|
Adding a new SSL certificate to your site
For SSL to function a digital certificate
must be obtained from a Trusted Certificate Authority such as
Verisign or Thawte. Certificates are bound to a particular
domain name and cannot be moved. A
domain name and certificate must be attached to a dedicated Internet
Address in order to work. To learn more, read about
How the Secure Socket Layer and Certificates Work.
This page is divided into two sections: part one
is a clear description of what the trusted certificate authority will
want from you; part two is step-by-step
instructions on how to generate the certificate request and install your
certificate.
Required documentation
These requirements are the requirements that Thawte, our authority of
choice, has defined. Please note that these requirements may
change at any time and you should always contact Thawte for current
information. Do not fax Thawte information unless it is
necessary as defined below or they request it. Thawte needs to
verify that:
company is
registered
in one or more countries
Your company information matches
the information in the request
Your company owns the
Internet Domain Name
in the request.
1. Contact
information
There are three
contacts associated with a request; authorizing, technical, and
billing. Often all three are the same person, but they may be
different individuals. For each contact you will need:
-
Their legal name, title, phone number,
extension & email address
-
They must be an employee of the company
requesting the certificate
-
Email addresses cannot be from a free
web-based email account (Yahoo, Hotmail, Netscape,
etc.)
2.
Proof of Organizational Name
For
some international customers and most states in the USA Thwate will
determine the legal status without any documentation.
Internationally this includes the following countries:
Australia, Austria,
Bahamas, Belgium,
Belize, Brazil,
Bermuda, Canada,
Cayman Islands, Chile,
Costa Rica, Denmark,
Estonia, Finland,
France, Germany,
Ireland, Italy,
Latvia, Netherlands,
Netherlands Antilles,
Norway, New Zealand,
Romania, Singapore,
South Africa, Spain,
Sweden, Switzerland,
Virgin Islands, and the
United Kingdom. All other customers will need to fax
documentation to Thwate.
In
the USA only customers in the states of Delaware,
Nebraska, New Hampshire,
New Jersey, New York
and Oklahoma will need to fax
documentation to Thwate.
If
you need, or are requested to send documentation, the following
documents may be used:
-
Articles of Incorporation
-
VAT Certificates (International)
-
Business License
-
Certificate of Formation
-
Doing Business As
-
Registration of Trade Name
-
Charter Documents
-
Partnership Papers
-
Fictitious Name Statement
-
Vendor/Reseller/Merchant License
-
Merchant certificate
-
US Tax Licenses for Non-profit Organizations
and Sole Proprietorships (In either case the State Tax documents
must list the Organization as Non-profit or Sole Proprietor.)
Federally issued tax licenses in the USA
are not accepted.
In the USA the following specific state and city tax documents are
acceptable:
-
Arizona
-
Florida
-
California:
-
City of Anaheim - Business Tax Certificate
-
City of Carson - Business Tax Certificate
-
City of Newport Beach - Business Tax
Certificate: Sellers Permit
-
City of San Diego - Certificate of Payment of
Business Tax
-
City of Santa Clara - Annual Business Tax
Certificate/Fire Permit
-
City of San Jose Business Tax Certificate
-
City of Santa Rosa - Business Tax certificate
-
City of Santa Teresa - Business Tax
Certificate
-
City of Stockton - Business License Tax
Certificate
- Colorado - Sales Tax License
- Connecticut - Sales Tax and Use License
- Georgia-Columbia County Occupational Tax
/ Business Licensing
- Indiana - Registered Retail Merchant
Certificate
- Illinois
- Iowa - Retail Sales Tax permit
- Kansas - Sales Tax Registration
Certificate
- Maine - Seller's Certificate
- Maryland
- Massachusetts - Sales and Use Tax
Registration
- Mississippi
- Missouri
- Nebraska Sales Tax Permit
- New Jersey
- New York
- North Carolina - Merchant Certificate of
Registration
- Ohio - Vendors license
- Oklahoma - Sales Tax Permit
- Pennsylvania- Sales & Use & Hotel
Occupancy Tax License
- Rhode Island - Permit to Make Sales at
Retail
- South Carolina - retail license
- South Dakota - Sales tax License
- Texas
- Virginia - "Virginia Sales Tax"
Certificate
- Washington
- West Virginia - Business Registration
Certificate
- Wisconsin - Sellers Permit
3.
Proof of Right to Use Domain Name
Before Thawte can
issue a certificate, the domain name registration must be verified
against the organization name
provided during enrollment. If this name does not
match, then you will have to do one of the following:
- Change the name of the domain registrant
to match.
- Fax an
officially filed state/government documentation that shows a
legal, "family" relationship between the domain registrant and
your Organization (For example, affiliate or subsidiary
relationship).
- Fax an
officially filed state/government documentation that shows a
legal change of name, from the name registered with your domain
registration agency to your existing business name.
- Contact Thawte after the enrollment process is completed to
have them generate a pre-populated domain release letter which
must be sent back on the letterhead of the actual domain
registrant.
4. Proof of Organizational Telephone Number
Thawte will contact the organization using a phone number provided
by a third-party, such as a telephone directory, directory
assistance, or an approved online directory. Your
organization must be listed, or you must contact Thawte to make
other arrangements that can be verified, such as a notarized letter.
Procedure to request and install a certificate
- Assign a dedicated Internet Address to the domain using
H-Sphere. Navigate to the domain information in H-sphere and
change the domain to use a dedicated address:
- Generate a digital request for a certificate using the
domain name and corporate information using H-Sphere. From the
main administration screen click on the SSL icon. Click on the
button to turn on SSL
for the domain:
This will take you to a screen to generate an SSL
Certificate Signing Request, a digital request which will be
sent to a certificate authority:
Click on the link to go to the request form:
The information required for the certificate is very
straightforward. When you apply for the certificate you will
have to provide legal documentation for your company. To
simplify the process, make sure that the company name and location
here exactly matches the company information in the documentation.
Also make the ownership of the web site exactly matches the company
information. What you call the organization unit is not
important to the certificate authority.
When you click on submit the certificate signing request will be
generated:
The first field is the certificate signing request which will be passed to
the certificate authority in the next step. The second field
is the private key you will need again when the
certificate is installed. The third field is a temporary
certificate which can be installed (with the private key) until the
real certificate is issued. The temporary certificate will be
installed if you click the Submit Query button at the page
bottom. You can test your site with the temporary certificate,
but the browser will report that issuing authority is invalid.
Very important: Save copies of the private key and
certificate request in a secure location. You will need the
private key to install (or reinstall) the certificate once it is
issued. You will also need the request again in one year to
renew the certificate.
- Certificates may be purchased for one or two years.
The certificate authority should assign a certificate code to
the request and ask you to provide a password to protect it.
It is very important that you save the certificate code and password
in a secure place with your private key and original certificate
request. You will need this information to renew the
certificate before it expires.
Click the button to start a new certificate request with Thawte
using our embedded application. Use the center section of the
form, ssl web server certificates, and select a one or two
year certificate:
- Install the certificate on the Web site using H-Sphere.
Launch the SSL manager from the control panel icon, and then click
the edit icon to reach the window where the certificate may be
installed:
Copy the certificate into the first text field,
exactly as it came from the authority. Do not edit it or
change any line breaks. Include all of the text from --- BEGIN
CERTIFICATE --- through --- END CERTIFICATE ---.
Because this certificate was issued against the
request that we previously made, it is placed in the first
text field on this page. The subsequent fields are only used
if you are moving an existing certificate
into this system.
Click on the submit button to install the
certificate.
Back up the certificate you received along with the
private key, certificate request, certificate code and password.
This information, especially the private key, is very sensitive and
must be protected.
This completes the procedure to request and install a
certificate. |
|