digicert

If the Reseller is selling Digital Certificates

Renewing your Digital Certificate

thawte Digital Certificates have a lifespan of 1 or 2 years, depending upon the validity period you chose at the time of purchase. You can renew your Digital Certificate within 90 days prior to its Expiry and upto 90 days post Expiry. However, thawte will issue the Digital Certificate only 32 days before your current Certificate expires. This allows you to request your Renewal Certificate timorously and prevents any warnings for your website users which would have been displayed if your existing Certificate would have expired.

Note
  • Upon Expiry, the Digital Certificate will be Suspended by System. Once expired, the Digital Certificate will become invalid and a warning message about the expired Digital Certificate will be displayed to your website visitors. If the Digital Certificate is not Renewed within 90 days post Expiry, it will be deleted by System.

  • Once a Digital Certificate expires, Additional License(s) associated with such a Certificate, if any, will no longer be valid. Hence, you need to purchase fresh Additional License(s) during the Digital Certificate Renewal process. See details

  • If Privacy Protection is enabled for the domain name, it needs to be disabled before renewing the Digital Certificate. Privacy Protection may be enabled again once the Certificate has been renewed. See details

  • Resellers cannot renew Digital Certificates that are purchased through your Sub-Resellers. From your Reseller Control Panel, you can only renew Digital Certificates purchased by your immediate Customers; for all other Digital Certificates, the Renew link in the Order Details view would be disabled.

  • A Digital Certificate will not be issued to:

    • A national or resident of Cuba, Iran, Sudan, North Korea, or Syria or any other country where such use is prohibited under United States export regulations

      OR

    • Anyone on the United States Treasury Department's list of Specially Designated Nationals or the United States Commerce Department's Table of Denial Orders.

To renew a Digital Certificate

  1. Login to your Control Panel. See details

  2. Search for the domain name for which you have ordered a Digital Certificate and proceed to the Order Details view. See details

  3. Click the Renew link.

  4. Select the number of years you need the Digital certificate to be renewed for and mention the number of Additional License(s) (if required).

  5. Select the appropriate Web Server Software.

    Note
    • If your website/domain name is hosted on Windows server, you need to choose the software type as IIS.

    • If your website/domain name is hosted on Linux server, you need to choose the software type as Other.

  6. Submit the Certificate Signature Request (CSR). See details

  7. The Approver Email Address, Organization Details and Contact Details provided at the time of Certificate Enrollment will be displayed. Modify/submit relevant information, wherever necessary.

  8. Click the Confirm Renew button to proceed to pay for your Invoice.

  9. Once your Renewal request has been validated by thawte, an email requesting approval is sent to the Approver Email Address specified above.

  10. Once the Renewal request is approved by you, thawte will issue you a new Certificate.

You can check the status of your Digital Certificate by clicking the Check Certificate Status link in the Order Details view of the Digital Certificate Order. Once the Certificate is issued, you can retrieve the same from the above interface itself and install this renewed Certificate on your web server.

Displaying the thawte Trusted Site Seal on your website

Once you have been issued a thawte Digital Certificate, you need to install the same on your website. You may also wish to display the thawte Trusted Site Seal that confirms to your website visitors that your site is secured by thawte and the date until when your Digital Certificate is valid.

Note

thawte has upgraded their seal server infrastructure on 19 October, 2009. If you have installed the thawte Trusted Site Seal code on your website prior to this date, you must generate fresh code and install the same.

Retrieving and Displaying the thawte Trusted Site Seal on your website

  1. Visit https://www.thawte.com/ssl/secured-seal/index.html?click=main-nav-products-siteseal.

  2. Click the DOWNLOAD YOUR THAWTE TRUSTED SITE SEAL button.

  3. Select your Site Seal by specifying the following details:

    • Language for the seal and the seal verification page.

    • Size of the seal display

    • Layout for your seal

    • Common name for your Digital Certificate.

    Note
    • The common name must match the one used for your Digital Certificate.

    • https:// or https:// are not to be included in the common name.

  4. Select the I accept the Conditions of Use for the Thawte Trusted Site Seal. checkbox.

  5. Click the CREATE SCRIPT button.

  6. Click Select all to select the code generated.

  7. Copy the code directly into your webpage code.

    Note

    Emailing or copying the code into a word processor may result in errors.

Note
  • thawte prohibits display of the Thawte logo unless that website is secured by a Thawte Trusted Site Seal.

  • The Site Seal will be displayed on your website within about 2 hours, after installation.

  • Once the Site Seal starts appearing on your website,

    • Confirm that it appears as expected.

    • Click it and verify the information on the seal verification page.

Checking the Status and Retrieving your Digital Certificate

The Digital Certificate Status interface allows you to both check the Status of Digital Certificate as well as retrieve the same upon issue. A Digital Certificate may be issued to you:

  • After you have Enrolled for a Certificate

    OR

  • After you have requested your Digital Certificate to be Reissued

    OR

  • After you have requested Renewal of your Digital Certificate.

To check the status of your request and retrieve your issued Digital Certificate

  1. Login to your Control Panel. See details

  2. Search for the Digital Certificate and proceed to the Order Details view. See details

  3. Click the Check Certificate Status link. Here you would see the status of your Digital Certificate, under the following heads:

    • Digital Certificate Status

      This would list the Certificate Status alongwith status of the verification process of your Company Registration (Pending/Verified), Domain Ownership (Pending/Verified), Tel No. (Pending/Verified) and Verification Status (Pending/Issued/Revoked).

      Once the Certificate has been issued, this section would display the following:

      • Serial No.: This is a hexadecimal serial number issued by thawte to uniquely identify your Digital Certificate.

      • Certificate: When a Digital Certificate is issued to you, it would be available in this text box. Your Digital Certificate would be encapsulated within these tags

        -----BEGIN CERTIFICATE-----

        [Encoded Data]

        -----END CERTIFICATE-----

        You need to copy the entire contents of this text box (including the above tags) and install it on your Web Server Software.

    • Digital Certificate Details

      Here you would find important information related to your Certificate order and the Digital Certificate after it is issued.

      • Is Renewable: You can renew your Digital Certificate within 90 days prior to its Expiry. However, it will only be issued 32 days before your current Certificate expires.

        The status of this field will become Yes only 90 days prior to its Expiry and otherwise display No. See details

      • Is Reissueable: The status of this field would remain as No until a Digital Certificate is issued. Post that this field would list Yes until the Digital Certificate expires or the Certificate gets Revoked. See details

Once you have been issued a Digital Certificate, you need to install the same on your web server. See details

Note

If you wish to secure your domain name on multiple servers, you need to purchase Additional License(s) for your Digital Certificate and install your Digital Certificate on these servers. See details

Cancelling your Digital Certificate Order

If you have made a mistake while submitting your Digital Certificate request, then you may Cancel your Order before the certificate is actually issued to you. Follow the below mentioned process to cancel your Digital Certificate:

  1. Login to your Control Panel. See details

  2. Search for the Digital Certificate and proceed to the Order Details view. See details

  3. Click the Cancel Order link.

  4. If you are sure that you wish to abort your Ordering process, you may click the Confirm Cancellation button. In the popup window, you need to type YES (in capital letters) and click OK to complete this process.

Note
  • The Cancel Order link will only appear for a Digital Certificate Order which is in the Active status. An Active Digital Certificate is one which has been paid for. To cancel an InActive Order, you need to cancel the Pending Invoice associated with the Order, from the Billing interface. See details

  • Once you Enroll for a Digital Certificate, you can not Cancel your Digital Certificate Order.

  • Cancellation of a Digital Certificate Order results in a refund of the Invoiced amount in your Debit Account.

IMPORTANT: Get your Digital Certificate Issued (Digital Certificate Enrollment Process)

Once you have paid for your Digital Certificate Order, your order becomes Active within the system. However, you need to complete the Certificate Enrollment Process, before the Certificate can be issued to you.

Note
  • You need to successfully Enroll your Digital Certificate within 5 days, since the date this Order became Active. In the event that you do not complete your Enrollment process within this period, your Digital Certificate Order will get automatically Cancelled and you would receive a refund.

  • A Digital Certificate will not be issued to:

    • a national or resident of Cuba, Iran, Sudan, North Korea, or Syria or any other country where such use is prohibited under United States export regulations, or

    • anyone on the United States Treasury Department's list of Specially Designated Nationals or the United States Commerce Department's Table of Denial Orders.

Follow the instructions mentioned below to get your Digital Certificate issued:

Step 1. Generate a Private Key and Certificate Signature Request (CSR) from your web server

Before you begin the process of obtaining a Certificate, you must generate a minimum of 2048-bit Private Key and CSR pair from your web server. See details

Step 2. Submit your Organization Details, Contact Details and Certificate Details to thawte

Before a Digital Certificate can be issued to you, we need to send a request to thawte with some information about yourself and your business. Follow the process mentioned below to request your Digital Certificate:

  1. Login to your Control Panel. See details

  2. Search for the Digital Certificate and proceed to the Order Details view. See details

  3. Click the Enroll Certificate link.

  4. Mention the following details and click the Enroll button:

    A. Organization Details

    • Provide complete details of your organization such as Organization Name, Address, City, Region, Zip, Country and Phone number.

    B. Contact Details

    • Admin Contact Details: Provide the Admin Contact details while giving special emphasis to the email address that you mention herein. You need to ensure that the email address mentioned herein, matches with the Administrative Contact Email Address as displayed in the Whois of the domain name. Please ensure that this information is not kept hidden for anonymity purposes, since the Digital Certificate would be sent to this email address.

    • Technical Contact Details: You need to ensure that the email address mentioned herein, matches with the Technical Contact Email Address as displayed in the Whois of the domain name. Please ensure that this information is not kept hidden for anonymity purposes, since the Digital Certificate would be sent to this email address.

      If the Admin Contact Email address matches that of the Technical Contact's, as per the Whois of the domain name, then you may simply select the available check box, to set the same details as the Admin Contact's.

    Note
    • If Privacy Protection is enabled for the domain name, it needs to be disabled before submitting the Contact details to thawte.

      Privacy Protection may be enabled again once the Certificate has been issued.

    • Until thawte verifies that both the email addresses match, you would not be issued your Digital Certificate.

    • In case of SGC SuperCert, Web Server and Wildcard Server Certificates, it is necessary to provide the real name of an individual in the Admin and Technical Contact Details. Otherwise, the Certificate would not be issued.

    C. Approver Email

    You need to select one of the following as the Approver Email Address:

    • Admin Contact Email Address: as mentioned in the Contact Details section above

    • Technical Contact Email Address: as mentioned in the Contact Details section above

    • A pre-determined email address on the domain name for which you are requesting the Certificate - You need to either select admin, administrator, hostmaster, webmaster or postmaster from the drop down list

      Note

      In case you are requesting a Digital Certificate for a sub-domain, select an email address on the appropriate domain/sub-domain from the drop-down menu. For example, if you are requesting a Digital Certificate for abc.yourdomainname.com, you may select a pre-determined email address on yourdomainname.com or abc.yourdomainname.com, depending on whether you have email accounts setup on the primary domain name or the sub-domain.

      You need to activate this email address before selecting the same here. A pre-determined email address with the domain name is recommended as the Approver Email Address.

    • support@geotrust.com: This option needs to be selected only in extreme conditions when none of the other email addresses can be used. If you select this option thawte would contact you and determine an alternate Approver Email Address. By selecting this option, your Certificate issuance could be delayed by several business days.

    thawte will send an email requesting review and approval, for the Certificate requested to the Approver Email Address specified.

    D. Certificate Details

    • Software Type: Select the Web Server software on which your website/domain name is hosted. The options available are IIS and Other.

      Note
      • If your website/domain name is hosted on Windows server, you need to choose the software type as IIS.

      • If your website/domain name is hosted on Linux server, you need to choose the software type as Other.

    • Certificate Signature Request: This is the CSR (Public Key) you have generated for the purpose of obtaining a Digital Certificate from thawte.

Step 3. Complete the thawte Authentication formalities

After you have enrolled for a Digital Certificate, thawte would contact you at the Approver Email Address specified and may request you to provide them with some documentation such as:

  • Proof of Organizational Name

  • Proof of Right to Use Domain Name

  • Proof of Organizational Telephone Number

Note
  • The above mentioned process is to be followed in case you have ordered an SGC SuperCert, Web Server Certificate or a Wildcard Server Certificate.

    In case you have ordered an SSL123 Certificate, once you have approved the Digital Certificate request email, thawte would try to automatically complete the Certificate enrollment.

  • If you do not complete your verification process soon, thawte may reject your Digital Certificate request and may send you an email informing you that your Digital Certificate has been Bogused / Rejected.

    However, should you subsequently complete the authentication formalities within 90 days of the Enrollment Date, thawte would issue you your Digital Certificate.

Once you have completed all these formalities, thawte will issue the Certificate and email you a confirmation.

Step 4. Check the Status of your Digital Certificate and retrieve your Digital Certificate

Once you have completed the enrollment process, thawte would begin verifying the data you have submitted to them and once satisfied, issue you your Digital Certificate. You can continue checking the status of your Digital Certificate request from your Control Panel and retrieve the same from your Control Panel itself. See details

Listing, Searching and Managing Digital Certificate Orders

In order to manage your Digital Certificate Orders, you need to search for them from within your Control Panel with , and access
their Order Information view.

To List/Search and Manage Digital Certificate Orders

  1. Login to your Control Panel:

    For Resellers: See details

    For Customers: See details

  2. Next, click

    For Resellers: Products -> List All Orders.

    For Customers: Manage Orders -> List/Search Orders.

  3. Search for the Digital Certificate Orders by selecting Digital Certificate under the For Product drop-down menu.

    Note

    For Resellers: You may search for Orders belonging to your Sub-Resellers by selecting the Include Sub-Reseller's results
    check box.

  4. On the next page, you would see a list of Digital Certificate Orders bought through . Click any domain name to reach its
    Order Information view, from where you can perform any modifications to the Order.

Additional Information

For Resellers: You can also use the Search Bar on the Control Panel home page to bring up the Order Information view for a Digital Certificate Order. This Search Bar will also be available on the topmost menu bar, in every page of the Reseller Control Panel.

  1. Provide the domain name in the search field.

  2. Select Order from the drop-down menu.

  3. Click the Search button.

  4. On the next page, click the Digital Certificate tab.

Additional License

A Digital Certificate by itself can be used to secure a domain name, on a single server only. Each additional server that you plan to host your domain name on, would also need to be similarly secured; and that's where an Additional License is needed. It licenses usage of the same digital certificate across multiple servers.

The advantage of buying Additional Licenses as compared to multiple digital certificates is that, it removes the delay in issuance caused due to generation of a Certificate Signing Request (CSR), completing the Enrollment process and then undergoing the authentication process conducted by thawte. Moreover, Additional Licenses work out to be a much cheaper solution than buying individual digital certificates.

Note
  • Additional License(s) can be bought only at the time of purchasing/renewing the parent Digital Certificate. If however, you have already purchased the parent Digital Certificate without mentioning the number of Additional License(s) required, then you have the following options:

    • If the parent Digital Certificate has been issued in the last 25 days, Deleting the certificate will get you a full refund and then you may purchase another, while mentioning the number of Additional License(s) required. See details

    • If the parent Digital Certificate is over 30 days old, then you have the following two options:

      • At the time of Renewal of the parent Digital Certificate, you specify the required number of Additional License(s)

        OR

      • You can Delete the parent Digital Certificate order and purchase another, while mentioning the correct number of Additional License(s) required.

  • You cannot specify the duration of an Additional License while purchasing the same. The duration of an Additional License will depend upon the duration of its parent Digital Certificate.For example, if you
    are purchasing a Digital Certificate for one year, then an Additional License for such a Digital Certificate will be a one year License. Likewise, it will be a two year Additional License if the duration of the Digital Certificate is two years.

  • Additional License(s) can only be used for servers which have the same software installed on them and the same associated common name.

    Additional Information
  • Once purchased, an Additional License cannot be deleted. However, deletion of the parent Digital Certificate would render the Additional License(s) invalid.

  • You need to simply retrieve the parent Digital Certificate and install the same on multiple servers. The number of servers (excluding the primary server) on which the Digital Certificate can secure your domain name will be equal to the total number of Additional Licenses you have purchased for this Digital Certificate.
    See details
    See details

  • To renew Additional License(s), you need to simply renew the parent Digital Certificate, while specifying the number of Additional License(s) needed. This is because an Additional License is, in fact, just a license to use the parent Digital Certificate across multiple servers. See details

Types of Digital Certificates available through Techzone India

sells four types of thawte Digital Certificates. They are as follows:

SGC SuperCert

The Server Gated Cryptography (SGC) digital certificate is our premium SSL certificate, providing the highest possible protection in all circumstances. The SGC SuperCert offers 256-bit encryption in all browsers (released after Microsoft Internet Explorer 4.x or Netscape 4.06). In older-browsers it ensures a minimum of 128-bit encryption to 99.9% of all users, even if the user's browser supports only
40-bit or 56-bit encryption.

Note

You need an SGC SuperCert instead of our Web Server Certificate, if any of the following are true for your business:

  • You have an International (non-US) audience/customer-base, or/and

  • You need to provide the highest possible encryption for each and every visitor to your website, or/and

  • You conduct medium to high-value e-commerce transactions via your web interface.

SGC SuperCert Features and Benefits

Encryption

256-bit with lowest possible encryption level of 128-bit protection for 99.9% of users even with older browsers

Browser Ubiquity

Highest in industry

Certificate Details

Domain and identity authentication and verification

Certificate Authentication

Stringent Business Verification and Authentication

Average Issuance Speed

Less than 2 days

thawte Trusted Site Seal

Yes - free (available in multiple languages)

Root CA

Yes

Free Reissues

Upto 5 times from Issuance until Expiry See details

Secures Internationalized Domains

Yes (thawte is the first Certification Authority to have all its SSL certificates support IDN character sets.)

SGC Technology

Yes (only a few CAs can offer this.)

Web Server Certificate

The thawte SSL Web Server Certificate offers comprehensive authentication procedures (domain name and identity verification). It also offers 256, 128, 56 or 40-bit encryption depending on your client's browser capability and the cipher suite installed on your web server. This ensures that information is kept private while in transit between your web server and your client's web browsers.

Web Server Certificate Features and Benefits

Encryption

Upto 256-bit encryption enabled

Browser Ubiquity

Highest in industry

Certificate Details

Domain and identity authentication and verification

Certificate Authentication

Stringent Business Verification and Authentication

Average Issuance Speed

Less than 2 days

thawte Trusted Site Seal

Yes - free (available in multiple languages)

Root CA

Yes

Free Reissues

Upto 5 times from Issuance until Expiry See details

Secures Internationalized Domains

Yes (thawte is the first Certification Authority to have all its SSL certificates support IDN character sets.)

SGC Technology

No

SSL123 Certificate

SSL123 is thawte's entry level certificate which provides validation that your domain is registered and that you have authorized the purchase of the certificate. Through SSL encryption, the certificate assures that information is kept private between your web server and your client's web browsers.

Note

Your choice of digital certificate depends mainly on whether you require your company details added to the certificate contents. If not, then SSL123 is an ideal choice of product as it provides the added benefit of quick issuance.

SSL123 Certificate Features and Benefits

Encryption

Upto 256-bit encryption enabled

Browser Ubiquity

Highest in industry

Certificate Details

Domain name verification only

Certificate Authentication

Domain name check and validation

Average Issuance Speed

Less than 1 day

thawte Trusted Site Seal

Yes - free (available in multiple languages)

Root CA

Yes

Free Reissues

Upto 5 times from Issuance until Expiry See details

Secures Internationalized Domains

Yes (thawte is the first Certification Authority to have all its SSL certificates support IDN character sets.)

SGC Technology

No

Wildcard Server Certificate

The thawte Web Server Wildcard Certificate allows you to conveniently secure multiple sub-domain names on one domain name on the same server using *.yourdomainname.com pattern for the common name. You need not spend time, money and effort on obtaining certificates for different sub-domain names on a domain name.

The Wildcard Server Certificate offers comprehensive authentication procedures (domain name and identity verification). It also offers 256, 128, 56 or 40-bit encryption depending on your client's browser capability and the cipher suite installed on your web server. This ensures that information is kept private between your web server and your client's web browsers.

Wildcard Server Certificate Features and Benefits

Encryption

Upto 256-bit encryption enabled

Browser Ubiquity

Highest in industry

Certificate Details

Domain and identity authentication and verification

Certificate Authentication

Stringent Business Verification and Authentication

Average Issuance Speed

Less than 2 days

thawte Trusted Site Seal

Yes - free (available in multiple languages)

Root CA

Yes

Free Reissues

Upto 5 times from Issuance until Expiry See details

Secures Internationalized Domains

Yes (thawte is the first Certification Authority to have all its SSL certificates support IDN character sets.)

SGC Technology

No

Note
  • If you wish to secure your domain name on multiple servers through the use of any of the above Digital Certificates, you need to purchase Additional License(s) for your Digital Certificate. See details

  • The Wildcard Server Certificate does not secure the root domain name. For example, a Wildcard Server Certificate for *.yourdomainname.com will secure all sub-domains on yourdomainname.com, but not yourdomainname.com.

  • The Certificate issuance speed depends upon a lot of factors like the Admin or Technical Contact may not have completed thawte's verification yet. This could lead to the overall delay in the Certificate issuance.

Digital Certificates that would suit your business

Depending upon the type of application/interface you wish to secure, you may choose one of the four digital certificates sold by :

Typical Applications for Digital Certificates

SGC SuperCert

Web Server and Wildcard Cert

SSL123 Cert

Securing Web domains

Yes

Yes

Yes

Securing gateways (eg. Citrix Secure Gateways)

Yes

Yes

Yes

Securing multiple hosts for a domain on the same server

N/A

Yes (with Wildcard Cert)

N/A

Securing web forms for e-commerce sites

Yes

Yes

Yes

Securing IMAP/POP Mail Servers such as Microsoft Exchange and Outlook Web Access

Yes

Yes

Yes

Securing SMTP mail transfers through STARTTLS (Start Transport Layer Security) connections

Yes

Yes

Yes

Securing transfer connections to FTP servers (FTPS connections)

Yes

Yes

Yes

SSL VPN.s

Yes

Yes

Yes