System Status
System Status
Login

ZA SSL Requirements

Authentication and Available Certificates

The server requires dual SSL authentication, thus a certificate is required (X509).
The certificate can be either self signed or verified by a Certification Authority.

Please see the links below for OT&E and Production server Certificates if required. The certificates apply to the Co.Za, Web.Za, Net.Za and Org.Za namespaces.

OT&E Server Certificate →

Co.Za Production Server Certificate

Web.Za, Net.Za and Org.Za Production Server Certificate →

Minimum SSL Requirements

The certificate must be in X509 certificate format. Please do not submit a private key or a combination of private/public key.

The X509 certificate may be signed by a Certification Authority or the certificate can be self signed. An example of a certificate can be seen by downloading the file below:

Example X509 Signed Certificate

If the certificate that was provided has been loaded and installed on our end but there are still some SSL problems when connecting to our server, please log a ticket and include the results of the following command:

openssl x509 -noout -in CERT_FILE -fingerprint -md5
where “CERT_FILE” is the certificate that you are using to connect.

Log Ticket

Production Server SSL Requirements

Minimum SSL Requirements

The minimum requirements include:

  1. A key strength/length of 2048 bits
  2. A key with a maximum of 5 years of usage from creation, with a minimum of 1 year of usage

Recommended SSL Requirements

The recommended requirements include:

  1. A key strength/length of 2048 bits
  2. A key with a maximum of 1 year of usage from creation

How to Generate an SSL Certificate

An example of how to generate an SSL Certificate

The example assumes the use of a UNIX computer with command line access and openssl installed. 

Run the following in the command line:
 
1. openssl genrsa -out epp.key 2048
2. openssl req -new -x509 -key epp.key -out epp.crt -days 1095
3. cat epp.key epp.crt > epp.pem
 
The 1st command creates your private key.
The 2nd command creates the public certificate that you will upload to our portal.
The 3rd command creates the .pem file that the EPP example files make use of.
 

Once the key has been generated and you have been prompted by our system, upload the created epp.crt file. The epp.crt file is your public certificate.

DO NOT send us the .key or .pem file. Uploading either of these files will reveal your private key, rendering the use of SSL keys null. If either of the files are provided, a new key will have to be generated.
 
To create an SSL Certificate using a Windows computer, please install openssl from here
 

Run the following commands in the command line:

1. openssl  genrsa -out epp.key 2048
2. openssl req -new -x509 -key epp.key -out epp.crt -days 1095
3. type epp.key > epp.pem

4. type epp.crt >> epp.pem 

Once the key has been generated and you have been prompted by our system, upload the created C:\OpenSSL-Win32\bin\epp.crt file.

Rolling SSl Certificate Procedure

Rollover the current SSL Certificate

To rollover the current SSL Certificate, navigate to the Registrar Panel, then click on the namespace you would like to manage under the INTEGRATIONS heading.

Once you have selected the integration to be updated, use the options available under the “SSL Certificates” section of the content page

For all Live accounts you will see the active SSL Certificate loaded for the namespace. Subject, Validity, MD5 and SHA1 information is displayed.

 Browse to your local SSL Certificate file for upload. Click submit and your cert will be uploaded and checked for validity. Only .txt , .crt, .pem, .cer and .cert files are permitted for upload. No Private Keys will be accepted!

If valid then the SHA1, MD5 and validity dates are displayed. Click Next to continue.

If successful, you will see the following message displayed “SSL Certificate successfully added“.