Server Instructions

 
 

 

1. Certificate Request Generation

    NOTE: The request generation must be performed using your server's built-in functionality. Instructions are provided for IIS and iPlanet webservers. If you have a different type of server please refer to your vendor supplied documentation.

    Click here to download instructions for Microsoft IIS

    Click here to download instructions for iPlanet Webserver - coming soon

    In all cases you must desginate the following information. Information that is dependant on your server is enclosed in <> signs. Static information is enclosed in quotes.

    Common Name: <FQDN of your server>
    Organizational Unit: <Your company name>", OU=ORC, OU=ECA"
    Organization: "U.S. Government"
    Country: "US"

2. Submitting your request to the Certificate Authority

a. Click here to open a new window.

b. Read the obligations page and accept the terms and conditions.

c. Fill out and submit the electronic submission form.

  • Click in the text area labeled “Paste the PKCS #10 request into this text area” and paste your PKCS #10 Request into the area.
  • Enter the Hostname and IP Address of your server
  • Enter the Key Contact's First Name, Middle Initial, and Last Name
  • Enter the Name of the Company purchasing the server certificate (i.e. your company).
  • Enter the Key Contact's Phone Number and Email address.
  • Click “Submit”
  • You should see a page stating, "Your request ID is xxxx"

    IMPORTANT: Print the “Print this Form Now” page. You will need it to validate your request.

  • If you see an error message, your certificate request was not submitted correctly and cannot be processed. Write down the error message and contact the PKI Help Desk at pkihelp@orc.com or 1-800-816-5548

3. Verify Individual and Corporate Identity

A. Individual Identity Verification - All applicants for Server Certificates are required to appear in person before an ORC Registration Authority (RA), an ORC Appointed Local Registration Authority (LRA), or a Notary Public. Applicants are required to present two official photo ID credentials, one of which must be Government issued. In addition proof of organizational affiliation, and the request form ("Print this Form Now" page) must be supplied. Official photo IDs include Government issued photo IDs (passport, Driver's License), and Company issued photo IDs.

  • Bring the following items to the RA, LRA, or Notary Public you wish to have validate your identity.
The printed Request Form ("Print this Form Now" page).
Official Government issued Photo Identification.
Official Photo Identification (Government issued or otherwise).
Photocopies (front and back) of both Photo IDs.
Proof of Organizational Affiliation.
 
  • Sign and date your printed Request Form ("Print this Form Now" page) in the presence of the RA, LRA, or Notary Public.

  • Submit your paperwork to the RA or LRA. If you are being validated by a Notary Public mail your paperwork (via Certified Mail) to one of the addresses below.
 
ORC RA Location/Mailing Address - If you decide to be validated by an ORC RA or you need to mail your validated paperwork to ORC please use the address below.
 
11250 Waples Mill
South Tower Suite 210
Fairfax, VA 22030		  

B. Corporate Identity Verification - In order to receive a Server Certificate the applicant must also be verified as a duly appointed key contact for their company. Complete the following steps to satisfy this requirement.

  • Click here to download the POA (Proof of Organizational Affliation) Letter.

  • Insert the appropriate information for the Organization, Authorized Component Certificate Contact (Server Administrator), and Duly Authorized Representative (Approving company officer).

  • Have the Duly Authorized Representative sign the POA letter.

  • Submit the POA Letter along with your Request Form and Identification credentials.

4. Certificate Acceptance

a. Notification - Upon successful completion of the identification and authentication process, the ORC ECA shall create the requested ECA Certificate, and notify you via email that your certificate is ready.

b. Acceptance - Refer to either the supplied IIS/iPlanet documentation or your vendor-supplied documentation for instructions on how to import your server certificate.

c. Acknowledgement - You shall print a copy of the notification email, sign it, and mail the signed document to the ORC ECA RA.

IMPORTANT: If you do not provide this verification notice, or if you are found to have acted in a manner counter to these obligations, the Certificate shall be revoked, and you will forfeit all claims against the ORC ECA CA infrastructure in the event of a dispute arising from failure to fulfill the obligations above.


Return to Last Page