How To Order a LuxTrust SSL Certificate
Ordering a LuxTrust SSL certificate can be very easy. If you prepare to order an SSL certificate by creating a CSR and preparing your WHOIS record and company validation documents, you can make the process much easier to deal with. The process of ordering a certificate goes, normally, like this:
- STEP 1: Choose the SSL-Certificate you need, add it to your cart and checkout
- STEP 2: Receive a confirmation mail containing the payment instructions, order form and upload link.
- STEP 3: Pay your SSL Certificate, upload your CSR file and send Order documents via postal mail (*).
- STEP 4: CSR file, domain registration and your documents will now be checked and validated by LuxTrust
- STEP 5: Receive a mail containing your SSL Certificate and invoice.
*To complete the order procedure, all documents listed on the order form, have to be sent to the following address:
House of Entrepreneurship
« One Stop Shop » – cellule LuxTrust
14, rue Erasme
Courrier: B.P. 3056 | L-1030 Luxembourg
If your order form is digitally signed using a LuxTrust certificate (e.g. Smartcard, Signing Stick,…), you can directly upload your file. In that case you don’t have to send documents via postal mail to complete your order.
Which documents do I need to complete my order?
To complete your order, the following documents have to be send for validation.
- The filled-in order form dated and signed by one or more representative(s) of the company (according to the company’s legal statutes or governing rules)
- A double-sided copy of the identity card(s) of the person(s) having signed the order form.(Those copies have to be duly signed by the respective owners)
- In different cases and only on demand, we may also need:- A recent copy of the company’s statutes or alternatively of an equivalent document.- A relevant recent copy of the company’s national trade and company register’s entries
What do I need to have before buying an SSL certificate?
A unique IP address. Because of the way that the SSL protocol was set up, you will need a separate IP address for each certificate that you want to use.
If you have multiple subdomains on one IP address, you can secure them with a Wildcard SSL Certificate. If you have multiple different domain names on one IP address, you can secure them with a UC Certificate.
A CSR. A certificate signing request or CSR is a piece of text that must be generated on your web server before ordering the SSL certificate. LuxTrust will use the information contained in the CSR (Organization name, domain name, public key, etc…) to create your certificate.
Correct contact information in WHOIS record. When you purchase a certificate for a particular domain name, LuxTrust needs to ensure that you own the domain name that you are getting the certificate for and that you are authorized to order the certificate. This is primarily done by making sure that the WHOIS record (the ownership and contact information associated with each domain name) matches the company name and address that is submitted with the certificate order.
Business/Organization validation documents. Your business must also be validated. We will verify that your company is registered through the copy of your Trade Registry, for example, that you will send us.
What is SSL?
SSL is an acronym for Secure Sockets Layer. A LuxTrust SSL certificate secures the connection between your web server and your visitors’ web browser. The transmitted information is thus secured against risks of eavesdropping, data tampering, or message forgery.
Furthermore a LuxTrust SSL certificate will authentify the transmitting entities.
A website which is secured with an SSL certificate will display a padlock icon in web browsers or/and a green address bar.
The website’s visitor can be sure that the information he enters (contact or credit card information), is secured and only seen by the organization that owns the website.
Why do I need an SSL certificate
If your website gives your customers the possibility to transmit sensitive information such as credit card details, login credentials or personal information, you need to secure it with an SSL encryption. Your customer will know that he finds himself in secure and trusted environment. No third party will be able to see or tamper with his personal data.
What is a Certificate Authority (CA)?
A Certificate Authority like LuxTrust S.A. is an entity which issues digital certificates to organizations or people after having them clearly identified and validated their request.
As part of a public key infrastructure (PKI), a CA checks with a registration authority (RA) to verify information provided by the requestor of a digital certificate. If the RA verifies the requestor’s information, the CA can then issue a certificate.
How many domain names can I secure?
LuxTrust’s services and products can cover all your needs for secured online transmissions. We provide certificates for :
– single domain names or sub-domains
– multiple sub-domains on a single domain name (Wildcard certificates)
– Unified Communications (UC) for Microsoft Exchange Server 2007
Why SSL? – The Purpose of using SSL Certificates
Using an SSL certificate protects your and your customers’ sensitive information. It prevents third parties from snooping the transmitted data.
Why use SSL? To Encrypt Sensitive Information
On the Internet information is passed from computer to computer to get to the destination server. Any computer in between you and the server can see your credit card numbers, usernames and passwords, and other sensitive information if it is not encrypted with an SSL certificate.
In addition to encryption, a proper SSL certificate also provides authentication. This means you can be sure that you are sending information to the right server and not to a third party’s server.
Why SSL protects from phishing
A phishing email is an email sent by someone trying to impersonate your website. The email usually includes a link to their own website or uses a man-in-the-middle attack to use your own domain name. Because it is very difficult for these criminals to receive a proper SSL certificate, they won’t be able to perfectly impersonate your site. This means that your users will be far less likely to fall for a phishing attack because they will be looking for the trust indicators in their browser, such as a green address bar, and they won’t see it.
LuxTrust SSL – High assurance certificate
LuxTrust offers different types of SSL certificates. If you are not sure or do not understand the difference between our certificates, so don’t hesitate to contact our Customer Support.
To ensure the highest level of security, LuxTrust only offers high assurance certificates. To obtain a certificate, an extended WHOIS check has to be done, and also a verification of your business registration a power of signature of the certificate owner.
LuxTrust – SDC (single domain certificate)
The standard single domain certificate from LuxTrust makes it possible to secure a FQDN (Fully Qualified Domain Name) whether it is linked to a web site or to a server application.
LuxTrust – MDC (multi domain certificate)
The Multi Domain SSL certificate makes it possible to secure up to 10 FDQN (Fully Qualified Domain Names), either linked to web sites or to several applications of one server.
LuxTrust – Wildcard
LuxTrust with its SSL Wildcard certificate makes it possible to secure an unlimited number of FQDN (Fully Qualified Domain Names) belonging to the same name space (e.g. Common Name= “*.lux.com”) with a single certificate (unlimited number of servers).
Secured Applications (SOFie, eFILE…)
LuxTrust offers SSL certificates (Standard SSL certificate) for the use of SOFiE (Secured Online File Exchange), the secured transmission tool for documents installed by SXI Payment Services.
SOFiE is a tool provided with a graphic interface for highly secured exchange of sensitive files (financial reporting for CSSF, etc.) between two parties identified on the same network.
What is a CSR (Certificate Signing Request)?
A CSR or Certificate Signing request is a block of encrypted text that is generated on the server that the certificate will be used on. It contains information that will be included in your certificate such as your organization name, common name (domain name), locality, and country. It also contains the public key that will be included in your certificate. A private key is usually created at the same time that you create the CSR.
LuxTrust will use a CSR to create your SSL certificate, but it does not need your private key. You need to keep your private key secret. What is a CSR and private key good for if someone else can potentially read your communications? The certificate created with a particular CSR will only work with the private key that was generated with it. So if you lose the private key, the certificate will no longer work.
What is a CSR’s format?
Most CSRs are created in the Base-64 encoded PEM format. This format includes the “—–BEGIN CERTIFICATE REQUEST—–” and “—–END CERTIFICATE REQUEST—–” lines at the beginning and end of the CSR. A PEM format CSR can be opened in a text editor and looks like the following example:
-----BEGIN NEW CERTIFICATE REQUEST-----
-----END NEW CERTIFICATE REQUEST-----
How do I generate a CSR and private key?
You need to generate a CSR and private key on the server that the certificate will be used on. You can find instructions in your server documentation.
What is the CSR- Key bit length?
The bit-length of a CSR and private key pair determine how easily the key can be cracked using brute force methods. A key size of 512 bits is considered weak and could potentially be broken in a few months or less with enough computing power. If a private key is broken, all the connections initiated with it would be exposed to whomever had the key. A bit-length of 1024 is exponentially stronger, however, it is more and more likely to be broken as computing power increases. The LuxTrust guidelines require to use a 2048-bit key size to ensure their security well into the future.
Why is my SSL Certificate untrusted?
If a browser says that your website is untrusted, and your certificate is properly installed, means in most of the cases that one of the chain certificates or the chain certificate itself, are not installed on the web server.
To solve this kind of issues, just download and install the actual Root Chain from LuxTrust and install it on your server or web server.
LuxTrust qualified certificates
The LuxTrust qualified certificates are first by LuxTrust Qualified Root certificate, which is signed by the LuxTrust Root certificate, which in turn is signed by Baltimore Cybertrust Root certificate. This channel certification allows all LuxTrust certificate to obtain automatic international recognition in the most common browsers as well as in many other applications.
LuxTrust normalized certificates
The normalized LuxTrust certificates are signed by the LuxTrust Normalized Root certificate, which is signed by the LuxTrust Root certificate, which in turn is signed by Baltimore Cybertrust Root certificate. This channel certification also allows all LuxTrust certificate to obtain automatic international recognition in the most common browsers as well as in many other applications.
For some applications, it is necessary that you manually install the roots certificates. You can download them on this this page in order to install them as needed.
Download the entire chain to ensure the functionality of your certificates: