 |
How to Obtain Your Own SSL Certificate |
|||||||||||||||
| ||||||||||||||||
 | Web Site Hosting | Web Design | Broadband/Access | E-Mail Solutions | Accept Credit Cards | Hosting Support |  | |
 | ||||||||
ITS Web Hosting supports SSL certificates (Digital IDs) issued by thawte, VeriSign, and GeoTrust, and we are official resellers of thawte digital IDs. Please be aware that if you select another company they will bill you directly for a Digital ID. Digital IDs are issued per fully-qualified domain name (e.g. www.teamITS.com).
| Thawte | VeriSign* | GeoTrust* |
| Initial Digital ID, first year: from $149 (2 yrs $259) Renewal Digital ID, annually: from $149 (2 yrs $259) NOTE: When renewing an existing Thawte Certificate generated on our system the existing CSR must be requested directly from technical support, the SSL Request form should not be completed again - that will lead to key matching errors and the need for subsequent certificate re-issues for which additonal charges will be incurred with Thawte. |
Initial Digital ID, first year: from $349 Renewal Digital ID, annually: from $299 Additional Digital ID, annually: $299 |
Initial Digital ID, first year: from $169 Renewal Digital ID, annually: from $149 |
| *Pricing for third party Digital IDs is not set or collected by ITS -- Be sure to check the pricing info section of the company you chose prior to submitting SSL requests to confirm the latest pricing. | ||
If you wish to use a Comodo certificate, realize that you must purchase their three (3) year certificate. This is required as the one and two-year Comodo certificates do not work on our system. Additionally, prior to purchasing your certificate, we advise that you read the Comodo Frequently Asked Questions (FAQs).
A note regarding transfers of existing certificates...
If you wish to transfer an existing certificate from another provider to ITS, the certificate
can be transferred IF it is coming from an existing Irix box running Stronghold SSL software
(this will differ for Shared Hosting or Advanced Hosting plans). The current system administrators
will need to provide us with the private keys as well as the current certificate. This information
must be submitted to ITS Technical Support. If this
cannot be done, a new CSR will need to be generated and the steps outlined below will need to
be followed.
For Windows plans, we can transfer an existing certificate if you can provide the .key or .pfx file, the correct password, and the version of IIS in which the key was generated.
To renew your certificate
Please see the instructions on VeriSign's site (the bottom of that page has step-by-step instructions). Note Step 1 is to generate another CSR, which can be done by following our Step 1 below.
To obtain a new certificate
1. Complete our Information Form
Fill-out and submit one of the following information forms to begin the process:
For UNIX hosting accounts:
http://yourdomain.com/cgi-bin/secure/ssl (UNIX)For NT hosting accounts:
http://yourdomain.com/stats/sslset.asp (Windows)
A description of required form fields is listed below.
The forms listed above can used to submit requests for VeriSign, Thawte, -AND- GeoTrust Digital IDs.
Please remember that ALL fields on an SSL request are REQUIRED. If any fields are left blank, we cannot generate the CSR. The biggest offender for this is the 'Organizational Unit' field. If your client does not have a specific organizational unit, we suggest using something like 'Secure Services Division'. Incomplete form submissions will be returned with a request to resubmit accordingly.
2. Receive "CSR" via e-mail from ITS
After completing our form, we will gather information about your site and generate an encrypted Certificate Signing Request (CSR). The newly generated CSR will be returned to you via e-mail.
At the same time, a 30-day temporary SSL certificate is created on the server. This certificate will expire in 30 days of the date you filled out the form. During this period of time visitors will be able to access your website securely, however, visitors will also be able to detect that a temporary certificate is in place. In addition, visitors may also encounter a message which indicates that their web browser does not recognize the authority who signed its Certificate. Regardless, it is very important that the remaining steps of this procedure be completed in a timely manner.
Important: Once you receive your temporary Verisign certificate, your shared SSL certificate will no longer be active. You should be prepared to modify your secure server URL references from our shared domain to your own domain to minimize any interruption in service. Please also take note, if you are running a shopping cart program, such as SoftCart or ShopSite, there will need to be adjustments made to your SoftCart shopping cart manager files which Tech Support can help with. ShopSite users are able to adjust their settings to reflect their new SSL certificate from within their store manager.
3. Submit your "CSR" to VeriSign or Thawte
Once you have received the CSR, you will need visit either the VeriSign, Thawte, or GeoTrust website to initiate the enrollment process. At some point in the enrollment process, you will be prompted to submit the new CSR through their enrollment form. The enrollment forms can be found at the following locations:
| VeriSign | New ID |
| Renewal ID | |
| Additional ID | |
| (note step 1 in these instructions is to generate a CSR, which you've already done) | |
| Thawte | New ID |
The company you have chosen will generate an encrypted server "key" and send that to you via email.
Important: Web Server Software Form Field Options
- UNIX Accounts: C2Net Stronghold
- Windows Server 2003 Accounts: Microsoft IIS (Internet Information Server) 6
Windows Server accounts will need to purchase a "site certificate", not a "server certificate". If you are using Thawte as the certification agency, please choose [Standard Certificate Format] for use on our servers. On our Windows 2003 servers we generate 1024 bit keys.
4. Receive your server "key" and send it to ITS
You should receive your server "key" via e-mail from your certificate provider shortly after you submitted your "CSR" in step 3 above. Send the "key" file to Technical Support to be installed on the server. Once completed, your certificate is then activated and you will be able to SSL with your own certificate. You will receive a notice of completion from Technical Support when the certificate is activated.
Explanation of the form fields you will need to complete:
All fields are required!
Common Name: Your website's fully qualified domain name (e.g. www.yourdomain.com). The domain name must be registered to the organization specified in this field. You cannot use the symbols "*" or "?" as part of your Common Name.
Organization/Company: The legal name under which your organization is registered. Do NOT abbreviate.
Organizational Unit: This is used to differentiate between organizational divisions. A DBA (Doing Business As) entry is acceptable -or- "Secure Services Department" is commonly used. Do NOT abbreviate.
City/Locality: Required for organizations registered only at the local level. Do NOT abbreviate.
State/Province: The complete name of the state or province in which your organization is located.
Country: The two-character ISO-format country code (e.g. GB for Great Britain, US for the United States). Click here for a list of valid country codes.
E-mail Address: Your "CSR" will be sent to this address.
Technical Contact: The person who should receive the certificate and who will provide notice if the Digital ID is compromised. For example, this may be your organization's webmaster or the appropriate technical support representative at your Internet Service Provider. Renewal notices are sent to both the technical and organizational contacts.
Organizational Contact: The person within your organization who will take responsibility for the certificate and provide organizational information. For example, this may be your organization's CEO or the appropriate support person. The organizational contact must be a member of your organization, not a representative of your Internet Service Provider. Renewal notices are sent to both the technical and organizational contacts.
Definitions
Digital ID
A collection of electronic data consisting of a Public Key, identifying information about
the owner of the Public Key, and validity information, which has been Digitally Signed by a CA.
Certified shall refer to the condition of having been issued a valid Digital ID by a CA, which
Digital ID has not been revoked.
Digital ID Revocation List ("CRL")
A collection of electronic data containing information concerning revoked Digital IDs.
Certification Authority ("CA")
VeriSign or an entity which is Certified by VeriSign to issue Digital IDs to Users in
a VeriSign Digital ID Hierarchy. VeriSign is Customer's CA hereunder.
Digital Signature
Information encrypted with a Private Key which is appended to electronic data to identify
the owner of the Private Key and verify the integrity of the electronic data. Digitally Signed
shall refer to electronic data to which a Digital Signature has been appended.
Private Key
A mathematical key which is kept private to the owner and which is used to create Digital
Signatures or to decrypt electronic data.
Public Key
A mathematical key which is available publicly and which is used to verify Digital Signatures
created with the matched Private Key and to encrypt electronic data which can only be decrypted
using the matched Private Key.
Please note: the information on this page applies to ITS web hosting plans. It may or may not apply to other environments. If you are looking for a feature described here, or better support from your hosting provider, please consider hosting your site with ITS!
Copyright © 1996-2008, Integrated Technical Solutions, Inc., all rights reserved. See Terms/Legal for trademarks, copyright, and terms of use.
Naperville, IL 60563
fax 630.420.2771