General Questions How long will my application take? Why do you require to check credentials and other information? Why does the website say the SSL certificate is 'Untrusted'? When accessing some parts of the website, why do I see messages saying that the name on the security certificate is invalid or does not match the name of the site? When trying to go to a certificated server over https the message 'The page cannot be displayed' is shown on the browser? I have deleted/lost my "private key" from the server? I have changed my server, or moved to a different provider, how do I move the certificate? Revocation Questions What is Certificate Revocation? How do I revoke a certificate? When should my certificate be revoked? Who can request revocation? What is the procedure for a revocation request? Who do I contact for a revocation request? Site ID What is SiteID? What are the key features of SiteID? Why has Trustis released SiteID? How does it work? How much does SiteID cost? What are the system requirements for SiteID? Where can I place SiteID? Installation Instructions How do I provide feedback on SiteID? How do I report misuse of SiteID? How long will my application take? The length of time required to check and process your credentials varies considerably and is dependant upon the data you provide, the nature of the organisation and how quickly we can check your domain name for which you have requested a certificate. It is possible to process a request in as short as 1 hour. You can help make the process move as swiftly as possible by ensuring all the information provided in your submission is complete and accurate. Why do you require to check credentials and other information? Server certificates are tools to provide assurance that the server is owned and operated by the organisation declared in the certificate and that the domain name is properly owned managed and controlled. To support these assurances and before before issuing a certificate, we check that the applicant owns, or has a legal right to use, and/or has legitimate control of the domain name featured in the application. In addition, we check that the applicant is a legitimate and legally accountable entity. To do this we need to have access to corroborative information that verifies these claims. Why does the website say the SSL certificate is 'Untrusted'? The usual cause of this is that the full certificate chain has not been loaded into the server. You would normally obtain this as part of your application for a certificate but you can also obtain it from the help section that is tailored to a wide variety of webserver types. When accessing some parts of the website, why do I see messages saying that the name on the security certificate is invalid or does not match the name of the site? This is usually caused by the visitor accessing the website by a different name than is specified in the certificate. For instance, the certificate may specify www.mysite.com whereas your visitors may be accessing the site through an additional alternative name that may have been configured for the webserver intended to map to specific parts of your website (e.g. library.mysite.com), or for visitors that are internal to your networks, may be just using the internal server name (e.g. library). In the first case, consider applying for a wildcard certificate. In the second case, ask your internal visitors to use the full and correct name of the server. When trying to go to a certificated server over https the message 'The page cannot be displayed' is shown on the browser? There are a number of reasons to cause this, which are not directly related to the certificate; server configuration and firewall configuration (port 443 not allowed) are common causes. It may also be that the private key file corresponding to the certificates is missing or not correctly loaded on the server. I have deleted/lost my "private key" from the server? The private key was generated by you when you first applied for your certificate (see creating your CSR). We have never been supplied with copies of this private key (to have done so would have been a security risk to your organisation). Check the backups of the server and see if you can re-install the "private key". You will need to contact your systems administrator to assist with this. Your server vendor may be able to assist you via their technical support. Failing this, a new certificate will need to be applied-for and purchased. I have changed my server, or moved to a different provider, how do I move the certificate? Provided the Fully Qualified Domain Name as specified in the certificate can still be used on the new server (i.e. the domain name of the server has not changed, or if the certificate is a wildcard certificate, has changed in a way consistent with the wildcard specification), then the existing certificate and private key can be exported from the old server and installed on the new server. If the domain name has changed in a manner inconsistent with the specification contained in the certificate, then a new certificate will need to be applied-for and purchased. What is Certificate Revocation? Revoking a certificate makes it no longer valid for use. Once a certificate is revoked, visitors to your website may get warning messages telling them that the certificate is not longer valid and should not be trusted. Revocation of a certificate is an unlikely requirement, however certificate owners should be aware of the following information pertaining to revocation - which is abstracted from the certificate policy. How do I revoke a certificate? Revocation is subject to checks to ensure the request is valid and authoritative. Details of how to submit a revocation request are provided in the FAQ What is the procedure for a revocation request?, and are covered in more detail in the Trustis Healthcare Certificate Service Base Certificate Policy When should my certificate be revoked? A certificate must be revoked: When any of the information in the certificate is known or suspected to be inaccurate Upon suspected or known compromise of the private key Upon suspected or known compromise of the media holding the private key When the Subscriber withdraws from or is no longer eligible to participate in the public key infrastructure governed by this certificate policy The above use of the term "compromise" is intended to include: Unauthorised access Loss Theft Irrecoverable corruption Destruction The Issuing Authority may revoke a certificate when an Entity fails to comply with obligations set out in this certificate policy, any additional published documents defining practices to be followed by the entity, any other relevant agreement or any applicable law. Who can request revocation? The revocation of a certificate may be requested by any entity, authenticated according to section 3.4 of the Certificate Policy, that presents reliable information indicating a valid circumstance for revocation according to 4.4.1. Approval of a revocation request may only be granted by: The Policy Authority The Issuing Authority Authorised and authenticated administrators of the Issuing Authority Authorised and authenticated Registrars of a Registration Authority acting on behalf of the Issuing Authority Upon revocation of a subscriber's certificate, the Issuing Authority shall undertake to inform the subscriber. What is the procedure for a revocation request? Revocation shall be requested promptly after detection of a compromise or any other event giving cause for revocation. A revocation request may be generated in the following ways, in order of preference: Electronically by a digitally signed message By personal representation to the Issuing Authority or a Registration Authority By a signed fax message Electronically by a non-signed message By telephone call to the Issuing Authority or a Registration Authority Who do I contact for a revocation request? If you wish to request a certificate, please contact: Trustis FPS Trustis Limited Fax: (01635) 231366 Email: support@trustis.com Please provide your full details including the capacity in which you are making the request, the details of your certificate (issuer name, serial number, etc.) and the circumstances surrounding its revocation. The Issuing Authority or Registration Authority acting on its behalf may seek independent confirmation, for example, by making a phone call to the subscriber's employer or other sources, prior to initiating the revocation of a certificate. What is SiteID? Trustis operate a mechanism for cross checking the validity of certificates issued. The SiteID scheme provides a mechanism where visitors to your website can readily check the certificate. Additionally it gives you a mechanism to demonstrate your certificate is provided from an established provider who carries approvals and accreditation for the security and robustness of certificate supporting your site. Use of this facility is very simple and requires only a one-line addition to web pages where you want this facility to be available. Build Confidence The Trustis SiteID assures visitors to your website that you have been authenticated by a properly authorised Registration Authority and that confidential transactions with your website are secured by the strongest SSL encryption commercially available, using a valid certificate. SiteID removes a major barrier to conducting successful transactions over the internet: the lack of the ability to verify the trust between a website and its visitors. Real Time Validation Here's how it works: Just one simple single-line addition to your web pages will give you and your visitors access to SiteID. The Trustis SiteID technology itself resides on our secured servers and displays a small clickable logo on your page at the position where you included the SiteID reference. When a visitor clicks on the SiteID logo, our servers automatically perform a look-up to verify that the visitor is accessing a legitimate site and identifies your site as genuine, authentic, and validated by an properly authorised Registration Authority. Real time certificate status validation is also provided to the visitor - timestamped and confirming your certification status at that exact moment. More and more web users are demanding this kind of validation before they will trust websites with their transactions. What are the key features of SiteID? Trusted validation of a website identity - site owners and visitors are protected from spoofed (copied) sites that can harm the rightful owner Click to verify technology - just one simple click is required by your visitors for an up to the second real-time site identity and validity check Free - to all Trustis SSL Server certificate customers Why has Trustis released SiteID? We are constantly improving our competencies and product offerings to customers. Given that more and more web users are demanding this kind of validation before they will trust websites with their transactions, we have released SiteID to help you as a website owner, put your visitors at ease when they transact with you. How does it work? Just one simple single-line addition to your web pages will give you and your visitors access to SiteID. The Trustis SiteID technology itself resides on our secured servers and displays a small clickable logo on your page at the position where you included the SiteID reference. When a visitor clicks on the SiteID logo, our servers automatically perform a look-up to verify that the visitor is accessing a legitimate site and identifies your site as genuine, authentic, and validated by an properly authorised Registration Authority. Real time certificate status validation is also provided to the visitor that is timestamped and which confirms your certification status at that exact moment. SiteID displays your authenticated organization name and your certificate's validity so your visitors can be assured of your site's authenticity at a glance. How much does SiteID cost? SiteID is free-of-charge to all Trustis SSL Server certificate customers. What are the system requirements for SiteID? SiteID uses JavaScript and is served directly from Trustis. Refer to the installation instructions for further details. Where can I place SiteID? SiteID can be placed and displayed on any web page within the domain enrolled for your SSL certificate. Using the simple installation instructions, place SiteID within your web site wherever you want your web site visitors to be aware of your site's authenticity and security, such as: On your home page, easily found near other Web site information and links. On any page that is SSL-enabled, easily visible at the top of the page. On other pages and locations within your Web site as you see fit. Generally, it is best to insert the Seal in a location clearly visible to your Web site visitors, without having to scroll down the page to see it. Installation Instructions Choose where on your web page you would like the logo above to appear At that position in your web page, all you have to do is to include the following code (a text editor may be used for this if desired) <script LANGUAGE="Javascript" SRC="https://healthcare.trustis.com/validate-cert.js"></script> That's it! You're done. You and your website vistors now have access to Trustis SiteID. How do I provide feedback on SiteID? Please provide feedback to: support@trustis.com How do I report misuse of SiteID? Please report any SiteID misuse to: support@trustis.com

For help with NHS Registration Procedures please email nhs-ssl@trustis.com For technical guidance please use the Trustis online Help relating to applying and using Trustis FPS Healthcare Certificates or email support@trustis.com