ITS Web Hosting supports SSL certificates (Digital IDs) issued by Thawte, VeriSign, and GeoTrust, and we are official resellers of Thawte SSL certificates.  Please be aware that if you select another company they will bill you directly for your SSL certificate.  Digital IDs are issued per fully-qualified domain name (e.g.

Thawte VeriSign* GeoTrust*
Initial Digital ID, first year: from $149
Renewal Digital ID, annually: from $149
(multi-year discounts available)

NOTE: When renewing an existing Thawte Certificate generated on our system the existing CSR must be requested directly from technical support, the SSL Request form should not be completed again - that will lead to key matching errors and the need for subsequent certificate re-issues for which additonal charges will be incurred with Thawte.
Initial Digital ID, first year: from $399
Renewal Digital ID, annually: from $299
Additional Digital ID, annually: $299
Initial Digital ID, first year: from $246
Renewal Digital ID, annually: from $199
  *Pricing for third party Digital IDs is not set or collected by ITS -- Be sure to check the pricing info section of the company you chose prior to submitting SSL requests to confirm the latest pricing.

A note regarding transfers of existing certificates...
If you wish to transfer an existing certificate from another provider to ITS, the certificate can be transferred IF it is coming from an existing Irix box running Stronghold SSL software (this will differ for Shared Hosting or Advanced Hosting plans).  The current system administrators will need to provide us with the private keys as well as the current certificate.  This information must be submitted to ITS Technical Support.  If this cannot be done, a new CSR will need to be generated and the steps outlined below will need to be followed.

For Windows plans, we can transfer an existing certificate if you can provide the .key or .pfx file, the correct password, and the version of IIS in which the key was generated.

To renew your certificate

Please see the instructions on VeriSign's site (the bottom of that page has step-by-step instructions). Note Step 1 is to generate another CSR, which can be done by following our Step 1 below.

To obtain a new certificate

1. Complete our Information Form

Fill-out and submit one of the following information forms to begin the process:

For UNIX hosting accounts: (UNIX)

For NT hosting accounts: (Windows)

A description of required form fields is listed below.

The forms listed above can used to submit requests for VeriSign, Thawte, -AND- GeoTrust Digital IDs.

Please remember that ALL fields on an SSL request are REQUIRED. If any fields are left blank, we cannot generate the CSR. The biggest offender for this is the 'Organizational Unit' field. If your client does not have a specific organizational unit, we suggest using something like 'Secure Services Division'. Incomplete form submissions will be returned with a request to resubmit accordingly.

2. Receive "CSR" via e-mail from ITS

After completing our form, we will gather information about your site and generate an encrypted Certificate Signing Request (CSR). The newly generated CSR will be returned to you via e-mail.

At the same time, a 30-day temporary SSL certificate is created on the server. This certificate will expire in 30 days of the date you filled out the form. During this period of time visitors will be able to access your website securely, however, visitors will also be able to detect that a temporary certificate is in place. In addition, visitors may also encounter a message which indicates that their web browser does not recognize the authority who signed its Certificate. Regardless, it is very important that the remaining steps of this procedure be completed in a timely manner.

Important: Once you receive your temporary Verisign certificate, your shared SSL certificate will no longer be active. You should be prepared to modify your secure server URL references from our shared domain to your own domain to minimize any interruption in service. Please also take note, if you are running a shopping cart program, such as SoftCart or ShopSite, there will need to be adjustments made to your SoftCart shopping cart manager files which Tech Support can help with. ShopSite users are able to adjust their settings to reflect their new SSL certificate from within their store manager.

3. Submit your "CSR" to VeriSign or Thawte

Once you have received the CSR, you will need visit either the VeriSign, Thawte, or GeoTrust website to initiate the enrollment process.  At some point in the enrollment process, you will be prompted to submit the new CSR through their enrollment form.  The enrollment forms can be found at the following locations:

VeriSign New ID
Renewal ID
Additional ID
(note step 1 in these instructions is to generate a  CSR, which you've already done)
Thawte New ID

The company you have chosen will generate an encrypted server "key" and send that to you via email.

Important: Web Server Software Form Field Options

  • UNIX Accounts: C2Net Stronghold
  • Windows Server 2003 Accounts: Microsoft IIS (Internet Information Server) 6

Windows Server accounts will need to purchase a "site certificate", not a "server certificate". If you are using Thawte as the certification agency, please choose [Standard Certificate Format] for use on our servers. On our Windows 2003 servers we generate 1024 bit keys.

4. Receive your server "key" and send it to ITS

You should receive your server "key" via e-mail from your certificate provider shortly after you submitted your "CSR" in step 3 above.  Send the "key" file to Technical Support to be installed on the server.  Once completed, your certificate is then activated and you will be able to SSL with your own certificate.  You will receive a notice of completion from Technical Support when the certificate is activated.

Explanation of the form fields you will need to complete:

All fields are required!

Common Name: Your website's fully qualified domain name (e.g.  The domain name must be registered to the organization specified in this field.  You cannot use the symbols "*" or "?" as part of your Common Name.

Organization/Company: The legal name under which your organization is registered.  Do NOT abbreviate.

Organizational Unit: This is used to differentiate between organizational divisions.  A DBA (Doing Business As) entry is acceptable -or- "Secure Services Department" is commonly used.  Do NOT abbreviate.

City/Locality: Required for organizations registered only at the local level. Do NOT abbreviate.

State/Province: The complete name of the state or province in which your organization is located.

Country: The two-character ISO-format country code (e.g. GB for Great Britain, US for the United States).  Click here for a list of valid country codes.

E-mail Address: Your "CSR" will be sent to this address.

Technical Contact: The person who should receive the certificate and who will provide notice if the Digital ID is compromised.  For example, this may be your organization's webmaster or the appropriate technical support representative at your Internet Service Provider.  Renewal notices are sent to both the technical and organizational contacts.

Organizational Contact: The person within your organization who will take responsibility for the certificate and provide organizational information.  For example, this may be your organization's CEO or the appropriate support person. The organizational contact must be a member of your organization, not a representative of your Internet Service Provider.  Renewal notices are sent to both the technical and organizational contacts.

(return to Step 1)


Digital ID
A collection of electronic data consisting of a Public Key, identifying information about the owner of the Public Key, and validity information, which has been Digitally Signed by a CA. Certified shall refer to the condition of having been issued a valid Digital ID by a CA, which Digital ID has not been revoked.

Digital ID Revocation List ("CRL")
A collection of electronic data containing information concerning revoked Digital IDs.

Certification Authority ("CA")
VeriSign or an entity which is Certified by VeriSign to issue Digital IDs to Users in a VeriSign Digital ID Hierarchy. VeriSign is Customer's CA hereunder.

Digital Signature
Information encrypted with a Private Key which is appended to electronic data to identify the owner of the Private Key and verify the integrity of the electronic data. Digitally Signed shall refer to electronic data to which a Digital Signature has been appended.

Private Key
A mathematical key which is kept private to the owner and which is used to create Digital Signatures or to decrypt electronic data.

Public Key
A mathematical key which is available publicly and which is used to verify Digital Signatures created with the matched Private Key and to encrypt electronic data which can only be decrypted using the matched Private Key.

(return to top)

Please note: the information on this page applies to ITS web hosting plans. It may or may not apply to other environments. If you are looking for a feature described here, or better support from your hosting provider, please consider hosting your site with ITS!

1555 N Naperville/Wheaton Road, Suite 107
Naperville, IL 60563
phone 630.420.2550
fax 630.420.2771