Text Box:

Home About NHS SSL Apply for cert Information Terms Help

Frequently Asked Questions

How long will my application take ?
The length of time required to check and process your credentials varies considerably and is dependant upon the data you provide, the nature of the organisation and how quickly we can check the your domain name for which you have requested a certificate.  It is possible to process a request in as short as 1 hour.  You can help make the process move as swiftly as possible by ensuring all the information provided in your submission is complete and accurate.

What is SiteID?
Trustis operate a mechanism for cross checking the validity of certificates issued.  The SiteID scheme provides a mechanism where visitors to your website can readily check the certificate.  Additionally it gives you a mechanism to demonstrate your certificate is provided from an established provider who carries approvals and accreditation for the security and robustness of certificate supporting your site.  Use of this facility is very simple and requires only a one-line addition to web pages where you want this facility to be available.  Please see SiteID for more information.

Why do you require to check credentials and other information ?
Server certificates are tools to provide assurance that the server is owned and operated by the organisation declared in the certificate and that the domain name is properly owned managed and controlled.  To support these assurances and before before issuing a certificate, we check that the applicant owns, or has a legal right to use, and/or has legitimate control of the domain name featured in the application.  In addition, we check that the applicant is a legitimate and legally accountable entity.  To do this we need to have access to corroborative information that verifies these claims.

Why does the website say the SSL certificate is 'Untrusted'?
The usual cause of this is that the full certificate chain has not been loaded into the server. You would normally obtain this as part of your application for a certificate but you can also obtain it from the certificate installation online help that is tailored to a wide variety of webserver types.  Visitors to your website, who may experience this problem due to not having applied security updates incorporating Root certificate updates should be directed to the end-user root update online help.

How do I revoke a certificate ?

Revocation is subject to checks to ensure the request is valid and authoritative. Details of how to submit a revocation request are provided in the revocation online help and are covered in more detail in the certificate policy.

When accessing some parts of the website, why do I see messages saying that the name on the security certificate is invalid or does not match the name of the site?

This is usually caused by the visitor accessing the website by a different name than is specified in the certificate. For instance, the certificate may specify www.mysite.com whereas your visitors may be accessing the site through an additional alternative name that may have been configured for the webserver intended to map to specific parts of your website (e.g. library.mysite.com), or for visitors that are internal to your networks, may be just using the internal server name (e.g. library).

In the first case, consider applying for a wildcard certificate.  In the second case, ask your internal visitors to use the full and correct name of the server.

When trying to go to a certificated server over https the message 'The page cannot be displayed' is shown on the browser?

There are a number of reasons to cause this, which are not directly related to the certificate; server configuration and firewall configuration (port 443 not allowed) are common causes.  It may also be that the private key file corresponding to the certificates is missing or not correctly loaded on the server.

I have deleted/lost my "private key" from the server ?

The private key was generated by you when you first applied for your certificate (see creating your CSR).  We have never been supplied with copies of this private key (to have done so would have been a security risk to your organisation).

Check the backups of the server and see if you can re-install the "private key".  You will need to contact your systems administrator to assist with this.  Your server vendor may be able to assist you via their technical support.  Failing this, a new certificate will need to be applied-for and purchased.

I have changed my server, or moved to a different provider, how do I move the certificate?

Provided the Fully Qualified Domain Name as specified in the certificate can still be used on the new server (i.e. the domain name of the server has not changed, or if the certificate is a wildcard certificate, has changed in a way consistent with the wildcard specification), then the existing certificate and private key can be exported from the old server and installed on the new server.

If the domain name has changed in a manner inconsistent with the specification contained in the certificate, then a new certificate will need to be applied-for and purchased.

All Third Party Trademark Rights Acknowledged.

This document is licensed for use only in conjunction with the use of Trustis Limited Trust Services.

Copyright © Trustis Limited 2006, All rights reserved. Trustis FPS Healthcare is not responsible for the content of external websites.