[Skip navigation links]

FAQ

What is a CSR?
A CSR or Certificate Signing Request is a file generated by a webserver or other software that contains information about your organisation, the service a certificate is to be generated for, and the public key used in generating the request. Top
What is SMIME?
SMIME or "Secure MIME" is an internet standard providing a secure way to send and receive MIME data typically used for signing and encrypting emails between parties. Top
What key sizes can I use in my requests?
AusCERT CS will issue certificates with key lengths of 2048 bits or 4096 bits. Top
What is a common name?
The "common name" is an x509 field which is used to identify a website - it is typically the DNS name of the site. For example the common name of this website is www.auscert.org.au. Top
What is a wildcard certificate?
A wildcard certificate allows a common name to contain one "*" character. This character will match any single label in a common name. For example a certificate issued to *.auscert.org.au will match cs.auscert.org.au but will NOT match faq.cs.auscert.org.au OR auscert.org.au. That is to say, wildcard matching by consumers of the certificate (such as browsers) normally does not use shell style wildcard matching. Top
What is a multi-domain certificate?
A multi-domain certificate has a common name and one or more subject alternative names (SANs). If you want to order a certificate that has more than one domain entry, you must select one of the QV Business policy templates (10, 20 or 50) and supply a CSR that contains, at minimum, the Common Name. SAN entries may be included in the CSR or entered into the QV TrustLink Subscriber portal; and may also be modified by an Administrator when the certificate request is sent to him/her to review/approve. Top
How can I verify that my certificate request is valid before submitting it?
There are a number of ways to achieve this, depending on your preferences and system availability.
How do I convert an SSL certificate format after the certificate has been issued?
If you have received a certificate in a format that is not suited to your requirements, it is not necessary to revoke and reissue the certificate. See Product and System Support, "Tools for troubleshooting" and https://pkiwidgets.quovadisglobal.com/pkiwidgets/convertCert.aspx. Top
I asked the CA to issue my certificate with an MD5 signature algorithm but I got a SHA2 signature instead. Why?
A CA must not issue end entity certificates using MD2, MD4 or MD5 signing algorithms. Additionally, SHA1 certificates are being deprecated and most certificates issued by QuoVadis are SHA2. This is a requirement of the Microsoft Root Certificate program. Top
Can I use AusCERT issued certificates on my payment gateway?
Any QuoVadis SSL certificate can be used to secure any type of web site - there's no restriction on use.  Only Comodo's Extended Validation (EV) certificates can be used on your payment system if required.   Top
Your email mentions several certificates but I only received one file in the archive, why?
It is almost certain that the certificate was issued as a PKCS7 certificate bundle. This is commonly used with IIS, and encodes all certificates in the chain (Root, two intermediates and the end-entity certificate) into a single file. This saves the administrator manually installing each certificate into its associated store. Top
Can I request a certificate for a non-fully qualified domain name (non-FQDN)?
In accordance with the CAB Forum guidelines, QuoVadis and Comodo won't allow organisations to order an SSL certificate with a non-FQDN with an expiry date later than 31 October 2015.   Until then it is possible, but not recommended, to order an SSL certificate for a non-FQDN for internal hosting purposes only, ie are NOT hosted on public IP addresses. More information can be found on page 10 of the TrustLink Subscriber Guide.  Comodo has listed acceptable internal domain names.  Top
Can I install a QuoVadis Secured Site Seal on my web site to provided added assurance to visitors to the site?
QV provides a "Secure Site" seal which is available to install for your web site.  Please note that anyone can put a "Secured Site" seal on their site even if there is no digital certificate associated with the site.  Hence it is not a reliable method of providing assurance.  The greatest level of assurance can be provided through using EV SSL certificates, which will highlight the name of your organisation in green as part of the browser address bar.  Links to install the QV Secured Site seal are here:
https://pkiwidgets.quovadisglobal.com/ssltools/siteSealInstall.aspx
Top