- /
- /
- /
AffirmTrust Certificate Set Up FAQ
Article Number: 000071013
Where can I find and download the intermediate certificates I need?
Which web servers are compatible with AffirmTrust certificates?
Do I need to install the AffirmTrust root certificate in my server?
Do I require the AffirmTrust chain certificate?
How many AffirmTrust certificates are required in a load-balancing environment?
How many servers can I secure with one SSL certificate?
Can I secure my top-level domain with and without the "www." sub-domain?
Where can I find and download the intermediate certificates I need?
The intermediate certificates you need are available at two places.
You can find and download the intermediate certificates on the same page in the Customer Portal where you downloaded your server certificate:
Intermediate Certificated
At the bottom of the screen are download links for the intermediate certificates you need, including two bundles:
ALL-CERTIFICATES.ZIP and
CERTIFICATE AUTHORITY BUNDLE.
The ALL-CERTIFICATES.ZIP file includes the following certificates (your server certificate and two CA certificates):
- Affirmtrust_Commercial.crt
- One of AffirmTrust Certificate Authority – OV1.crt
- or
- AffirmTrust Extended Validation CA – EV1.crt
- your.server.name.crt
The CERTIFICATE AUTHORITY BUNDLE contains two CA certificates in a single .crt file. It is designed to be used for Apache openssl servers. You can download this file and use it directly in the Apache openssl server configuration line SSLCertificateChainFile:
- Affirmtrust_Commercial.crt
- One of AffirmTrust Certificate Authority – OV1.crt or AffirmTrust Extended Validation CA – EV1.crt
Note: Make a backup copy of your SSL certificates and keep them in another location.
Which web servers are compatible with AffirmTrust certificates?
AffirmTrust certificates can be issued for any server that is compatible with the x.509 v3 standard and is able to make a certificate request in PKCS#10 format. This includes most recent servers, including:
- Microsoft Internet Information Server (IIS) v3 or higher
- Microsoft Communications Server
- Apache
- Nginx
- Netscape Enterprise Server v3 or higher
- Netscape Commerce Server v1 or higher
- Netscape FastTrack Server
- Stronghold Server
- Internet Application Server 1.0
- Netscape iPlanet Web Server 4.1
- For Apache and Nginx Servers, Open SSL is needed.
Do I need to install the AffirmTrust root certificate in my server?
Normally, when you install an SSL certificate, you also need to install the intermediate CA certificates but not the root certificate. Unless your server vendor specifically requires you to install the root certificate, you should not install it on your web server.
You can download all of the required certificates from the AffirmTrust console. Click the Common Name of the certificate. On the Details page, click Download.
Do I require the AffirmTrust chain certificate?
Yes.
How many AffirmTrust certificates are required in a load-balancing environment?
You need one AffirmTrust certificate for each of your secure web servers (including any virtual web servers). With a certificate account, there are no additional costs to support this.
How many servers can I secure with one SSL certificate?
AffirmTrust certificates are provided with licensing for an unlimited number of servers included in the standard price. This allows you to easily secure your primary server, a secondary or backup server, and a load balancer.
To move your certificate between servers, you need to install the certificate on the web server where you generated the CSR and then export the SSL certificate and its private key to a PFX or PKCS12 file. You can then import that file on another web server.
Can I secure my top-level domain with and without the "www." sub-domain?
Yes. With AffirmTrust certificates, if you purchase an SSL certificate to secure www.example.com, it will also secure example.com.
Hours of Operation:
Sunday 8PM ET to Friday 8PM ET
[email protected]
