Process to apply a SSL certificate of StartCom: Step 1. StartCom customer sign-in his/her account on official website of StartCom; Step 2. Customer do the domain validation via “Validations Wizard”; Step 3. PKI validation system send the verification code to domain name whois admin email, the subscriber pastes the verification to the validation page; Step 4. If the domain validated successfully, subscriber using “Certificates Wizard” to choose the validated domain and post CSR to CMS for pending process; Step 5. If the domain name is not in the “Manual Review list” and subscriber apply for a free SSL certificate, the order will be sent to the PKI server to issue the Certificate automatically, go to Step 8; Step 6. If the domain name is in the “Manual Review List” or subscriber apply for OV and EV certificate, the order will be sent to CMS for manual process; Step 7. CMS (Certificate Management System) is the internal order process system to review the order, do the identify validation, approve the order to PKI for pending issuance; Step 8. The PKI signing server will get the serial number from serial number generator; Step 9: PKI use the right intermediate CA key to sign the certificate, and return the issued certificate to CMS; Step 10. CMS push the certificate to ordering system, and send email to user to retrieve the certificate from the official website.
The Official website & Ordering System, CMS and PKI system are involved in the process, the process is different with Wosign’s one. CRL/OCSP distribution 1. Once the certificate is issued, the certificate serial number and other related info will post to OCSP source server for CDN distribution; 2. PKI signing the CRL at fixed period and send it to CRL source server for CDN distribution. Thanks, Xiaosheng Tan 在 2016/10/11 上午12:10,“Gervase Markham”<[email protected]> 写入: On 10/10/16 16:47, 谭晓生 wrote: > Yes, the certificate issuance process is performed by each of these > five components, except, TSA is used for code issuance and PDF > issuance, not related with SSL certificates issuance. Right :-) But can you explain what each component does specifically? E.g.: 1) The user visits the website (component 1) and uploads a CSR. 2) ... 3) ... Then it would be clear what particular steps are currently fulfilled by code from StartCom, what by code from WoSign, and so on. Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
