Technical Questions

1. What is the capability of Geotrust certificates?
2. How strong are Geotrust Certificates?
3. I've lost the keys, can I get the cert issued again?
4. What browsers are supported by Geotrust certificates?
5. How do I get 128 bit / full strength sessions?
6. Can I have multiple certs on the one IP?
7. I am using several Web servers in a load-balancing configuration. How many web server certificates do I need?
8. I need to change the IP address that my cert was issued for.
9. Can I secure an IP address instead of a domain?
10. How do I generate a CSR?
11. What is a "common name"?

1. What is the capability of Geotrust certificates?
   Geotrust web server certificates are 1024 bit capable and support 128 bit browsers. When you are generating your CSR please select 1024 bit length.
   
2. How strong are Geotrust Certificates?
   The strength of the public key in the certificate is defined by you when you generate the key pair for your Web server. If you generate a 1024-bit key pair and submit the associated CSR (Certificate Signing Request), then the certificate you receive contains the 1024-bit public key. If you generate a 512-bit key pair then the certificate contains the 512-bit public key.
   
3. I've lost the keys, can I get the cert issued again?
   It is essential you make a backup copy of your key pair and password and store them securely. This is a vital step as a precaution against overwriting, deleting, or corrupting the file. Securecerts.ie cannot recover your Digital ID without the private key and password. If you lose your key pair or password, you will have to generate a new key pair and purchase a new Secure Server ID.
   
4. What browsers are supported by Geotrust certificates?
   Geotrust certificates are compatible with Microsoft Internet Explorer® 5.01 and higher and Netscape/AOL web browsers version 4.51 and higher, comprising an estimated 98% or more of all web browsers in use today. All other commonly used browsers may connect securely with web servers using QuickSSL certificates. However, some older browsers may display a dialogue box indicating that the certificate is not trusted. This means that the certificated is not located in the browser certificate store and, in most cases, the user will be prompted to install it with a few clicks of their mouse.
   
5. How do I get 128 bit / full strength sessions?
   The strength of the SSL session is a function of the strength of your browser. If your browser only supports 40 bit encryption, then a 40 bit session is established - even if your web server supports 128 bit sessions. Browsers and servers usually negotiate the strongest mutually supported session.
   It is recommended that you update your browser to take advantage of 128 bit full strength sessions.
   
6. Can I have multiple certs on the one IP?
   No, Each certificate-enabled site must have its own unique IP address; the cert
   binds to the domain, but the SSL protocol requires a static IP. If you have two or more sites using the same IP address, then all SSL hits will default to the first SSL site.
   
7. I am using several Web servers in a load-balancing configuration. How many web server certificates do I need?
   You will need one web server certificate for each of your secure Web servers (including any virtual Web servers).
   
8. I need to change the IP address that my cert was issued for.
   You can change the IP as much/often as you want! The main thing is that the IP number is unique for the web site with the certificate; the IP can be real (routable) or internal (unroutable), but it must be unique.
   
9. Can I secure an IP address instead of a domain?
   Yes, it is possible to secure an IP address alone , using our TrueBusinessID certificates, and also with documentation (letterhead) from the net block owner that this organization has exclusive ownership of the IP address for the period of validity.
   
10. How do I generate a CSR?
    Note: If you have an ISP, they will generate this CSR file for you upon request
    Certificate Signing Request instructions are available for the web servers listed below
    • Apache + ApacheSSL
    • Apache + MODSSL
    • Apache + Raven
    • Apache +SSLeay
    • Apache 2
    • C2Net Stronghold
    • Cobalt RaQ3/RaQ4/XTR
    • Ensim
    • IBM HTTP
    • IBM Domino Go 4.6.2.6+
    • iPlanet Enterprise Server 4.1
    • Jakart-Tomcat
    • Lotus Domino 4.6
    • Lotus Domino 5.0.x
    • Microsoft IIS 4.0
    • Microsoft IIS 5.0
    • Netscape Enterprise 3.51
    • O'Reilly WebSite Professional 2.x
    • Plesk
    • Weblogic 5
    • WebSTAR 4
    • Zeus Web Server v3
    
    
11. What is a "common name"?
    Server Certificates are issued to a Common Name. In most cases this is the full DNS name that is used when navigating a website. Is the name which is common on all pages when you view the site in question. For example in the case of http://www.securecerts.ie/pricing.php and http://www.securecerts.ie/contact.html the common name is http://www.securecerts.ie.
    The common name in the URL needs to match exactly to the common name on the certificate.
    If you have a certificate issued to securecerts.ie and the URL you wish to secure is secure.securecerts.ie you will get an error - the name does not match the name on the certificate and in some case the browser will not connect at all and give Page cannot be displayed error.
    The moment the common name changes, eg: https://www.securecerts.ie to https://secure.securecerts.ie/ you then require another certificate.