Digital Certificates

A Digital Certificate is a document which gives your customers the assurance that your Web Site is legitimately yours and not an impostor's. A Digital Certificate will also provide you with a legal basis for transactions on the Internet.

Additional information about Digital Certificates is presented below in the following sections:

The Default Digital Certificate
Ordering Your Own Digital Certificate
SSL and Digital Certificate information from the FAQ

NOTE: Thawte Digital Certificates are supported by MSIE 4.0+ and Netscape 3.0+ web browsers.

One note about Digital Certificates, you can only support one Digital Certificate per Virtual Server. Therefore, virtual subhosts which share the same Virtual Server, must also share the same Digital Certificate.


The Default Digital Certificate
It really isn't necessary to order your own Digital Certificate. You can instead use our default Digital Certificate included with your Secure Server. As was stated earlier, the Digital Certificate includes information about the ownership of the certificate. When your clients visit your Secure Web Site, their browser (Navigator, MSIE, etc) will check the domain name on the certificate to see if it matches the site name included in the URL. If a match is not found, a "warning" is generated and displayed to your client. The "warning" states that the domain names do not match and that "it is possible, though unlikely, that someone may be trying to intercept communication with this site" (taken from Netscape Communicator 4.04).

Actually, the domain name mismatch in no way hinders the security of the transactions. The warning simply notes that the domain name included with the Digital Certificate ownership information does not match the domain name of the web site requested. The transaction is still secure. Even though the warning is couched in "unlikely" terms, many of your clients may feel uncomfortable conducting a transaction with you after such a warning is generated.


Obtaining Digital Certificates from VeriSign and Thawte

NOTE: On December 20, 1999, it was announced that VeriSign, Inc. had acquired Thawte Consulting. It is not yet clear what effect this will have on the services provided by each of these companies.

There are several companies, called Certificate Authorities (CA's), that issue Digital Certificates. The two largest and most widely supported CA's are VeriSign and Thawte. VeriSign's prices are somewhat higher than those of Thawte, however VeriSign certificates are supported by a larger number older web browsers.

In the explanation included below, the steps necessary to obtain a Digital Certificate from VeriSign and Thawte are discussed. The process required to obtain a Digital Certificate from other signing agencies is very similar. Our Support Staff will be able to assist you with special differences that may exist in obtaining a Digital Certificate from a specific signing agency.

To order and install a VeriSign or Thawte digitally signed certificate you will need to do the following:

  1. First, a "Certificate Signing Request" or CSR must be submitted to VeriSign or Thawte on behalf of your company (or organization).

    1. Fill out the Certificate Request Form and e-mail it to "vcert@littletechshoppe.com". Be sure you indicate in the form whether you are requesting a VeriSign or Thawte certificate.
    2. ALTS, LLC will then formulate a "Certificate Signing Request" from the information you provide and return this Request to you. Included in the Request is a block of information delimited by the phrase "NEW CERTIFICATE REQUEST". An example of such a block is included here for your reference:

      -----BEGIN NEW CERTIFICATE REQUEST-----
      MIIBJTCB0AIBADBtMQswCQYDVQQGEwJVUzEQMA4GA1UEChs4lBMHQXJpem9uYTEN
      A1UEBxMETWVzYTEfMB0GA1UEChMWTWVs3XbnzYSBDb21tdW5pdHkgQ29sbGVnZTE
      A1UEAxMTd3d3Lm1jLm1hcmljb3BhLmVkdTBaMA0GCSqGSIb3DQEBAQUAA0kAMEYC
      QQDRNU6xslWjG41163gArsj/P108sFmjkjzMuUUFYbmtZX4RFxf/U7cZZdMagz4I
      MmY0F9cdpDLTAutULTsZKDcLAgEDoAAwDQYJKoZIhvcNAQEEBQADQQAjIFpTLgfm
      BVhc9SQaip5SFNXtzAmhYzvJkt5JJ4X2r7VJYG3J0vauJ5VkjXz9aevJ8dzx37ir
      3P4XpZ+NFxK1R=
      -----END NEW CERTIFICATE REQUEST-----

  2. Once you receive the information from ALTS, LLC which includes your "NEW CERTIFICATE REQUEST", you can then initiate your VeriSign Digital Certificate order at the following URL:

        https://digitalid.verisign.com/server/enrollStep4.htm

    or initiate your Thawte Digital Certificate order at the following URL:

        https://www.thawte.com/cgi-bin/server/step1.sioux
        select the "Web Server Certificate" option and "Continue"

    These are the first pages of the VeriSign and Thawte certificate request forms respectively. You must paste your "NEW CERTIFICATE REQUEST" block (in its entirety) in the text area included on these pages. This includes both the BEGIN and END certificate request lines (shown below) as well as all lines in between. It is very important that you include the entire block!

        -----BEGIN NEW CERTIFICATE REQUEST-----

    and

        -----END NEW CERTIFICATE REQUEST-----

    After you have pasted your certificate request block in the text area, press the "CONTINUE" button to work through the rest of the certificate request process. (If you are requesting a Thawte certificate, you will be asked to choose your "Web Server Software" - select "Apache-SSL")

    The information that will be required of you in the subsequent steps includes your company name (or organization name), your street address, etc. At a specific point in the enrollment process, VeriSign and Thawte will require a "challenge phrase" or "password". The "challenge phrase" or "password" will be required on future actions you may wish to take in relation to your Digital Certificate.

    For example, if you lose your key pair, or your Digital Certificate is otherwise compromised, you must provide this Challenge Phrase to the Certificate Authority to verify that you are authorized to request revocation of the Digital Certificate. Choose a word or phrase that is easy for you to remember (or write it down), but would be unfamiliar to anyone attempting to impersonate you. Do not use your mother's maiden name, or any other phrase that could be easily guessed. VeriSign and Thawte do not have access to your Challenge Phrase or Password, so you must remember it.

    After you have chosen a challenge phrase or password, continue with the rest of the enrollment form. The final step in the enrollment process sends the request to VeriSign or Thawte, and a PIN (VeriSign) or Certificate ID (Thawte) is returned back to the user. Use this PIN or ID in all correspondence with VeriSign or Thawte concerning the processing of your Digital Certificate.

  3. Now that your Digital Certificate Order is complete, you need to supply authenticating documentation to the signing agency. VeriSign or Thawte will require various documentation such as a business license, Articles of Incorporation, or other charter documents to verify your organization's identity. Procedures for providing this information will be emailed to you shortly after VeriSign or Thawte has received your Certificate Signing Request. If the information you provided is complete and can be verified, your order will be processed within 3-5 business days.

    Should you need to contact VeriSign with regard to your order, you may do so by phone at 415-961-8820 or by email at support@verisign.com. You will be required to provide your PIN and possibly the challenge phrase.

    Thawte will include a phone number and other contact information after you have submitted your certificate request. You can use this information to contact Thawte should the need arise. You will be required to provide your Certificate ID and possibly the password you selected.

    Please note that A Little Technology Shoppe, LLC cannot act in behalf of you in this matter. Furthermore, ALTS, LLC cannot do anything to expedite the certificate generation process. This is strictly dependent upon VeriSign or Thawte.

  4. After the Digital Certificate has been generated, Verisign will return the signed certificate to you via electronic mail, and Thawte will email you a URL from where you can download your Digital ID. You will need to forward this message to "vcert@littletechshoppe.com". Please allow from 1-3 business days for installation.

Installing a Digital Certificate on Your Virtual Server
Our Customized Apache Web Server makes it possible for you to install your own digital certificate. This provides you with additional power to customize your own Virtual Server to meet your specific needs.

To install your own digital certificate, connect to your Virtual Server via Telnet or SSH and do the following.

  • Place the signed SSL certificate on your Virtual Server in the ~/etc directory with the filename as ssl.cert.

  • Place the proper private key for the certificate in ~/etc directory with the filename as ssl.pk.

    NOTE: The key you need for this is the private key that is created when the CSR was generated. If we generated your CSR you'll need to contact our digital certificate technical support staff and request the private key for your domain. If it was generated elsewhere, you will need to get the private key there.

  • Remove any encryption on your private key. Use the command that matches your Virtual Server O/S: 

    FreeBSD
% openssl rsa -in ssl.pk -out ssl.pk


    BSD/OS
% ssleay rsa -in ssl.pk -out ssl.pk

    NOTE: If your Virtual Server was ordered after December 1, 1999, you are likely running FreeBSD. To find out which O/S your Virtual Server is running, use the uname command: 

    % uname

  • Restart your Apache Web Server: 

    % restart_apache

Copyright © 1996-2000, Last Modified: 21 January 2000A Little Technology Shoppe, LLC (ALTS.NET)®. All rights reserved. All brand names and product names used on these web pages are trademarks, or trade names of their respective holders.