Information on SSL
This page is designed to help in ordering a digital certificate from third-party certificate
authorities.
Buy SSL Certificates: Or purchase 128-bit SSL digital certificates through Geotrust
directly from Webvisions. Click for more information about secure SSL certificate types and prices.
The page is broken down into the following components:
I. Installing our digital certificate
II. Basic overview of ordering a digital certficate from Verisign.
III. SSL and digital certificate information from the Webvisions FAQ.
I. Installing our digital certificate
Webvisions provides digital certificate installation for free for virtual server customers.
II. Basic overview of ordering a digital certificate from Verisign.
Here is an outline of the process for ordering a Secure Verisign
Certificate:
A. A "digital ID request" is produced and sent to Verisign
1. Fill out the form (below in step 1) and send to:
support@webvisions.com
a. Webvisions produces a "digital ID request" from the info
you provide on the form and sends this to Verisign/Thawte
b. Verisign/Thawte returns a verification message back to
support@webvisions.com. In that message is a new
certificate request that looks something like this:
-----BEGIN NEW CERTIFICATE REQUEST-----
MIIBJTCB0AIBADBtMQswCQYDVQQGEwJVUzEQMA4GA1UEChs4lBMHQXJpem9uYTEN
A1UEBxMETWVzYTEfMB0GA1UEChMWTWVs3XbnzYSBDb21tdW5pdHkgQ29sbGVnZTE
A1UEAxMTd3d3Lm1jLm1hcmljb3BhLmVkdTBaMA0GCSqGSIb3DQEBAQUAA0kAMEYC
QQDRNU6xslWjG41163gArsj/P108sFmjkjzMuUUFYbmtZX4RFxf/U7cZZdMagz4I
MmY0F9cdpDLTAutULTsZKDcLAgEDoAAwDQYJKoZIhvcNAQEEBQADQQAjIFpTLgfm
BVhc9SQaip5SFNXtzAmhYzvJkt5JJ4X2r7VJYG3J0vauJ5VkjXz9aevJ8dzx37ir
3P4XpZ+NFxK1R=
-----END NEW CERTIFICATE REQUEST-----
c. Webvisions forwards that tracking message to the customer.
The customer will use the above certficate request to
paste into a form at the verisign/thawte site.
d. Customer verifies the information on tracking message
If an error has occured, send to support@webvisions.com and
a new "digital ID request" is produced and sent to
Verisign/Thawte, steps a-d are repeated.
Verisign/Thawte
B. Ok, now the customer goes to the verisign site (or another
key generation agency, but for simplicity we'll just use
verisign and thawte for now). Visit:
https://digitalid.verisign.com/ss_getCSR.html
or
https://www.thawte.com/cgi-bin/server/step1.exe
Now, copy the certificate you recieved in the UIN tracking
message to the box provided. You must copy the whole
thing, ie:
-----BEGIN NEW CERTIFICATE REQUEST-----
MIIBJTCB0AIBADBtMQswCQYDVQQGEwJVUzEQMA4GA1UEChs4lBMHQXJpem9uYTEN
A1UEBxMETWVzYTEfMB0GA1UEChMWTWVs3XbnzYSBDb21tdW5pdHkgQ29sbGVnZTE
A1UEAxMTd3d3Lm1jLm1hcmljb3BhLmVkdTBaMA0GCSqGSIb3DQEBAQUAA0kAMEYC
QQDRNU6xslWjG41163gArsj/P108sFmjkjzMuUUFYbmtZX4RFxf/U7cZZdMagz4I
MmY0F9cdpDLTAutULTsZKDcLAgEDoAAwDQYJKoZIhvcNAQEEBQADQQAjIFpTLgfm
BVhc9SQaip5SFNXtzAmhYzvJkt5JJ4X2r7VJYG3J0vauJ5VkjXz9aevJ8dzx37ir
3P4XpZ+NFxK1R=
-----END NEW CERTIFICATE REQUEST-----
Then Press continue, and work through the form.
Somewhere in this form process, you will be asked to provide
a challenge phrase. This will obviously be unknown to
Webvisions, so we won't be able to do any work to help clear
up any problems with your SSL order after you order it.
Here is the information from their page on what the challenge
phrase is and what it is used for (see:
http://digitalid.verisign.com/ss_help.html
http://digitalid.verisign.com/ss_help.html#challenge)
What is a Challenge Phrase?
A challenge phrase is used like a password for future actions
against the Digital ID. For example, if you lose your key pair,
or your Digital ID is otherwise compromised, you must provide
this Challenge Phrase to the Digital ID Center to verify that
you are authorized to request revocation of the Digital ID.
Choose a word or phrase that you will remember (or write it
down), but would be unfamiliar to anyone attempting to
impersonate you. VeriSign does not have access to your Challenge
Phrase, so you must remember it. VeriSign customer service
will require your challenge phrase before taking any actions
against your Digial ID. Do not use your mother's maiden name,
or any other phrase that could be easily guessed. Do not
include any punctuation.
Complete the rest of the form.
The final step sends the request to Verisign, and a PIN is
returned back to the user. Use this PIN in all correspondance
with Verisign concerning the processing of your digital ID.
C. Call Verisign/Thawte to check on the status of the customers
"Secure Key" generation. This is the longest step, it can
take Verisign/Thawte up to 3 weeks to produce the server "Secure Key".
(this might change with this new order form). You will need
to use the PIN and perhaps the Challenge Phrase to work
with the agents on this request.
D. Verisign sends the "Secure Key" to the Customer (Webvisions).
E. The customer sends the message they recieve from Verisign to
support@webvisions.com
F. Webvisions will use Server Key for installation.
To order a digital certificate from Verisign please follow the
following steps:
1) Generating the Certificate Request
Please complete the following form and e-mail it to
support@webvisions.com.
Please plan on 24 hours for the certificate generation process (M-F)
------------ Cut Here ----------------------------------------------
To: support@webvisions.com
Subject: Certificate Generation Request for
Please generate a Certificate request for the following:
Country Name: Singapore
State or Province: Singapore
City or Locality: Singapore
Organization Name: ACME Widgets Inc.
Department Name: Web Operations
Common Name: www.acme.com
Webmaster E-mail: john@acme.com
Domain Name: acme.com
Webmaster Phone: (801)222-2222
Login Name: acme
Domain Name: www.acme.com
IP Number: 206.239.162.1
Webmaster Name: John Doe
e-mail contact: reseller@bigbucks.com
(This should be the reseller e-mail address if you are a reseller,
or your own e-mail address if you have your own virtual server.
support@webvisions.com will use this address in all correspondance).
------------ Cut Here ---------------------------------------------
Please allow 48 hours for processing. Once the certificate request
has been completed you will be sent via e-mail a Verisign UIN tracking
message. Use the Request Certificate at the Verisign site to paste
into the page there.
2) Generate the Verisign Authorization Letter. Visit
https://digitalid.verisign.com/ss_getCSR.html
or
https://www.thawte.com/cgi-bin/server/step1.sioux
Complete the form and at the bottom choose "Stronghold" in the Server Software
selection.
After filling out all the information the web page will automatically
generate an Authorization Letter. Please review this letter for
accuracy purposes. If everything is correct press "AGREE". This
finalizes the process with Verisign.
Verisign will then send a e-mail message with a PIN to the customer.
The customer will use this PIN to contact Verisign (as outlined in
the letter) concerning the status of the order.
3) Call Verisign (to follow up on the request, note this isn't necessary,
but if needed, here is the process).
The number to contact Verisign directly is 415-961-8820 or via email
at support@verisign.com. When calling
let the operator know you would like to "follow up on the status
of a certificate request". You will need the PIN and perhaps the Challenge
Phrase you put in the site.
Please note that once we have generated the certificate request and
sent the request off to Verisign there is absolutely nothing Webvisions
can do to expedite the process until the certificate request has been
completed. If a certificate request has been generated and you have
been given the PIN please contact Verisign and not Webvisions.
4) Installing the certificate
Once the digital certificate has been generated Verisign will return
certificate as part of an e-mail to the webmaster. Please forward
this e-mail to support@webvisions.com. Webvisions will then
install the
certificate on your server. Allow 24-48 hours (M-F) for the installation
of the certificate. Currently certificates being issued by Verisign
are good for 1 year.
III. SSL and Digital Certificate information from the Webvisions FAQ
Secure Server Questions
1) What is SSL and "Netscape" encryption?
2) What is the cost for this feature?
3) Can I order encryption after my server has been setup?
4) How long does it take to setup encryption?
5) What additional information will Webvisions need to setup
encryption?
6) What does a digital certificate do?
7) What information will I need to provide to Verisign to get a
certificate?
8) How do I order a digital certificate?
9) How do I activate SSL?
Secure Server Questions
1) What is SSL and "Netscape" encryption?
As an add-on feature, Webvisions offers secure socket layer (SSL),
frequently referred to as "Netscape" encryption. This allows a
Netscape browser to communicate with your virtual server in a secure
SSL encrypted session. It is often used to securely transfer credit
card numbers and other sensitive information. Of course, SSL is also
supported by MSIE and other popular SSL enhanced browsers.
2) What is the cost for this feature?
There is no charge for installing SSL on your virtual server (but note that
this feature is only available for non-budget server packages). You will need
to purchase a digital certificate from a Certificate Authority. Verisign and
Thawte are two of the most recognised CAs (see questions 6-9).
Certificate Authority Price Support
http://www.verisign.com US$449 (for non-US/Canada) Almost all browsers
http://www.thawte.com US$125 Netscape 3.x, MSIE 3.x
3) Can I order encryption after my server has been setup?
SSL can be added at any time to a virtual or dedicated server.
4) How long does it take to setup encryption?
SSL can be added to the server the same day it is ordered. Until
a new digital certificate is ordered Internet Server's certificate
will be used as the default certificate. Until a new certificate
arrives a warning message will appear on the client's machine warning
them that the certificate does not match the web pages URL.
Technically, if you do not mind the warning message you do not need to
purchase a new certificate.
5) What additional information will Webvisions need to setup encryption?
To add encryption Webvisions only needs to know the DNS name
associated with the virtual server. You will need to provide directly
to Verisign additional documentation for ordering the digital
certificate.
6) What does a digital certificate do?
A server uses a digital certificate to prove it's authenticity.
The digital certificate established a legal relationship between a
legitimate company and their web site. For example, if I go to
Novell's web page and decrypt their digital certificate it legally
proves that this web site is authorized by Novell (or whoever's name
is actually in the digital certificate).
7) What information will I need to provide to Verisign to get a certificate?
In order to purchase a certificate you must provide to Verisign (or Thawte) a
signed copy of either a business license or articles of incorporation.
You must also supply a signed copy of the Verisign web masters form
letter. The cost for a Verisign certificate is US$449. A Thawte certificate
can be purchased for US$125. More information on digital certificates
is available at URL http://www.verisign.com/ or http://www.thawte.com/.
8) What if I want additional licenses/certificates for other web sites I support?
Only if the domain name is registered to your company may the same
license be used for multiple sites. In this case, each additional
certificate will cost US$349 (non-US/Canada for Verisign).
9) How do I order a digital certificate?
In order to avoid potential problems it is best to coordinate
ordering certificates with Webvisions. Currently Webvisions is working on
an online certificate order form. Until this form is complete
requests for certificates should be sent to support@webvisions.com for
processing. Certificate processing takes about 7-10 days.
10) How do I activate SSL?
In order to activate SSL you simply change the URL to read "https"
instead of "http".
For example:
"https://www.mydomain.com/pagepath/mywebpage.html"
Your secure server is referenced from /usr/home//ssl.
You have to store the files (and cgi scripts) thats require secure access
in ssl (and ssl/cgi-bin) instead of your "www" folder.
Info on Verisign Key Management Verification:
First, Verisign really doesn't need to know this material to process this
request, you are simply asking them to sign this certificate. However,
the correct responses would simply be:
1. Yes
2. Same as your login passwd
3. Yes (Ie, they are informing you you can't, so of course the answer is
yes)
4. Yes
For more information about SSL or "Netscape Compatible Encryption",
Webvisions SUPPORT.
[an error occurred while processing this directive]
ABOUT US
