Page History

...

This wiki page describes the process of using a third-party-signed certificate for the purpose of encrypting web browser traffic.  It is important to note that a third-party certificate does not replace the ACT-signed certificate entirely, because the ACT certificate is still required for signing all application-specific messages.  Also, this wiki does not attempt to cover any vendor-specific processes or output files, because those can vary over time.  It is up to each remote site that chooses this option to work with its vendor on any necessary technical details.

This guide also assumes the possibility that a site may initially opt for ACT-signed certificate, but later switch over to a third-party certificate.

The first step is to generate a certificate signing request (CSR) using a private key, and to send that CSR to an SSL/TLS vendor.  The vendor will in turn provide a certificate for the requested fully-qualified domain name (FQDN), and it may provide additional certificates for its root and intermediate CAs.  The remote site should work with the vendor to concatenate all certificates together into one file, such that it would be possible to trace the chain of trust from the endpoint certificate all the way back to the root CA.

...