Overview
Getting started with certificate management
Welcome to the PayNet's Certificate Management User Guide. In this guide, we'll walk you through the process of acquiring, deploying, and maintaining digital certificates, ensuring the security and integrity of your online interactions, data transmission, and identity verification. Certificate management encompasses tasks like generating certificates, renewing or revoking them, configuring trust relationships, and monitoring their validity
Before you begin
An SSL certificate, which stands for Secure Socket Layer certificate, is a digital certificate that provides a secure and encrypted connection between a user's web browser and a web server. It ensures that data transmitted between the two parties remains private and cannot be easily intercepted or tampered with by malicious actors.
Here's a brief explanation of how SSL certificates work:
Encryption
When a user visits a website secured with an SSL certificate (usually indicated by a padlock icon in the browser's address bar), their browser and the web server establish an encrypted connection. This encryption prevents unauthorized access to the information being exchanged, such as login credentials, payment details, and personal data.
Authentication
SSL certificates also serve to authenticate the identity of the website's owner. They are issued by Certificate Authorities (CAs) after verifying the legitimacy of the website's domain and owner. This helps users trust that they are indeed communicating with a legitimate website and not a fraudulent one.
Data Integrity
SSL certificates ensure that data exchanged between the user's browser and the web server remains intact and unchanged during transmission. This prevents data from being altered or tampered with by third parties.
Trust and Security
SSL certificates enhance user trust by displaying visual cues, such as the padlock icon or the website's URL beginning with `"https://"` instead of `"http://"`. These cues indicate that the website takes security seriously and is using encryption to protect user data.
In summary, SSL certificates play a vital role in securing online communication, protecting sensitive information, and establishing trust between users and websites. They are especially important for websites that handle sensitive data, such as e-commerce sites, online banking platforms, and any website where user privacy and security are paramount.
One Stop Portal (OSP) features
The OSP portal enables participants to self-serve their certificate renewals, emphasising our commitment to security through mandatory periodic renewals. It's crucial for participants to have access to our One Stop Portal (OSP) for Certificate Management before proceeding.
Log into theOne Stop Portal (OSP)
Certificate Renewal
Here is a summary of the three(3) steps needed to complete the renewal process.
1
Generate CSR and
Private Key
2
Verify Certificate
(with or without modulus)
3
Key Rotation
(with or without modulus)
- 1Generate CSR and Private key
- 2Verify Certificate (With or without Modulus)
- 3Key Rotation (With or without modulus)
The first step is to generate a CSR (Certificate Signing Request) and Private Key. A CSR is a vital file used in creating a 'signed public certificate.' It contains registered business information and a public key that corresponds to the private key used for electronically signing the CSR.
Once generated, the CSR is submitted and counter-signed by a Certificate Authority (CA) to certify its authenticity. PayNet will then utilize the public key within the CA-signed public certificate to authenticate and validate the legitimacy of electronic messages sent by your e-commerce application.
You have the option to generate the key-pair and CSR files manually following our guidelines or rely on our built-in tools for automatic generation. Please note that the tool will run on client-side browsers, ensuring that PayNet cannot view or access the generated private key to mitigate non-repudiation and security risks.
We offer straightforward guidance to generate your CSR on Mac, Window and Linux platforms. Please make sure to follow these format guidelines to meet PayNet's standards.
Generate CSR and Private KeyWe also guide users on how to generate a CSR and private key at the beginning of the video. Check out our video on the PayNet YouTube channel.
CSR Generation & Modulus Extraction in OSP0.52Section 1: Generate CSR and Private KeyCertificate details page
Manual CSR Generation & Modulus Extraction0.52Section 1: Generate CSR and Private KeyCertificate details page
In the second step, Testing the Certificate is crucial for system security and trust. This process verifies cryptographic certificates by aligning your private key with our public key, ensuring confident certificate rotation for secure communication. In RSA cryptography, the modulus, derived from the product of two prime numbers, serves as a unique identifier in both keys. By comparing moduli, we confirm the match between your private key and our public key.
To proceed with this step, the modulus from your private key is required. You can obtain this modulus in two ways: manually extracting it from your private key following the steps outlined in our guide, or uploading your private key and allowing our tool to extract the modulus automatically.
Please note that the tool runs on client-side browsers, ensuring that PayNet cannot view or access the generated private key to mitigate non-repudiation and security risks.
We offer straightforward guidance to extract modulus from the private key file.
Extract the Modulus from Private KeyYou can refer to the videos for guidance based on your preference for verifying the certificate.
CSR Generation & Modulus Extraction in OSP3:41Section 2: Verify Certificate (with modulus)
Select option, “I know how to retrieve the modulus of my private key”.
Section 2: Verify Certificate (without modulus)
Select option, “I dont know how to retrieve the modulus of my private key”.
After successfully completing the test, the system will automatically schedule the key rotation in our system. Please log in to One Stop Portal again at the designated time.
Please ensure that the files that have been generated (key-pair, CSR, certificate) are securely stored. The private key in particular will be required for the next step of the process.
After requesting renewal, when the designated date arrives, please log in to One Stop Portal again. You'll notice the status displaying "Ready for renewal." At this point, click the "Test Certificate" button.
Upon completing the certificate testing one more time to verify that the new private key matches the new certificate on our servers, the keys and certificate will automatically be rotated. Please be ready to update your application with the new private key to minimise any potential disruptions.
The system automatically schedules key rotation. Also, there'll be another key matching test, so keep your private key safe. Remember to mark your calendar for certificate renewal on One Stop Portal.
Generate CSR and Private KeyYou can refer to the videos for guidance based on your preference for key rotation.
CSR Generation & Modulus Extraction in OSP6:03Section 3: Key Rotation (with modulus)
Product Status: “Ready for renewal” Verify Key Matches
Section 3: Key Rotation (without modulus)
Product Status: “Ready for renewal” Verify Key Matches
Certificate Renewal Videos
Discover our Certificate Renewal videos, organized into three sections that explain the renewal process in detail. These videos provide clear, step-by-step instructions for easy understanding.
2
12.78 min