet Web Proxy Server 4.0.14 Administration Guide

Requesting Other Server Certificates

ProcedureTo Request Other Server Certificates

  1. Access either the Administration Server or the Server Manager and click the Security tab.

  2. Click the Request Certificate link.

  3. Specify whether this is a new certificate or a certificate renewal.

    Many certificates expire after a set period of time, such as six months or a year. Some CAs will automatically send you a renewal.

  4. Specify how you want to submit the request for the certificate:

    • To submit the request using email, select CA Email Address and enter the appropriate email address for such requests.

      • To submit the request using the CA’s web site, select CA URL and type the appropriate URL for such requests.

  5. From the Cryptographic Module drop-down list, select the cryptographic module to be used for the key-pair file when requesting the certificate.

  6. Type the password for your key-pair file.

    This password is specified when you created the trust database, unless a cryptographic module other than Internal is selected. The server uses the password to obtain your private key and encrypt a message to the CA. The server then sends both your public key and the encrypted message to the CA. The CA uses the public key to decrypt your message.

  7. Provide your identification information, such as name and phone number.

    The format of this information varies by CA. Most of this information is usually not required for certificate renewals.

  8. Double-check your work to ensure accuracy, and then click OK.

    The more accurate the information, the faster your certificate is likely to be approved. If your request is going to a certificate server, you will be prompted to verify the form information before the request is submitted.

    The server generates a certificate request that contains your information. The request has a digital signature created with your private key. The CA uses a digital signature to verify that the request was not tampered with during routing from your server computer to the CA. In the rare event that the request is tampered with, the CA usually contacts you by phone.

    If you chose to email the request, the server sends an email message containing the request to the CA. Typically, the certificate is then emailed to you. If you specified a URL to a certificate server, your server uses the URL to submit the request to the certificate server. You might get an email response or a response by some other means, depending on the CA.

    The CA notifies you if it agrees to issue you a certificate. In most cases, the CA sends your certificate using e-mail. If your organization is using a certificate server, you may be able to search for the certificate using the certificate server’s forms.


    Note –

    Not everyone who requests a certificate from a commercial CA is given one. Many CAs require you to prove your identity before issuing a certificate. Also, approval often can take anywhere from one day to several weeks. You are responsible for promptly providing all necessary information to the CA.


    Install the certificate once you receive it. In the meantime, you can still use your Proxy Server without SSL.