: Digital Certificates

Digital Certificates

A Digital Certificate is a document which gives your customers the assurance that your Web Site is legitimately yours and not an impostor's. A Digital Certificate will also provide you with a legal basis for transactions on the Internet.

The Secure Server (httpsd) you order from Speedsoft has a Digital Certificate embedded in the binary. This certificate contains information about who owns the certificate (company name, domain name, contact address, etc) as well as information about the issuing authority (Verisign, Thawte, etc). Because of the unique method of virtual hosting and the fact that the certificate is embedded in the web server binary, Speedsoft can only support one Digital Certificate per server. Therefore, only one virtual host per server may have a Digital Certificate. You may inquire with support@speedsoft.com whether a server is available for your site to have a Digital Certificate.

Ordering Your Own Digital Certificate
There are several companies that issue Digital Certificates--they are known as Certificate Authorities (CA). The three largest and most widely supported issuing authorities are GeoTrust, Verisign and Thawte.

In the explanation included below, the steps necessary to obtain a Digital Certificate from these CA's are discussed. The process required to obtain a Digital Certificate from other signing agencies is very similar. The Speedsoft Support Staff will be able to assist you with special differences that may exist in obtaining a Digital Certificate from a specific signing agency.

To order and install a digitally signed certificate you will need to do the following:

1. First, a "Certificate Signing Request" or CSR must be submitted to the CA on behalf of your company (or organization).
   1. Fill out the Certificate Request Form and e-mail it to "support@speedsoft.com". Be sure you indicate in the form whether you are requesting a Verisign or Thawte certificate.
   2. Speedsoft will then formulate a "Certificate Signing Request" from the information you provide and return this Request to you. Included in the Request is a block of information delimited by the phrase "NEW CERTIFICATE REQUEST". An example of such a block is included here for your reference:

      -----BEGIN NEW CERTIFICATE REQUEST-----
MIIBJTCB0AIBADBtMQswCQYDVQQGEwJVUzEQMA4GA1UEChs4lBMHQXJpem9uYTEN
A1UEBxMETWVzYTEfMB0GA1UEChMWTWVs3XbnzYSBDb21tdW5pdHkgQ29sbGVnZTE
A1UEAxMTd3d3Lm1jLm1hcmljb3BhLmVkdTBaMA0GCSqGSIb3DQEBAQUAA0kAMEYC
QQDRNU6xslWjG41163gArsj/P108sFmjkjzMuUUFYbmtZX4RFxf/U7cZZdMagz4I
MmY0F9cdpDLTAutULTsZKDcLAgEDoAAwDQYJKoZIhvcNAQEEBQADQQAjIFpTLgfm
BVhc9SQaip5SFNXtzAmhYzvJkt5JJ4X2r7VJYG3J0vauJ5VkjXz9aevJ8dzx37ir
3P4XpZ+NFxK1R=
-----END NEW CERTIFICATE REQUEST-----

       

2. Once you receive the information from Speedsoft which includes your "NEW CERTIFICATE REQUEST", you can then initiate your Verisign Digital Certificate order at the following URL:

       https://digitalid.verisign.com/ss_getCSR.html

   or initiate your Thawte Digital Certificate order at the following URL:

       https://www.thawte.com/cgi-bin/server/step1.sioux
   
   or initiate your GeoTrust Digital Certificate order at the following URL:

       http://www.geotrust.com/webtrust/index.htm

   These are the first pages of the certificate request forms. You must paste your "NEW CERTIFICATE REQUEST" block (in its entirety) in the text area included on these pages. This includes both the BEGIN and END certificate request lines (shown below) as well as all lines in between. It is very important that you include the entire block!

       -----BEGIN NEW CERTIFICATE REQUEST-----

   and

       -----END NEW CERTIFICATE REQUEST-----

   After you have pasted your certificate request block in the text area, press the "CONTINUE" button to work through the rest of the certificate request process. (If you are requesting a Thawte certificate, you will be asked to choose your "Web Server Software" - select "NCSA or NCSA Derivative Server").

   The information that will be required of you in the subsequent steps includes your company name (or organization name), your street address, etc. At a specific point in the enrollment process, the CA will require a "challenge phrase" or "password". The "challenge phrase" or "password" will be required on future actions you may wish to take in relation to your Digital Certificate.

   For example, if you lose your key pair, or your Digital Certificate is otherwise compromised, you must provide this Challenge Phrase to the Certificate Authority to verify that you are authorized to request revocation of the Digital Certificate. Choose a word or phrase that is easy for you to remember (or write it down), but would be unfamiliar to anyone attempting to impersonate you. Do not use your mother's maiden name, or any other phrase that could be easily guessed. The CA's do not have access to your Challenge Phrase or Password, so you must remember it.

   After you have chosen a challenge phrase or password, continue with the rest of the enrollment form. The final step in the enrollment process sends the request to the CA, and a PIN (Verisign) or Certificate ID (Thawte) is returned back to the user. Use this PIN or ID in all correspondence with the CA concerning the processing of your Digital Certificate.
    

3. Now that your Digital Certificate Order is complete, you need to supply authenticating documentation to the signing agency. The CA will require various documentation such as a business license, Articles of Incorporation, or other charter documents to verify your organization's identity. Procedures for providing this information will be emailed to you shortly after the CA has received your Certificate Signing Request. If the information you provided is complete and can be verified, your order will be processed within 3-5 business days.

   Please note that Speedsoft cannot act in behalf of you in this matter. Furthermore, Speedsoft cannot do anything to expedite the certificate generation process. This is strictly dependent upon the CA.
    

4. After the Digital Certificate has been generated, Verisign will return the signed certificate to you via electronic mail, and Thawte will email you a URL from where you can download your Digital ID. You will need to forward this message to support@speedsoft.com. We can then install the certificate. Installation can take from 1-3 business days to complete.