What is a CSR?

A CSR or Certificate Signing Request is a file generated by a webserver or other software that contains information about your organisation, the service a certificate is to be generated for, and the public key used in generating the request.

What is SMIME?

SMIME or "Secure MIME" is an internet standard providing a secure way to send and receive MIME data typically used for signing and encrypting emails between parties.

What key sizes can I use in my requests?

AusCERT CS will issue certificates with key lengths of 1024 bits to 8192 bits, though 2048 bits is the minimum recommended. Requests using a 1024 bit key will be available until December 31 2010 but will be issued for a maximum of 12 months.

What is a common name?

The "common name" is an x509 field which is used to identify a website - it is typically the DNS name of the site. For example the common name of this website is www.auscert.org.au.

What is a wildcard certificate?

A wildcard certificate allows a common name to contain one "*" character. This character will match any single label in a common name. For example a certificate issued to *.auscert.org.au will match cs.auscert.org.au but will NOT match faq.cs.auscert.org.au OR auscert.org.au. That is to say, wildcard matching by consumers of the certificate (such as browsers) normally does not use shell style wildcard matching.

What is a multi-domain certificate?

A multi-domain certificate has a common name and one or more subject alternative names (SAN). If you want to order a certificate that has more than one domain entry, you must specify an AusCERT multi-domain SSL certificate and supply a CSR that contains, at minimum, your primary CN. SAN entries may be included in the CSR or entered into the CSM ordering interface.

How can I verify that my certificate requests are valid before submitting them?

There are a number of ways to achieve this, depending on your preferences and system availability.

• Windows users can use certutil.exe to verify the request, or alternatively by downloading the AusCERT CSRChecker.exe utility
• Unix users can use OpenSSL and openssl-vulnkey to check the request
• A web interface from Comodo exists for verifying certificate requests.

How do I convert an SSL certificate format after the certificate has been issued?

If you have received a certificate in a format that is not suited to your requirements, it is not necessary to revoke and reissue the certificate. See Information support, Product and system support, Tools for details about certificate formats and tools, and command line instructions to change formats, as required.

I asked the CA to issue my certificate with an md5 signature algorithm but I got a sha1 signature instead. Why?

A CA must not issue end entity certificates using MD2, MD4 or MD5 signing algorithms. This is a requirement of the Microsoft Root Certificate program.

Can I use AusCERT issued certificates on my payment gateway?

No. AusCERTs agreement with Comodo expressly prohibits this use case for AusCERT issued certificates. However, you can order an EV SSL certificate for this purpose via the CSM.

Your email mentions several certificates but I only received one file in the archive, why?

It is almost certain that the certificate was issued as a PKCS7 certificate bundle. This is commonly used with IIS, and encodes all certificates in the chain (Root, two intermediates and the end-entity certificate) into a single file. This saves the administrator manually installing each certificate into its associated store.

Can I request a certificate for a non-fully qualified domain name (non-FQDN)?

Yes, as long as it is for internal hosting purposes only. Non-FQDNs are not unique and should never be hosted on public IP addresses. Comodo has listed acceptable internal domain names.

Where can I find answers to my questions about EV SSL Certificates?

See the EV SSL FAQ.

Where can I find answers to my questions about the Certificate Service Manager (CSM)?

See the CSM FAQ.

Where can I find answers to my questions about code-signing certificates?

See the code-signing certificates FAQ.

Can I order a certificate for my Intel vPro system management?

These certificates are not included in the AusCERT CS offering. You can obtain these directly from Comodo. See http://www.comodo.com/intel/ for more information.