The present invention is related to digital certificates, and more particularly to provisioning and deployment of digital certificates.
In recent years e-commerce has become an important way of conducting business. However, there are still concerns among many internet users regarding how secure transaction conducted over the internet really are. One concern that users have is whether the website conducting business is a legitimate website. If a user conducts business on a website that is not legitimate, the user could easily end up being a victim of fraud, monetary theft, identity theft etc. In order for e-commerce to remain a viable alternative to traditional ways of conducting business, online transactions and connections need to be secure.
Digital certificates are used to help ensure the security of online transactions by providing a means for authenticating the identity of websites. Since websites having a digital certificate have been authenticated by a third party certification authority (CA), such as VeriSign®, a subscriber using the website with a digital certificate has some comfort in knowing that the website has undergone some vetting process. X.509 certificates, also referred to as digital certificates, are used to authenticate websites.
Digital (X.509) certificates are defined by the Telecommunication Standardization Sector (ITU-T) of the International Telecommunication Union (ITU) as part of the Directory (X.500) series. Currently, digital certificates are issued to a subscriber after the subscriber requests the certificate, pays for the certificate and undergoes an authentication and verification process.
The issued digital certificates, as described by RFC 5280 (http://www.ietf.org/rfc/rfc5280.txt), contains the date at which the certificate becomes valid, and a later date at which the certificate expires. For example, a subscriber requesting an SSL certificate, from a CA, will pay the full amount up front and receive a digital certificate whose validity start date is set to the date on which the digital certificate was issued. The validity end date will typically be one, two, or three years after the validity start date.
One form of a digital certificate is a Secure Sockets Layer (SSL) certificate. SSL certificates are usually acquired by performing a three-step process, as illustrated in FIG. 1. FIG. 1 is a flowchart illustrating the current three-step method used by an enterprise SSL customer to acquire an SSL certificate. The method starts in step 110 where the system is initialized. In step 115, the Certificate Signing Request (CSR) is generated. The current CSR generation step uses a system administrator or webmaster to generate a PKCS10 Certificate Signing Request (CSR) on the server machine (for which the SSL certificate is requested). An open source implementation of the SSL protocol (openssl) or a web server administration console is used for the CSR generation. In step 120 the certificate is enrolled. The current certificate enrollment step uses an administrator to enroll an SSL certificate through a CA-supplied enrollment form. The administrator enters the customer contact information and copies and pastes the CSR blob on the enrollment form. Next in step 125, the certificate is issued, delivered and installed. The current certificate issuance/delivery step uses the CA to issue a certificate, which is delivered to the administrator through an email. The administrator then installs the issued SSL certificate onto the web server along with its intermediate CA certificate chain. In step 190, the method ends when the SSL certificate is installed.
This three-step process of obtaining an SSL certificate can be time consuming and can require that the customer perform several steps, which is inefficient and takes up the customer time. Therefore, a system and method is needed that streamlines the process used by enterprise SSL customers by reducing the number of steps used to acquire the SSL certificate.