Click here to return to Newclient Main Help Page


Back

Digital Certificates

A Digital Certificate is a document which gives your customers the assurance that your Web Site is legitimately yours and not an impostor's. A Digital Certificate will also provide you with a legal basis for transactions on the Internet.

The Secure Server (httpsd) you order from Beck Web has a Digital Certificate embedded in the binary. This certificate contains information about who owns the certificate (company name, domain name, contact address, etc) as well as information about the issuing authority (VeriSign, Thawte, etc).

Additional information about Digital Certificates is presented below in the following sections:

    The Default Digital Certificate
    Ordering Your Own Digital Certificate
    SSL and Digital Certificate information from the BeckWeb AW Server FAQ

    One note about Digital Certificates, you can only support one Digital Certificate per Virtual Server. Therefore, virtual subhosts which share the same Virtual Server, must also share the same Digital Certificate.


    The Default Digital Certificate
    It really isn't necessary to order your own Digital Certificate. You can instead use the default Digital Certificate included with your Secure Server. As was stated earlier, the Digital Certificate includes information about the ownership of the certificate. When your clients visit your Secure Web Site, their browser (Navigator, MSIE, etc) will check the domain name on the certificate to see if it matches the site name included in the URL. If a match is not found, a "warning" is generated and displayed to your client. The "warning" states that the domain names do not match and that "it is possible, though unlikely, that someone may be trying to intercept communication with this site" (taken from Netscape Communicator 4.04).

    Actually, the domain name mismatch in no way hinders the security of the transactions. The warning simply notes that the domain name included with the Digital Certificate ownership information does not match the domain name of the web site requested. The transaction is still secure. Even though the warning is couched in "unlikely" terms, many of your clients may feel uncomfortable conducting a transaction with you after such a warning is generated.

    Beck Web has figured out a way around this warning (for all browsers which support Thawte signed certificates - MSIE 4.0+, Netscape 3.0+) which still insures complete integrity of the secure transactions. The default Digital Certificate installed with your Secure Server is owned by Beck Web Affiliates but instead of "web-design.net" includes the domain name "securesites.com". When you order your Secure Server, Beck Web will set up a canonical name in the securesite.com zone file for your account. This canonical name will have the form "[account-name].securesite.com".

    For example, if the account name for your Virtual Server is "surfutah" then a canonical name "surfutah.securesites.com" will be set up for your use. You can then access your Secure Server without generating a warning by referencing "https://surfutah.securesites.com/". An example of this reference is illustrated below:

        <form method="POST"
              action="https://surfutah.securesites.com/cgi-bin/order.cgi">

    Of course, you may setup a similar service for your clients by ordering your own "wildcard" certificate from Thawte for your domain name. If you would rather not use the default Digital Certificate (securesites.com), of if you would like to order a wildcard certificate from Thawte, then please refer to the sections below for more information about ordering your own Digital Certificate.


    Ordering Your Own Digital Certificate
    There are several companies that issue Digital Certificates--they are known as Certificate Authorities (CA). The two largest and most widely supported issuing authorities are VeriSign and Thawte. The Verisign certificate price schedule is somewhat higher than that of Thawte, but the VeriSign certificate is supported by a larger number of the older browsers.

    In the explanation included below, the steps necessary to obtain a Digital Certificate from VeriSign and Thawte are discussed. The process required to obtain a Digital Certificate from other signing agencies is very similar. The Beck Web Support Staff will be able to assist you with special differences that may exist in obtaining a Digital Certificate from a specific signing agency.

    To order and install a VeriSign or Thawte digitally signed certificate you will need to do the following:

    1. First, a "Certificate Signing Request" or CSR must be submitted to VeriSign or Thawte on behalf of your company (or organization).

      1. Fill out the Certificate Request Form and e-mail it to "vcert@web-design.net". Be sure you indicate in the form whether you are requesting a VeriSign or Thawte certificate.
      2. Beck Web will then formulate a "Certificate Signing Request" from the information you provide and return this Request to you. Included in the Request is a block of information delimited by the phrase "NEW CERTIFICATE REQUEST". An example of such a block is included here for your reference:

        -----BEGIN NEW CERTIFICATE REQUEST-----
        MIIBJTCB0AIBADBtMQswCQYDVQQGEwJVUzEQMA4GA1UEChs4lBMHQXJpem9uYTEN
        A1UEBxMETWVzYTEfMB0GA1UEChMWTWVs3XbnzYSBDb21tdW5pdHkgQ29sbGVnZTE
        A1UEAxMTd3d3Lm1jLm1hcmljb3BhLmVkdTBaMA0GCSqGSIb3DQEBAQUAA0kAMEYC
        QQDRNU6xslWjG41163gArsj/P108sFmjkjzMuUUFYbmtZX4RFxf/U7cZZdMagz4I
        MmY0F9cdpDLTAutULTsZKDcLAgEDoAAwDQYJKoZIhvcNAQEEBQADQQAjIFpTLgfm
        BVhc9SQaip5SFNXtzAmhYzvJkt5JJ4X2r7VJYG3J0vauJ5VkjXz9aevJ8dzx37ir
        3P4XpZ+NFxK1R=
        -----END NEW CERTIFICATE REQUEST-----

    2. Once you receive the information from Beck Web which includes your "NEW CERTIFICATE REQUEST", you can then initiate your VeriSign Digital Certificate order at the following URL:

          https://digitalid.verisign.com/ss_getCSR.html

      or initiate your Thawte Digital Certificate order at the following URL:

          https://www.thawte.com/cgi-bin/server/step1.sioux
          select the "Web Server Certificate" option and "Continue"

      These are the first pages of the VeriSign and Thawte certificate request forms respectively. You must paste your "NEW CERTIFICATE REQUEST" block (in its entirety) in the text area included on these pages. This includes both the BEGIN and END certificate request lines (shown below) as well as all lines in between. It is very important that you include the entire block!

          -----BEGIN NEW CERTIFICATE REQUEST-----

      and

          -----END NEW CERTIFICATE REQUEST-----

      After you have pasted your certificate request block in the text area, press the "CONTINUE" button to work through the rest of the certificate request process. (If you are requesting a Thawte certificate, you will be asked to choose your "Web Server Software" - select "NCSA or NCSA Derivative Server").

      The information that will be required of you in the subsequent steps includes your company name (or organization name), your street address, etc. At a specific point in the enrollment process, VeriSign and Thawte will require a "challenge phrase" or "password". The "challenge phrase" or "password" will be required on future actions you may wish to take in relation to your Digital Certificate.

      For example, if you lose your key pair, or your Digital Certificate is otherwise compromised, you must provide this Challenge Phrase to the Certificate Authority to verify that you are authorized to request revocation of the Digital Certificate. Choose a word or phrase that is easy for you to remember (or write it down), but would be unfamiliar to anyone attempting to impersonate you. Do not use your mother's maiden name, or any other phrase that could be easily guessed. VeriSign and Thawte do not have access to your Challenge Phrase or Password, so you must remember it.

      After you have chosen a challenge phrase or password, continue with the rest of the enrollment form. The final step in the enrollment process sends the request to VeriSign or Thawte, and a PIN (VeriSign) or Certificate ID (Thawte) is returned back to the user. Use this PIN or ID in all correspondence with VeriSign or Thawte concerning the processing of your Digital Certificate.

    3. Now that your Digital Certificate Order is complete, you need to supply authenticating documentation to the signing agency. VeriSign or Thawte will require various documentation such as a business license, Articles of Incorporation, or other charter documents to verify your organization's identity. Procedures for providing this information will be emailed to you shortly after VeriSign or Thawte has received your Certificate Signing Request. If the information you provided is complete and can be verified, your order will be processed within 3-5 business days.

      Should you need to contact VeriSign with regard to your order, you may do so by phone at 415-961-8820 or by email at support@verisign.com. You will be required to provide your PIN and possibly the challenge phrase.

      Thawte will include a phone number and other contact information after you have submitted your certificate request. You can use this information to contact Thawte should the need arise. You will be required to provide your Certificate ID and possibly the password you selected.

      Please note that Beck Web cannot act in behalf of you in this matter. Furthermore, Beck Web cannot do anything to expedite the certificate generation process. This is strictly dependent upon VeriSign or Thawte.

    4. After the Digital Certificate has been generated, Verisign will return the signed certificate to you via electronic mail, and Thawte will email you a URL from where you can download your Digital ID. You will need to forward this message to "vcert@web-design.net". We can then install the certificate on your Virtual Server. Installation can take from 1-3 business days to complete.


    top


    bd