|
IMPORTANT: Get your Digital Certificate Issued (Digital Certificate Enrollment Process)
Once you have paid for your Digital Certificate
Order, your order becomes Active within the system. However, you
need to complete the Certificate Enrollment Process, before the certificate can
be issued to you.
IMPORTANT
You need to successfully Enroll your Digital
Certificate within 5 days, since the date this Order became Active. In the
event that you do not complete your Enrollment process within this period
your Digital Certificate Order will get automatically Cancelled and you
would receive a refund.
Follow the instructions mentioned below to get your digital
certificate issued:
Step 1. Generate a Private Key and Certificate
Signature Request (CSR) from your web server
Before you can begin the process of obtaining a
Certificate, you must generate a minimum of 1024-bit Private Key and CSR pair, off your web server.
A CSR is basically a Public Key that you
generate on your server that validates the computer-specific information about
your web server and Organization when you request a Certificate from thawte.
Digital ID's make use of a technology called
Public Key Cryptography, which uses Public and Private Key files.
The Public Key, also known as a Certificate
Signature Request (CSR), is the key that will be sent to thawte. The CSR that
you generate must be signed by atleast a 1024-bit Private Key (thawte will not
accept a lower encryption level CSR than 1024-bit).
The Private Key will remain on the server and
should never be released into the public. thawte does not have access to your
Private Key. It is generated locally on your server and is never transmitted to
thawte. The integrity of your Digital ID depends on your private key being
controlled exclusively by you.
A CSR cannot be generated without generating a
Private Key file nor can the Private Key file be generated without generating a
CSR file. In certain web server software platforms like Microsoft IIS, both are
generated simultaneously through the Wizard on the web server.
Typically, you will be prompted to enter the
following information about your Organization in order to generate the Private
Key and CSR (Public Key) pair off the web server:
- Organization Name
- Organizational unit - This maybe either a
Sole Proprietorship, Trading As, University Department, University
Administration, Government Department, Doing Business As, University Faculty,
Public (Listed) Company, Private (Unlisted) Company, Registered Non Profit
Organization, Non-Government Organization, Interest Group, Registered Charity.
- Country Code
- State or Province
- Locality
- Common Name - This is the name that
distinguishes the Certificate best, and ties it to your Organization. Here you
need to enter your exact host and domain name
that you wish to secure. This may also be the root server or intranet name for
your Organization.
For example,
a. if you wish to secure www.yourdomain.com, then you need to enter
www.yourdomain.com as the Common Name. If you just enter yourdomain.com as
the Common Name (without the host www), then the Certificate will only get
issued to yourdomain.com. Similarly, if you need to secure
pay.yourdomain.com, then you need to mention the Common Name as
pay.yourdomain.com.
b. if you are buying a Wildcard Server Certificate for securing all
sub-domains of your domain name yourdomain.com, then you need to
enter the Common Name as *.yourdomain.com; otherwise you will get an
error while submitting your CSR.
You need to get in touch with your Web Hosting
provider and request them to generate a CSR for your business after supplying
them the abovementioned information. If you have bought Web Hosting
for this domain name with us, then you may generate a CSR yourself from your own
Control Panel.
Click here to learn
how you can generate a CSR for your domain name >>
Step 2. Validate your Certificate Signature
Request (CSR) at thawte
Prior to enrolling for a Digital Certificate,
it is recommended that you confirm that nothing is amiss with the CSR that you
have generated.
Click here to validate your CSR at thawte >>
Upon submission of a valid CSR, you would be
able to view its details in the Certificate Contents area (at the bottom
of this page). However, if your CSR is invalid, the Certificate Contents
area would appear blank and you would be displayed an error (on the top of this
page).
Step 3. Submit your Organization Details,
Contact Details and Certificate Details to thawte
Before a Digital Certificate can be issued to
you, we need to send a request to thawte with some information about yourself
and your business. Follow the process mentioned below to request your Digital
Certificate:
1. Login to your Control Panel and search for
the domain name for which you have ordered a Digital Certificate.
Click here to find
instructions to do so >>
2. Upon clicking on the order, you need to
click on the Enroll Certificate button.
3. Mention the following details and click on
the Enroll button
A. Organization Details
- Organization Type - Select if your business
is a Sole Proprietorship, Trading As, University Department, University
Administration, Government Department, Doing Business As, University Faculty,
Public (Listed) Company, Private (Unlisted) Company, Registered Non Profit
Organization, Non-Government Organization, Interest Group or Registered Charity.
IMPORTANT
In case you are ordering a SSL123 certificate,
then you
will be also prompted to select your Authorizing Contact. This indicates to thawte
whether they should contact you on your Corporate Contact details or your Technical Contact
Details, to authenticate your domain name before issuing the Digital
Certificate.
B. Contact Details
- Corporate Contact Details - Provide your
complete contact details while giving special emphasis to the email address
that you mention herein. You need to either
i. match the email address inserted, to one of the contact specified in your
Domain Name's Whois details. Please ensure that this information is not kept
hidden for anonymity purposes.
OR
ii. match a pre-determined email with the domain name for which you are
requesting the certificate. You need to either select - admin, administrator,
hostmaster, info, SSLadmin, SSLadministrator, SSLwebmaster, sysadmin,
webmaster from the drop down list.
IMPORTANT
- If you have selected to match the email address inserted, to one of the
contact specified in your Domain Name's Whois details, then you have to ensure
that the email address mentioned herein, matches either the Registrant Contact
Email Address or the Administrative Contact Email Address.
- If Privacy Protection is enabled for the Domain Name, it needs to be
disabled before submitting the Contact details to thawte.
Privacy Protection may be enabled again once the Certificate has
been issued.
Click here to
read how to enable/disable Privacy Protection >>
- Until thawte verifies that both email addresses match, you would not be issued
your Digital Certificate.
- Technical Contact Details - You may either
choose to mention the same details as the one provided as the Corporate
Contact by selecting the available check box or mention separate information.
thawte will contact either your Corporate
Contact or your Technical Contact depending upon the
settings you have selected above.
C. Certificate Details
- Software Type - Select the Web Server
software on which your website/domain name is hosted.
IMPORTANT
- If your website/domain name is hosted on Wowza-Domains
Windows server, you need to choose the software type as MSIIS6.
- If your website/domain name is hosted on Wowza-Domains
Linux server, you need to choose the software type as modSSL.
- Certificate Maintenance Password - You may
mention a password here that will be used to maintain your certificate with
thawte.
- Certificate Signature Request - This is the CSR
(Public Key) you have generated for the purpose of obtaining a Digital Certificate from
thawte.
Step 4. Complete the thawte Authentication
formalities
After you have enrolled for a Digital
Certificate, thawte would contact your Corporate / Technical Contact and request
you to provide them with some documentation:
- Proof of Organizational Name
- Proof of Right to Use Domain Name
- Proof of Organizational Telephone Number
Click here to know the documentation needed by thawte before issuing you your
Digital Certificate >>
IMPORTANT
- The above mentioned process is to be followed in
case you have ordered a SGC SuperCert, Web Server Certificate or a Wildcard
Server Certificate.
In case you have ordered a SSL123 Certificate,
thawte would try to automatically complete the authentication process.
However, if they encounter any discrepancy, they may contact you to
authenticate your request.
- If you do not complete your verification
process soon, thawte may reject your Digital Certificate request and may
send you an email informing you that your Digital Certificate has been "Bogused
/ Rejected."
However, should you subsequently complete the authentication formalities
within 90 days of the Enrollment Date, thawte would issue you your Digital
Certificate.
Once you have completed all these formalities, thawte will issue the certificate
and email you a confirmation.
Step 5. Check the Status of your Digital
Certificate and retrieve your Digital Certificate
Once you have completed the enrollment process,
thawte would begin verifying the data you have submitted to them and once
satisfied, issue you your Digital Certificate. You can continue checking the
status of your Digital Certificate request from your Control Panel and retrieve
the same from your Control Panel itself.
Click here to check
the status of your Digital Certificate and retrieve the same upon issue >>
|
