Status

SSL certificate

Modified on Thu, 29 Dec, 2022 at 3:53 PM

General information

An SSL certificate is used, among other things, to secure the connection between the user and the server by encrypting the communication. The most recognizable form of using SSL is the HTTPS part of a website address. The 'S' indicates, in this case, that the connection is secure.

A certificate cannot be installed just like that. The customer needs to be the owner of the domain name. As the owner (or delegate) you can then request an SSL-certificate from a Certificate Authority (e.g. Comodo). The generic process is as follows:

  1. You create a certificate request on a (web) server. This is done on the basis of a private key of the server on which you create the request.
  2. Then, with the certificate request, you create a request to the Certificate Authority.
  3. When the request is granted (often after a check), the CA will issue a certificate.
  4. With this certificate, you can complete the certificate request (e.g. on your web server) and make your site available with HTTPS.

Types of certificate

A CA will issue 3 types of certificates:

  1. Extended validation (EV SSL)
    The CA checks if the requester is the owner of a domain, but also does a fairly intensive screening of the requesting organization.
    This type of certificate can be recognized by the green bar in the browser. 
  2. Organization validation (OV SSL)
    The CA checks if the requester is the owner of a domain, but also screens a number of items concerning the requesting organization.
  3. Domain validaton (DV SSL)
    The CA checks whether the requester is the owner of a domain, but does not perform any further screening of the organization.

The encryption levels for the certificates are the same. The difference is in the extent to which the CA checks whether you are the legitimate owner of the domain.

It is up to the customer to decide which level of screening they want applied to their certificate. The Courseware Company itself uses OV SSL for its domains.

We do not allow self signed certificates, since they have not been issues by a CA and should in fact only be used for testing purposes. The users of a site with a self signed certificate may also experience inconveniences as not all browsers will support this by default.

Requests for customer domain SSL-certificates

Two options

Note: this does NOT apply for a customer domain name that is hosted by TCC (e.g. containing ekphost.com, ekphost.nl, tthost.nl or lmshost.nl).

When requesting a customer domain (e.g. learning.customerxyz.nl) two scenarios may apply:

  1. The customer takes care of the entire request process and provides the SSL certificate. 
    1. In that case, they can provide us with only the required documents.
    2. We will provide the documents to Proserve to install for the respective learning environment(s).
  2. We play a role in the process, by creating the certificate request for the customer.

Both scenarios are clarified below.

Customer takes care of process

In this case, the customer will go through the entire request or renewal process by themselves. Ultimately, the customer will have received a certificate, which they have to make available to us in order to have it installed for their learning environment that we host.

In order to have the certificate installed, we will need a full set of documents. This entails:

  • The certificate
  • The private key and
  • The accompanying CA-bundle.
Especially the private key is often not provided straight away. However, it is crucial in order to have the certificate installed.

Due to its sensitivity, the private key should be sent encrypted. It is best to then send us the password separately from the key.

TCC creates the certificate request

In this case, we create the certificate request. The advantage of this method is that we will already have the private key and therefore as soon as the customer receives the certificate, all they have to do is forward it on to us. It does mean more effort from our end.

In order to create the certificate request, we need the following information concerning the customer:

  1. Common name (e.g. learning.customerxyz.nl)
  2. Organization (e.g.. CustomerXYZ BV)
  3. Organization unit (e.g. HR)
  4. City/locality (e.g. Utrecht)
  5. State/province (e.g. Utrecht)
  6. Country/region (e.g. NL)

We will send the resulting request to the customer, who can then request the certificate on the basis of the request.

They can then provide us with the CA issued certificate, upon which we will complete the process and make the new certificate available behind the customer's website with the help of Proserve.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article