Frequently Asked Questions

Install Test CA Root into the Browser:

In order to test the use of this certificate, you must install a special Test CA Root on EACH BROWSER that you will be using in the test. (This is a special step that VeriSign has implemented to prevent fraudulent use of test certificates. When you purchase a regular SSL Certificate, your users will NOT have to go through this step). If you need assistance on installing the Test CA Root, please read these instructions.

Use of Test Certificates and the Test CA is governed by VeriSign's Test CPS. You must agree to be bound by all of its terms and conditions before using the Test Digital ID or downloading the Test CA Certificate.

YOU MUST READ THIS SERVER CERTIFCATE AGREEMENT ("AGREEMENT") CAREFULLY. BY CLICKING "ACCEPT" BELOW AND/OR BY REQUESTING OR USING A CERTIFICATE (AS THAT TERM IS DEFINED BELOW), YOU AGREE TO BECOME A PARTY TO, AND TO BE BOUND BY, THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT, CLICK "DECLINE" BELOW, AND YOU WILL NOT BE ABLE TO ENROLL FOR OR USE A CERTIFICATE. THIS SERVER CERTIFICATE AGREEMENT is made between VeriSign, Inc. ("VeriSign") and you, a certificate applicant ("Customer"). This Agreement governs, among other things: (1) Customer's application for a VeriSign Server Digital IDSM certificate ("Certificate"), (2) VeriSign's issuance of Customer's Certificate, and (3) use of the Certificate. In consideration of the promises in this Agreement, and intending to be legally bound, the parties agree as follows: 1. USE LIMITED TO AUTHORIZED TESTING PURPOSES. TEST CERTIFICATES AND THE TEST CA ROOT CERTIFICATE SHALL BE USED EXCLUSIVELY FOR TEST PURPOSES. TEST CERTIFICATES, THE TEST CA ROOT CERTIFICATE, AND ALL COMPONENTS THEREOF SHALL NOT BE USED OR RELIED UPON FOR ANY OTHER PURPOSES, INCLUDING COMMERCIAL TRANSACTIONS, AUTHENTICATING THE IDENTITY OF A SUBSCRIBER OR THE TEST CA, OR IN CONNECTION WITH ENSURING THE CONFIDENTIALITY OF ANY INFORMATION. DO NOT REQUEST OR USE A TEST CERTIFICATE OR THE TEST CA ROOT CERTIFICATE FOR ANY PURPOSE OTHER THAN FOR AUTHORIZED TECHNICAL TESTING. SUBSCRIBERS AND USERS ACKNOWLEDGE THAT NEITHER THE IDENTITY NOR AUTHORITY OF SUBSCRIBERS HAS BEEN AUTHENTICATED OR APPROVED BY THE TEST CA OR VERISIGN. 2. Issuance and Use. Upon VeriSign's receipt and approval of a complete and approved application for a Test Certificate, VeriSign shall issue a Test Certificate to a Subscriber. VeriSign shall also provide Subscriber and other Users with access to the Test CA Root Certificate. Test Certificates and the Test CA Root Certificate shall be used exclusively for authorized testing purposes in simulating the process by which a browser authenticates and establishes a secure channel to a web site that properly uses a Server Digital ID certificate. 3. No Suspension or Revocation Services. Subscribers and Users acknowledge that VeriSign shall not be required to suspend or revoke Test Certificates at the request of the Subscriber. VeriSign shall be entitled at its sole discretion to revoke any or all Test Certificates. 4. Permission to Publish Information. VeriSign shall be entitled to publish and otherwise to disclose publicly any Test Certificate or any portion of the content of a certificate, in connection with VeriSign's dissemination of Test Certificate information within and outside of VeriSign's Test CA hierarchy. 5. DISCLAIMER OF WARRANTY. VERISIGN ISSUES TEST CERTIFICATES "AS IS." VERISIGN DISCLAIMS ANY WARRANTIES WHATSOEVER WITH RESPECT TO THE SERVICES PROVIDED BY VERISIGN HEREUNDER, INCLUDING WITHOUT LIMITATION ANY AND ALL IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. VERISIGN MAKES NO REPRESENTATION OR WARRANTY TO ANY PERSON THAT ANY SUBSCRIBER TO WHICH IT HAS ISSUED A TEST CERTIFICATE IS IN FACT THE PERSON OR ORGANIZATION IT CLAIMS TO BE IN INFORMATION SUPPLIED TO VERISIGN, OR THAT ANY PERSON OR ORGANIZATION IS IN FACT THE PERSON OR ORGANIZATION LISTED IN A TEST CERTIFICATE OR THE TEST CA ROOT CERTIFICATE. VERISIGN MAKES NO ASSURANCES OF THE ACCURACY, AUTHENTICITY, INTEGRITY, OR RELIABILITY OF INFORMATION CONTAINED IN TEST CERTIFICATES OR THE TEST CA ROOT CERTIFICATE, OR OF THE RESULTS OF CRYPTOGRAPHIC METHODS IMPLEMENTED IN CONNECTION WITH SUCH CERTIFICATES. NO ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY VERISIGN OR ITS EMPLOYEES OR REPRESENTATIVES SHALL CREATE A WARRANTY OR IN ANY WAY INCREASE THE SCOPE OF VERISIGN'S OBLIGATIONS. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO THE DISCLAIMERS IN THIS TEST CPS MAY NOT APPLY TO YOU.</B> 6. LIMITATION OF LIABILITY. NO PARTY SHALL BE LIABLE TO ANY OTHER PERSON FOR ANY CONSEQUENTIAL, INDIRECT, SPECIAL, OR INCIDENTAL DAMAGES, EVEN IF SUCH OTHER PERSON HAS BEEN ADVISED OF THE LIKELIHOOD OF SUCH DAMAGES. SOME JURISDICTIONS DO NOT OR CONSEQUENTIAL DAMAGES, SO THE LIMITATION OR EXCLUSION OF LIABILITY IN THIS TEST CPS MAY NOT APPLY TO YOU. THE AGGREGATE LIABILITY TO ANY AND ALL PERSONS CONCERNING A SPECIFIC CERTIFICATE, WHETHER IN CONTRACT, TORT, OR OTHERWISE,SHALL BE LIMITED TO AN AMOUNT NOT TO EXCEED FIFTY U.S. DOLLARS ($ 50.00). 7. Certificate Expiration. Test Certificates, and the parties obligations under this Test CPS, shall expire two (2) weeks from the date of certificate issuance. VeriSign shall be entitled to revoke a Test Certificate and terminate its obligations to a Subscriber under this Test CPS within its sole discretion at any time, with or without cause. 8. After Expiration or Revocation. Upon expiration or revocation for any reason, a Subscriber's Test Certificate and all components thereof, shall not be used or relied upon for any reason. Such expiration or revocation shall not affect Sections 4, 5, 6, 8, and 9 of this Test CPS and all subsections of the foregoing, which shall continue in full force and affect to the extent necessary to permit the complete fulfillment thereof. Users shall delete the Test CA Root Certificate from their browsers upon completion of testing. 9. Miscellaneous Provisions. 9.1 Governing Laws. The laws of the State of California, U.S.A. (irrespective of its choice of law principles) shall govern the validity of this Test CPS, the construction of its terms, and the interpretation and enforcement of the rights and duties of the parties hereto. 9.2 Successors and Assigns. Except as otherwise provided herein, this Agreement shall be binding upon, and inure to the benefit of the respective successors, executors, heirs, representatives, administrators, and assigns of the Parties. Neither this Test CPS nor Subscriber's Test Certificate shall be assignable by Subscriber. Any such attempted assignment or delegation shall be void and of no effect. 9.3 Severability. If any provision of this Test CPS, or the application thereof, shall for any reason and to any extent, be invalid or unenforceable, the remainder of this Test CPS and application of such provision to other persons or circumstances shall not be affected thereby and shall be interpreted so as best to reasonably effect the intent of the parties. IT IS EXPRESSLY UNDERSTOOD THAT EACH AND EVERY PROVISION OF THIS TEST CPS THAT PROVIDES FOR ANY LIMITATION, DISCLAIMER OR EXCLUSION OF LIABILITY, WARRANTIES, OR DAMAGES IS INTENDED BY THE PARTIES TO BE SEVERABLE AND INDEPENDENT OF ANY OTHER PROVISION AND TO BE ENFORCED AS SUCH. 9.4 Entire Agreement. This Test CPS constitutes the entire understanding and agreement of the Parties hereto with respect to the subject matter hereof and supersedes all prior and contemporaneous oral and written agreements or understandings among the parties. 9.5 Notices. Whenever Subscriber or User desires or is required to give any notice, demand, or request to VeriSign with respect to this Test CPS, each such communication shall be in writing and shall be effective only if it is delivered by a courier service that confirms delivery in writing or is mailed, certified or registered mail, postage prepaid, return receipt requested, addressed to VeriSign, Inc., One Alewife Center, Cambridge, MA 02140, Attention: Practices. VeriSign's telephone number is +1-650-492-2816. Such communications shall be effective when they are received. 9.6 Trademarks and Trade Names. By reason of this Test CPS or the performance hereof, Subscriber and VeriSign shall acquire no rights of any kind in any trademark, brand name, logo, or product designation of the other Party and shall not make any use of the same for any reason except as otherwise authorized in writing by the Party that owns all rights to such trademarks, trade names, logos, or product designation.

Click the ACCEPT button to install
the Test CA Root

Microsoft Browsers

Version 4.0

Click on the Accept Button at the top of this page.
A Dialog Box will appear that says "You have chosen to download a file from this location: getcacert.crt from digitalid.verisign.com" Click the option that says "Open this file from its current location." Click OK
Another dialog box will appear, indicating the uses for this certificate. Make sure that "enable Certificate" and "Network Server Authentication" are checked. Click OK
If you have already downloaded the Test CA, a dialog box will appear asking if you want to delete an older root. Click Yes.
Another dialog box will appear asking if you want to add the new Test CA root. Click Yes.
Repeat this procedure for each browser that you will be using in the test.

Note: If you are having trouble opening the certificate file from this location or are receiving 'File not Associated' errors, please follow the instructions below:

After clicking the 'Accept' button, select the option 'Save this file to disk'.
For convenience, you should save the file to your desktop.
Locate the file on your desktop. Right-click on the file and select 'Rename'. Change the file extension to ".cer".
Right-click on the newly-renamed file, and select 'Install Certificate'.
Proceed through the installation wizard as displayed.

Version 5.0

Click on the Accept Button at the top of this page.
A Dialog Box will appear that says "You have chosen to download a file from this location: "getcacert from digitalid.verisign.com" Click the option that says "Save this file to Disk." Click OK
Select the location of the file, leave name and file type to default
Prompt will appear: Download Complete, click Close.
Open IE 5.0 Browser
Go to Tools/Internet Options/ Content/ Certificates (trusted root authorities tab)/ Import
Certificate Manager Import Wizard: click Next
Browse to the location of the recently stored root (done in step 3), select ALL files for file type.
Select "getcacert" and click open
Click Next
Select "place all certificates in the following store" option
Highlight "Trusted Root Certification Authorities" and click OK
Click Next 14.Click Finish
User will be prompted and asked if they wish to add the following certificate to the root store, click Yes.
To Verify the installation of the "Intermediate Root CA" into your browser, go into:
Go to Tools/Internet Options/ Content/ Certificates (trusted root authorities tab) It should read as "For VeriSign Authorized Testing Only".

Netscape Browsers

Click on the Accept Button at the top of this page.
A Dialog Box will appear that says, "You are about to go through the process of accepting a Certificate Authority. This has serious implications on the security of future encryptions using Netscape. This assistant will help you decide whether or not you wish to accept this Certificate Authority." Click NEXT
A Dialog Box appears that says, "A Certificate Authority certifies the identity of sites on the internet. By accepting this Certificate Authority….." Click NEXT
A Dialog Box appears that says," Here is the certificate for this Certificate Authority. Examine it carefully…." Click NEXT
A Dialog Box appears that says, "Are you willing to accept this Certificate Authority for the purposes of certifying other internet sites, email users, or software developers?" Check "Accept this Certificate Authority for Certifying Network Sites." Click NEXT
Do not check anything on the next dialog box. Click NEXT
Another dialog box will appear asking you to enter a Nickname. Choose Something like "VeriSign Test CA" Click FINISH.
Repeat this process for every browser that you will use in your testing.

Frequently Asked Questions

Q. Why do I need a Trial SSL Certificate?
A. The VeriSign Trial ID allows you to test the benefits of Secure Sockets Layer (SSL) technology in a pre-production environment. Prior to purchasing one of VeriSign's Secure Site services, you can generate a Certificate Signing Request (CSR), install the certificate, and enable SSL.

Q. How do I use the Trial ID?
A. After you complete and submit the Trial SSL Certificate enrollment form, you will receive the ID by e-mail within one hour. The e-mail will contain the CSR that you submitted, signed and ready to install on your Web server. The e-mail will also include a link to installation instructions. Once you have installed the certificate, you will be able to test your application for 14 days, with no obligation to purchase.

Q. How long does it take to receive the Trial SSL Certificate after I enroll? Where do I go to pick it up?
A. Within an hour of enrolling, the technical contact listed on the your order form will receive an e-mail containing the Trial SSL Certificate and installation instructions.

Q. I was not able to download/install my Free 14 Day Trial SSL Certificate. Can I get another Trial SSL Certificate valid for an additional 14 days?
A. Yes. In order to receive another Trial SSL Certificate, you must generate and submit a new CSR with a slightly different Organizational Unit. This will prevent a duplication error. For example, if you previously used "Marketing" as your Organizational Unit, change it to "Marketing1" when you submit your new CSR.

Q. Do you have a Trial SSL Certificate that is valid for more than 14 days? Can I extend the one that I have?
A. No. Currently VeriSign only offers a Trial SSL Certificate, that is valid for 14 days. VeriSign cannot modify or extend the validity period on an ID.

Q. I attempted to enroll for an additional Trial SSL Certificate and received a duplicate error. Why?
A. VeriSign cannot issue duplicate IDs. If you wish to enroll for an additional ID, you must generate a new CSR with a slightly different Organizational Unit and re-submit the enrollment. For example, if you previously used "Marketing" as your Organizational Unit, change it to "Marketing1" when you re-submit your CSR.".

Q. I never received the Trial SSL Certificate e-mail. Can you re-send it to me?
A. Unfortunately, we are not able to re-issue Trial SSL Certificates. If you wish to receive an ID, you must generate a new CSR with a slightly different Organizational Unit and re-submit the enrollment. For example, if you previously used "Marketing" as your Organizational Unit, change it to "Marketing1."

Q. Can I use the same CSR that I generated for a Trial SSL Certificate to enroll for a full, one- year SSL Certificate?
A. Some servers will allow you to use the same CSR and merge a new SSL Certificate with an existing private key. If you are not sure whether your server supports this function, please refer to your server’s technical manual. Alternatively, you can create a new private key and generate a new CSR before enrolling for an SSL Certificate.

Q. Do you have a Trial SSL Certificate for your Global Site Services?
A. No. Due to the restrictions in VeriSign's license from the U.S. Commerce Department’s Bureau of Export Administration, VeriSign is not allowed to issue Trial 128-bit SSL (Global Site) Server IDs, without performing full authentication procedures. As a result, we cannot offer a free, Trial 128-bit SSL (Global Site) Server ID Service.

Q. Why can I only generate a 512-bit key for the Trial SSL Certificate?
A. The size of the key that you generate is based the type of server software you are using. International versions (used outside the U.S.) and some older server software can only create 512-bit keys. U.S. domestic versions of the server software may allow you to generate a 1024-bit (128-bit) and 512-bit (40-bit) keys. VeriSign strongly recommends using a 1024-bit key when possible, as it allows stronger encryption.

Q. Can I use the Trial SSL Certificate on my production server?
A. No. The Trial SSL Certificate is to be used only in testing environments. Trial SSL Certificates provide no assurance of your corporate identity to others. VeriSign recommends using only 40-bit SSL Certificates and 128-bit SSL (Global Site) Server IDs on your production server.

Q. Why do I receive a dialog box stating that the browser does not recognize the Certificate Authority that issued my VeriSign Trial SSL Certificate?
A. A special trial root Certificate Authority is used to digitally sign VeriSign Trial SSL Certificates. This trial root will be manually installed in your browser as you enroll for a Trial SSL Certificate. To install the trial root CA in your browser, please go to: https://digitalid.verisign.com/server/trial/trialStep4.htm. This issue dialog box will not occur when you purchase and install a 40-bit SSL Certificate.

Q. What is the CA Root and why do I have to install it on all client browsers?
A. When we issue an ID, we act as a Certification Authority (CA). VeriSign digitally signs each ID it issues. Each browser contains a list of CA’s that are deemed to be "trusted.". The VeriSign Trial CA is for testing purposes only and is not included in any browser’s trust list. As a result, Trial SSL Certificates are not trusted by the browsers. To use a Trial SSL Certificate, you must install a special Test CA Root on EACH BROWSER that you will use to access the Web site secured with the Trial ID. To install the trial root CA in your browser, please go to: https://digitalid.verisign.com/server/trial/trialStep4.htm.