Before You Start
IMPORTANT NOTE:Before beginning the process of obtaining a Certificate, a Private Key must be generated and CSR pair off the web server. A CSR is the Public Key that is generated on a server. It validates the computer-specific information about that web server and company. Digital ID's make use of a technology called Public Key Cryptography, which uses Public and Private Key files.
The Public Key, also known as a Certificate Signing Request (CSR), is the key that will be sent to Thawte. The Private Key will remain on the server and should never be released to the public. Thawte does not have access to the Private Key. It is generated locally on the cleint's server and is never transmitted to Thawte. The integrity of the Digital ID depends on the private key being controlled exclusively by its owner.
A CSR cannot be generated without generating a Private Key file, nor can the Private Key file be generated without generating a CSR file. In certain web server software platforms like Microsoft IIS, both are generated simultaneously through the Wizard on the web server. Enter the following information about the company in order to generate the Private Key and CSR pair off the web server:
- Organization Name e.g. My Company
- Organizational Unit e.g. My Department
- Country Code e.g. ZA
- State or Province e.g. Western Province
- Locality e.g. Cape Town
- Common Name e.g. www.domain.com
IMPORTANT NOTE: The term "common name" is X.509 terminology for the name that best defines the Certificate and ties it to the company. In the case of SSL Web Server Certificates, enter the exact host and domain name that needs to be secure. This may also be the root server or intranet name for the company.
Note: In the interest of better security and the enablement of greater trust, Thawte have decided that 1024-bit keys will now be the minimum suggested strength to be used in the issuance of Thawte digital SSL Certificates.
Example: If you wish to secure www.my-domain-name.co.za, then you will need to enter the exact host (www) and domain name in this field.
Before a SSL Certificate can be renewed, a new Key/CSR pair will have to be generated off the server, the Key must then be backed up and then the newly created CSR must be submitted through the renewal process.
When renewing a SSL Certificate requested for any of the Server Software Platforms (listed here), it is not necessary to submit a new or renewal CSR, in order to get the renewal Certificate. The previous CSR will be utilised for the renewal Certificate, i.e. the renewal Certificate, once issued, will only work on the Private Key file that was originally submitted to Thawte and used to create the CSR.