Thank you for the replies. Unfortunately, the cert has been issued and it WILL NOT INSTALL. GeoTrust's support telephone number will not allow you to hold for more than five minutes or so and booted me out with only the option to leave a message that "will be returned within the following business day." I am in DEEP doo-doo with this customer.
When the site's renewal CSR was refused (because of the aforementioned "BEGIN NEW" issue), I presumed that a new CSR had to be generated, and we removed the old one and restarted. Doh! Now, we have no working cert and no new cert to install. If I revert, the new request will be abandoned. Any ideas, folks? Dave Kim Phelan wrote: > > Thanks for all the questions Dave, my responses: > > 1- Begin New vs Begin Certificate Request- Yes, we caught that one, > the fix is underway. The interface will only check for *begin* and > *end* in the CSR. > > 2- Help Files- We will be promoting the link to help within the > interface in the next week. But until then, I would review the > documentation at the following link it will explain the new nuances: > http://resellers.tucows.com/opensrs/certificates/pdf/digitalcertguide. > pdf > > 3- Contacts for QuickSSL Certs- Actually QuickSSL authentication has > to do with the approver email (domain authenticated),which is > generated > from the whois on the domain, or generic contacts at that domain. > (specific details on this list is in the documentation above). > > The contacts are up to you, but you will not be actually approving the > order, that "domain authenticated" contact will. Feel free to put > yourself on the contact list. When it comes to True Biz ID, they are > looking to make sure that the organization on the order, whois org and > proof of organization are the same. > > 4- As for renewals, we are designing this now. Geotrust is not > sending renewal messages on behalf of resellers. They will be very > similar to domain renewals. You will be able to designate the > verbiage of the message, and who it will be sent to. Expect more > details to be released in early February (to be available in March 03) > > 5- Admin contact in public information-Actually it isnt! The Seal > (where the info is) contains the domain name only (if QuickSSL) or > the Organization only (if True Biz ID). The certs itself only has > the organization/domain listed. > > For examples of this take a look at: > www.geotrust.com (they have a true biz id seal) > and www.apartmenthardware.com (they have a quick ssl seal). > > Hope that helps. > > Kim Phelan > Product Manager > Tucows, Inc. > [EMAIL PROTECTED] > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of David Delbridge > Sent: Wednesday, November 20, 2002 10:02 PM > To: [EMAIL PROTECTED] > Subject: QuickSSL: Minor Bugs > > I hope this is the proper place to report SSL bugs. Please correct me > otherwise. > > Application for QuickSSL fails IIS5 CSR validation, requiring, > "-----BEGIN CERTIFICATE REQUEST-----". But, IIS5 certificates > actually > begin "-----BEGIN NEW CERTIFICATE REQUEST-----". I did manage to get > by > this by merely deleting "NEW" from start and end of CSR. > > Separately, help files will be greatly appreciated. I'm unclear on a > lot of things in this new system. I assume that most resellers will > place their own info in Tech and Billing contacts, but that the Admin > contact MUST be an employee of the company that owns the respective > domain name, right? If I supply the customer's billing contact info, > what renewal message will s/he receive and how do I edit it? I > presume > that the Admin's contact info will be published in the cert for public > viewing/verification? > > Thank you. > > Dave -- David M. Delbridge President & CEO Circa 3000 ColdFusion Hosting http://www.circa3k.com 775-832-2445
