Before you can order an SSL Certificate, you must first generate a CSR (Certificate Signing Request) for your server.

A CSR is an encoded file that provides you with a standardized way to send us your public key along with some information that identifies your company and domain name. When you generate a CSR, most server software asks for the following information: common name (i.e. www.example.com), organization name and location (country, state, city), key type (currently RSA), and key size (currently 2048 bit minimum).

• Apache (OpenSSL)
• Apache (Tomcat)
• Windows Server 2003 (IIS 6)
• Windows Server 2008 (IIS 7)
• Windows Server 2012 (IIS 8)
• Exchange Server
• IBM HTTP Web Server
• Weblogic

After you create your CSR, purchase your certificate, and the SSL Certificate validation and processing are complete, you are ready to install your SSL Certificate(s).

Your certificate will be provided via email or will be available to download in your Entrust account. The SSL Certificate is a text file with encrypted data that your server will use once the certificate is installed.

In addition to your SSL Certificate, you will need to download two more certificates. These are known as intermediate certificates and are required by browsers so that they know to trust your SSL Certificate. The intermediate certificates link to Entrust's root certificate. Registered Certificate Authorities like Entrust must provide a known root certificate before their SSL Certificate will be trusted by SSL-enabled applications. Note that for some servers (such as Microsoft) the intermediate certificates are bundled with the SSL Certificate. Please refer to the guide to install chain certificate.

• Apache (OpenSSL)
• Apache (Tomcat)
• Windows Server 2003 (IIS 6)
• Windows Server 2008 (IIS 7)
• Windows Server 2012 (IIS 8)
• Exchange Server
• IBM HTTP Web Server
• Weblogic

Digital Certificate are electronic files that are used to identify people and resources over networks such as the Internet. Digital certificates also enable secure, confidential communication between two parties using encryption.

To simplify, digital certificates provide similar identification in the electronic world, also known as an electronic "passport" that allows a person, computer or organization to exchange information securely over the Internet using the public key infrastructure (PKI).

Digital certificates are based on public-key cryptography, which uses a pair of keys for encryption and decryption. With public-key cryptography, keys work in pairs of matched “public” and “private” keys. In cryptographic systems, the term key refers to a numerical value used by an algorithm to alter information, making that information secure and visible only to individuals who have the corresponding key to recover the information.

The public key can be freely distributed without compromising the private key, which must be kept secret by its owner. Since these keys only work as a pair, an operation (i.e. encryption) done with the public key can only be undone or decrypted with the corresponding private key, and vice versa.

A digital certificate can securely bind your identity, as verified by a trusted third party, with your public key.

Certificates are issued by a Certification Authority (CA) - i.e. Pos Digicert is a CA in Malaysia. The role of the CA is to validate the certificate holder’s identity and to “sign” the certificate so that it cannot be tampered with. Once a CA has signed a certificate, the holder can present their certificate to people, Web sites and network resources to prove their identity and establish encrypted, confidential communications.

source: Entrust, Inc. (May 2007). Understanding Digital Certificates & Secure Sockets Layer: A Fundamental Requirement for Internet Transactions, pp.4