Certificates

Rdbhost.com has a certificate for the encryption of data between our server and your client (or your user's client browser). This certificate is for the domain name 'www.rdbhost.com'.

You can use this certificate if you like, and if you are querying from another server, you can use our domain name for the request and all is well. If you are using Rdbhost databases from JavaScript in the browser, on the other hand, you may need to access our server using an alternate domain name, and then the certificate is no longer authenticatable, as it refers to a domain other than the one you are using.

Your Certificate

You can, as an alternative, provide your own trusted certificate, made out to your domain name, and install it here.

Obtaining a trusted certificate involves three steps.

  1. Create a certificate signing request (CSR) and private key.
  2. Purchase a trusted certificate from a vendor, providing them the CSR and your domain name.
  3. Install the certificate here.

The CSR page here will generate a CSR and private key for you. You should cut-and-paste them into files on your workstation for safe-keeping. The server does not save them and returning to the CSR generation page will generate a new different CSR and key each time.

When you purchase your certificate, you provide them the CSR you saved. You also provide the domain name you intend to use, and verifiable information about who you and your company are. In principle, they should verify this before they issue a certificate vouching for your identity.

When you have the certificate, with or without a chain bundle, return to the Rdbhost website and provide us the key. The certificate form page has one input field, which accepts multiple certificate files in sequence. The cert for your domain should precede the chain file certs. These are all ascii text, delimited with new lines and readable phrases, and can readily be cut-and-pasted. Include your private key file as well, at the top of the field or the bottom.

The key file will resemble this:

-----BEGIN RSA PRIVATE KEY----- MIICXQIBAAKBgQC1EEOWqOUZpOYY9FSxMbsGSuhVuCWhA5JWWrGx45phHGlLxFOn cOtzOexReJ5f+jskcUg5+vRMENbxolgzObhtnPNHg4RgNDR94YSi3RMaA8UXkfA7 isLtlAn8k17TRfyF7u3bTxJgUSRSpKe8UfTTANKhHELxXTHQMGPh1wHbLQIDAQAB AoGBALJK36M9kMtdu06bWcJabAXYQUwXVsZkk/cAu7Wln+E8btsy6gUZhmAii3f2 RE3SQ+awviSJ34H/mwi5igx3LAjqMc6UXOig9HV6UC6akHRMgZObUClCthej0GJ0 oibYcbWnnbQop86a6gZQOmOD+rZHASblTjJDOb/g68o1rq5pAkEA61XnFt51MqUy AIR27ME9qFl5t8H++KZ6Yum38l6aNILAttrCARiGcIfihubHDUVppnL3pcXMrcvV lT/F0K8WAwJBAMT2Yga/lnzi6r4HojqRaj/VxTttGAYxcwiZn1kQC4SXyp/oJWj/ p1QJmCIhYvOf6Gn7UtTzyX8Owh1cICT52w8CQDJraCRNKvzbybe0qaoVyLj92ocV KCRrvoLcog1qWU1wygsjGTeU4pDPfCf8356nRXhk30wD8dM2fZ8JV79bE7MCQEQP /Cnm1OMNKx9F1gq1K2kpvwFdHpstRVoodAc74y8LoSqG9z6Ecdc5hYftz5runErb XXFXWT7945hvuG/uo4MCQQCpy9tDAK1wg3yfEzHK5Kr3lbg9udJ0BI29VDpr/Z8/ 5/z8PnTlFXnP1nDO6wmynByLwYmqBszxXQqTkmD9Pn+y -----END RSA PRIVATE KEY-----

and the certificate file will resemble this:

-----BEGIN CERTIFICATE----- MIICsDCCAhmgAwIBAgIJANMDZ5vopS61MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV BAYTAlVTMQswCQYDVQQIEwJUWDELMAkGA1UEBxMCRVAxHDAaBgNVBAMTE3JkYmhv c3QuanNwYXN0ZS5jb20wHhcNMTEwNjE4MjMxMzAxWhcNMTMwNjE3MjMxMzAxWjBF MQswCQYDVQQGEwJVUzELMAkGA1UECBMCVFgxCzAJBgNVBAcTAkVQMRwwGgYDVQQD ExNyZGJob3N0LmpzcGFzdGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB gQC1EEOWqOUZpOYY9FSxMbsGSuhVuCWhA5JWWrGx45phHGlLxFOncOtzOexReJ5f +jskcUg5+vRMENbxolgzObhtnPNHg4RgNDR94YSi3RMaA8UXkfA7isLtlAn8k17T RfyF7u3bTxJgUSRSpKe8UfTTANKhHELxXTHQMGPh1wHbLQIDAQABo4GnMIGkMB0G A1UdDgQWBBSFx0FDX3IXOjcthE1AV8BaBam/kDB1BgNVHSMEbjBsgBSFx0FDX3IX OjcthE1AV8BaBam/kKFJpEcwRTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlRYMQsw CQYDVQQHEwJFUDEcMBoGA1UEAxMTcmRiaG9zdC5qc3Bhc3RlLmNvbYIJANMDZ5vo pS61MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAANugltu2jtUejez1 as7p0qPuNG3IXz+JxEYki8xmbaJ4RNsuYsSnaTzHRWm+/Yll8ZutXHeOPcuFGxom C5uVJGDHfJbuV70DXc8+PEPSexGtDiDy17dODinJl6ExPzrorsqYWa6HzglgDHPA OkBf1vRzQY8QndayB4WhwBQSu74= -----END CERTIFICATE-----

The chain file, if you receive one, will be a sequence of certificates like the one above.

Installation

Once all the certificates and key files have been entered into the form and submitted, wait a minute or two and test. Your domain should be reachable by a modern browser without any SSL/TLS1 errors.

1TLS is an acronym meaning Transport Layer Security, and is a newer term replacing SSL, meaning Secure Sockets Layer. We use the two acronyms together, as one is more recognizable, and the other is more correct.