Help for VeriSign Low Assurance Certificate

Use this form to create the server's public-private key pair and to request a low assurance certificate from VeriSign, a widely known certification authority.

Create Keys and Request Certificate

With this form, you can create the server's public-private key pair and request a VeriSign low assurance certificate. The level of proof required for a low assurance certificate is less than for a VeriSign secure server certificate. You might want to use a low assurance certificate for a beta test of security or for some other non-commercial purpose.

To create the server's public-private key pair and request a certificate:

Specify in Create Key:
- Key name - a meaningful, unique name to identify the key pair. The key name is the label that identifies the key pair and certificate in the key ring. You may use non-alphanumeric characters in key names; however, keep in mind that some platforms have special uses for some of these characters.
- Key ring - the fully qualified path and file name for the key ring file. A key ring is a file where the server keeps one or more key pairs and certificates. If you specify a file that doesn't exist, the server creates the file for you.
- Size - choose the size of the key pair in bits after considering these factors:
  - The more bits you specify for the key pair, the more secure your communications.
  - The more bits you specify, the more processing time required for encryption and decryption.
  - With export versions of Internet Connection Secure Server, you can create a key pair up to 512 bits. With the U.S.-Canadian version, you can create a larger key pair; however, if you want clients outside the United States to encrypt messages to the server, U.S. export rules require that the key pair be no larger than 512 bits. If you want clients outside the United States only to verify your server's signature, the key pair can be larger than 512 bits.
- Key Ring Password - Specify the new Password twice. The password must be from the U.S. English character set. Use the following rules when specifying the password:
  - Make the password at least six characters.
  - Make sure the password doesn't spell a word.
  - Make sure the password doesn't consist of publicly obtainable information about you; for example, the initials and birth date for you, your spouse, or children.
  - Make sure there are at least two, nonconsecutive numbers in the password.
  Note that:
  - The password protects the key ring that contains the server's private key.
  - The server uses its private key, which is never transmitted, to sign messages and to decrypt messages encrypted with its public key.
  - The security of the server's private key depends upon this password. If you must record the password, make sure it is stored in a well-secured place.
- Automatic login- the key ring password must be specified when the server is started.
  Check Automatic login if you want the server to stash the password and specify it for you whenever the server is started.
  Stashing your password is less secure so it's generally a good practice not to stash it. However, there may be cases where you need to stash the password; for example, it you have a remote server and you want it to automatically restart after a power failure.
  If the server was installed as an NT service, you must stash the password. The password is stashed in a file with the same name as the key ring, except the extension is .sth. If the password is not stashed, the server will start, but you won't have any security.
Specify in Request Certificate:
- Distinguished Name - the Distinguished Name is a unique name that is associated with the certificate and public key. For this certificate, the Distinguished Name is the full name of the user for whom the certificate is being requested. You may use non-alphanumeric characters in Distinguished Name; however, keep in mind that some platforms have special uses for some of these characters. Specify:
  - User's full name - the user's full name. The name in this field must be unique. For example, if you request more than one certificate for Mary Ann Jones, you might specify Mary Ann Jones1 for the first request and Mary Ann Jones2 for the second request.
  - User's e-mail address - user's e-mail address should contain the user's address where you want VeriSign to mail the certificate.
- Mail To - a low assurance certificate request must be electronically mailed to VeriSign. Note: If you are behind a firewall, verify with your system administrator what you need to do to electronically mail this request.
- Save Copy - it's a good idea to save each certificate request in a unique file. For Save certificate request to file, specify the unique, fully qualified path and file name for the file where you want the certificate saved. As part of processing this form, the server creates the file you specify.
Click Apply to update your server with the changes you made to the form
or
Click Reset to return to the values that were on the form before you made the changes.