Before You Start

Back to search


IMPORTANT NOTE:Before beginning the process of obtaining a Certificate, a Private Key must be generated and CSR pair off the web server. A CSR is the Public Key that is generated on a server. It validates the computer-specific information about that web server and company. Digital ID's make use of a technology called Public Key Cryptography, which uses Public and Private Key files.

The Public Key, also known as a Certificate Signing Request (CSR), is the key that will be sent to Thawte. The Private Key will remain on the server and should never be released to the public. Thawte does not have access to the Private Key. It is generated locally on the cleint's server and is never transmitted to Thawte. The integrity of the Digital ID depends on the private key being controlled exclusively by its owner.

A CSR cannot be generated without generating a Private Key file, nor can the Private Key file be generated without generating a CSR file. In certain web server software platforms like Microsoft IIS, both are generated simultaneously through the Wizard on the web server. Enter the following information about the company in order to generate the Private Key and CSR pair off the web server:

  • Organization Name e.g. My Company
  • Organizational Unit e.g. My Department
  • Country Code e.g. ZA
  • State or Province e.g. Western Province
  • Locality e.g. Cape Town
  • Common Name e.g.

IMPORTANT NOTE: The term "common name" is X.509 terminology for the name that best defines the Certificate and ties it to the company. In the case of SSL Web Server Certificates, enter the exact host and domain name that needs to be secure. This may also be the root server or intranet name for the company.

Note: In the interest of better security and the enablement of greater trust, Thawte have decided that 1024-bit keys will now be the minimum suggested strength to be used in the issuance of Thawte digital SSL Certificates.

Example: If you wish to secure, then you will need to enter the exact host (www) and domain name in this field.

Certificate Renewals

Before a SSL Certificate can be renewed, a new Key/CSR pair will have to be generated off the server, the Key must then be backed up and then the newly created CSR must be submitted through the renewal process.

When renewing a SSL Certificate requested for any of the Server Software Platforms (listed here), it is not necessary to submit a new or renewal CSR, in order to get the renewal Certificate. The previous CSR will be utilised for the renewal Certificate, i.e. the renewal Certificate, once issued, will only work on the Private Key file that was originally submitted to Thawte and used to create the CSR.

Also Read

When should I get an SSL Certificate and how does it Work?
If you are in the process of setting up your website and you feel you may need a SSL certificate,...
SSL Certificates - Glossary of Terms
Use our handy SSL jargon-buster to help explain all the SSL terminology. 256 BIT SSL...
How do you Issue a SSL Certificate?
There are various validation processes utilised, for the different types of SSL Certificates. One...
GeoTrust True Site Seal
A Sign of Security A GeoTrust® True Site Seal, available with every GeoTrust SSL Certificate,...