IDES Interactive Knowledge Base

Security Certificate

Last Updated: Mar 23, 2015 06:23AM CDT
Certificate Authorities (CA) are trusted third parties for the purposes of releasing certificates. The CA will provide information to IDES on the continued validity of the certificate (e.g., has the certificate been revoked, has the date expired, etc.). Each CA will have a process for releasing the certificate to you. You will need to provide information to the CA to prove who you are. The certificate will be loaded into IDES as part of the enrollment process. Each HCTA or FI Administrator will need to load the certificate themselves. This means that you will need to have the certificate prior to successfully enrollment. The certificate will be validated during enrollment. Validate certificates will be active (i.e., has not expired), will be valid (i.e., the CA hasn't revoked them) and the certificate will have come from one of the approved CAs. If any of these conditions are not met, the certificate is considered invalid. It will be your responsibility to confirm with your CA what needs to be done to overcome any of these challenges. Please visit the website of the CA of your choice to learn more about their process for obtaining your certificate:


When obtaining a SSL certificate you will be required to generate a Certificate Signing Request (CSR). This can be done on any computer using openSSL.

When creating the CSR  you will be asked for the Common Name (CN). The CN in the CSR is a Fully Qualified Domain Name (FQDN) that your company owns. This can be the top level domain name; there is no need to create a subdomain. You can use a domain that already has a SSL certificate installed on the webserver.
Please note that the use of the SSL certificate in the IDES system differs from its use securing a webserver. The SSL certificate that you obtain for use in the IDES system does not have to be installed on any computer. It will be uploaded to your account during an IDES account administrator’s enrollment.
When you create the CSR you will be generating a key pair, a  public and a private key. You will not send the private key to the CA when you provide them with the CSR. Please be sure to keep the private key on a secure computer for future use. Do not transmit the private key over any system that is not secure. During the data preparation process you will be using the private key to digitally sign your XML payload file.

For more basic information about CSRs please see the Wikipedia article.
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found