What is a PKI?

A Public Key Infrastructure (PKI) is a set of assets that allow to bind public keys to identities (such as domain name, user...). The role of the PKI is to assist users in obtaining the necessary public keys.

Public keys enable cryptographic operations, such as encryption and digital signature, which provide, if correctly implemented, in transactions:

  • Confidentiality,
  • Integrity,
  • Authentication,
  • Non-repudiation.

If you want more information about PKI, you can find more details on the dedicated Wikipedia page.

   ADEO ROOT CA certificate
Server Security Logo
ADEO logo

What should I download ?

Usually, you just need to download and install the ADEO root CA certificate.

For more downloads and information, go to the download section.

What should I download ?

Download

If you are a user who want to access to a website or an API that is protected by a certificate issued by ADEO Certificate Authority, you want to avoid such error:

unknown-cert-authority


Please do not ignore the error and add an exception to visit the website anyway.
You need to download and install the ADEO root CA certificate (PEM format) or ADEO root CA certificate (P7B/PKCS#7 format) depending of the expected format of your operating system.

If you need a certificate to protect your web server, see below.


Install

Installing a root CA certificate on Windows or MacOS is straightforward: double-click on it and choose to install it as root it as trusted root CA.
Firefox has its own CA certificate store, so if you use Firefox, you need to install the ADEO ROOT CA certificate in it too.

Please note that you should never install intermediate certificates.

   ADEO ROOT CA certificate
Tests

What about test environments ?

An ADEO root CA specific for test environments, referred as TEST ADEO ROOT CA, is available bellow:

   TEST ADEO ROOT CA certificate

Please note that you must not install the TEST ADEO ROOT CA if you don't need to.

ADEO logo ADEO logo

I want to protect my web server with an ADEO certificate

Request a certificate

You can request a certificate on ServiceNow. Search for "Certificate request".
You will receive a PKCS#12 file that contains:

  • The private key,
  • The requested domain name certificate,
  • The intermediate CA certificate (e.g. ADEO SERVICES INFRA CA1),
  • The root CA certificate (ADEO ROOT CA1).

When a client connects to an https web server, to avoid SSL/TLS error, the server must provide the certificate chain to the client, so it can validate the chain.
The chain must be as follow:

-----BEGIN CERTIFICATE-----
(Your Primary SSL certificate: your_domain_name.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Intermediate certificate: ADEO_SERVICES_INFRA_CA1.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Root certificate: ADEO_ROOT_CA1.crt)
-----END CERTIFICATE-----

Please note that providing the root CA is not mandatory, as the client must have its own trusted root CA certificates in its CA certificate trust store.


Install

We won't explain here how to install server certificates here, as it depends of your operation system, http server, application server, language, framework... Please refer to the documentation of the products you use.