gTLD SSL Requirements
The server requires dual SSL authentication, thus a certificate is required (X509).
The certificate can be either self signed or verified by a Certification Authority.
Please see the links below for OT&E and Production Server Certificates if required.
1. gTLD OT&E Certificate
2. Launch OT&E Certificate
3. Production Server's Certificate (.AFRICA, .JOBURG, .DURBAN, .CAPETOWN)
The intermediary certificate is NOT included in the certificate bundle above.
The certificate must be in X509 certificate format. Please do not submit a private key or a combination of private/public key.
The X509 certificate may be signed by a Certification Authority or the certificate can be self signed. An example of a certificate can be seen by downloading the file below:
Example X509 Signed Certificate
If the certificate that was provided has been loaded and installed on our end but there are still some SSL problems when connecting to our server, please log a ticket here and include the results of the following command:
openssl x509 -noout -in CERT_FILE -fingerprint -md5
where "CERT_FILE" is the certificate that you are using to connect.
Minimum SSL Requirements
The minimum requirements include:
1. A key strength/length of 1024 bits
2. A key with a maximum of 5 years of usage from creation, with a minimum of 1 year of usage
Recommended SSL Requirements
The recommended requirements include:
1. A key strength/length of 2048 bits
2. A key with a maximum of 1 year of usage from creation
The following is an example of how to generate an SSL Certificate.
The example assumes the use of a UNIX computer with command line access and openssl installed.
The 2nd command creates the public certificate that you will upload to our portal.
2. openssl req -new -x509 -key epp.key -out epp.crt -days 1095
3. type epp.key > epp.pem
To rollover the current SSL Certificate, navigate to the Registrar Panel, then click on the namespace you would like to manage under the INTEGRATIONS heading.
Select the integration that you want to update the SSL Certificate for. Use the options availabel to you in the "SSL Certificate" section of the main content page.
For all Live accounts you will see the active SSL Certificate loaded for the namespace. Subject, Validity, MD5 and SHA1 information is displayed.
Browse to your local SSL Certificate file for upload. Click submit and your cert will be uploaded and checked for validity. Only .txt , .crt, .pem, .cer and .cert files are permitted for upload. No Private Keys will be accepted!
If valid then the SHA1, MD5 and validity dates are displayed. Click Next to continue.
If successful, you will see the following message displayed "SSL Certificate successfully added".
Last update: 04-06-2020 12:47:24