BIGSEA supports SSL certificates issued by Verisign
and Thawte.
Please be aware that the company you choose will bill
you directly
for a Digital ID. Pricing is per fully-qualified
domain name
(e.g. www.samplecompany.com).
Verisign* |
Thawte* |
Initial Digital ID, first year: US$349
Renewal Digital ID, annually: US$249
NOTE: $249 applies to renewals of all IDs issued after
8/18/97. IDs issued between 8/18/96 and 8/18/97
can be renewed for
$75.
|
Initial Digital ID, first year: US$125
Renewal Digital ID, annually: US$100
|
More pricing info |
More
pricing info |
**Pricing for Digital
IDs is not set or collected by BIGSEA -- Be sure to check the
pricing info
section of the company you chose prior to submitting SSL
requests to confirm
the latest pricing. |
A note regarding transfers of existing certificates...
If you wish to transfer an existing certificate
from another
provider to BIGSEA, the certificate can be transferred if it
is coming from an existing Irix box
running Stronghold SSL software.
The current system admininstrators will need to provide
us [via the user or reseller] with the private keys as well
as the current
certificate. This information must be submitted to
BIGSEA's Technical Support department via
support@bigsea.com.
If this cannot be done, a new CSR will need to be
generated and
the steps outlined below will need to be followed.
If you would like to obtain your own certificate,
please
follow these steps:
1.
Complete our Information Form
Fill-out and submit one of the following information
forms to begin
the process:
For UNIX hosting accounts:
http://yourdomain.com/cgi-bin/secure/ssl (UNIX)
For NT hosting accounts:
http://yourdomain.com/stats/sslset.asp (NT)
A description of required form fields is listed
below.
The forms listed
above can used
to submit requests for both Verisign -AND- Thawte
Digital IDS.
Please remember that ALL fields on an SSL request
are REQUIRED.
If any fields are left blank, we cannot generate the CSR.
The biggest
offender for this is the 'Organizational Unit' field. If your
client does not have a specific organizational unit, we
suggest using something like 'Secure Services Division'.
Incomplete form submissions will
be returned with a request to resubmit accordingly
2.
Receive "CSR"
via e-mail from BIGSEA
After completing our form, we will gather information
about your
site and generate an encrypted Certificate Signing
Request (CSR).
The newly generated CSR will be returned to you via
email.
At the same time, a 30-day temporary SSL certificate
is created
on the server. This certificate will expire in 30 days of the
date you filled out the form. During this period of time
visitors will be able to access your website securely,
however, visitors will also be able to detect that a
temporary certificate is in place.
In addition, visitors may also encounter a message
which indicates
that their web browser does not recognize the authority
who signed
its Certificate. Regardless, it is very important that the
remaining
steps of this procedure be completed in a timely
manner.
3.
Submit your "CSR"
to the Verisign or Thawte
Once you have received the CSR, you will need visit
either Verisign
or Thawte's website to instigate the enrollment
process. At
some point in the enrollment process, you will be
prompted to submit
the new CSR through their enrollment form. The
enrollment
forms can be found at the following locations:
For Verisign:
http://digitalid.verisign.com/server/enrollIntro.htm
For Thawte:
https://www.thawte.com/cgi/server/step1.exe
The company you have chosen will generate an
encrypted server "key"
and send that to you via email.
When prompted for
the Server Software
Vendor, enter "Stronghold C2Net" If
this type is
not specified, select "Apache
SSL".
Verisign is currently displaying a message which
reads "warning,
the certificate that you are requesting uses a 512 byte key
which is insecure". We are advising customers to
submit a request
for the 512 byte key. The key is still very secure and going
to a 768 or 1024 byte key will not increase security
considerably but
it will impact performance as the stronger encrytion takes
longer. We are researching the impact of upgrading our
servers from 512
byte to 768 or 1024 byte keys.
4.
Receive your server
"key" and send it to
BIGSEA
You should receive your server "key" via
e-mail from
either Verisign or Thawte shortly after you submitted your
"CSR"
in step 3 above. Send the "key" to
support@bigsea.com
to be installed on the server. Once
completed, your certificate is then activated and you will
be able to SSL with your own certificate. You will
receive a notice of completion from Technical Support
when the certificate is activated.
Explanation of the
form fields you will need to complete:
All fields are
required!
Common Name: Your website's
fully qualified domain name (e.g. <a
href="http://www.samplecompany.com">www.samplecompany.com). The domain
name must be registered to the organization specified in
this field.
You cannot use the symbols "*" or "?" as part
of your Common Name.
Organization/Company: The legal
name under which
your organization is registered. Do NOT
abbreviate.
Organizational Unit: This is used to
differentiate
between organizational divisions. A DBA (Doing
Business As)
entry is acceptable -or- "Secure Services
Department"
is commonly used. Do NOT abbreviate.
City/Locality: Required for
organizations registered
only at the local level. Do NOT abbreviate.
State/Province: The complete name
of the state
or province in which your organization is located.
Country: The two-character
ISO-format country
code (e.g. GB for Great Britain, US for the United
States).
Click here for a <a
href="http://digitalid.verisign.com/ccodes.html">list of valid country codes.
E-mail Address: Your
"CSR" will be sent
to this address.
Technical Contact: The person who
should receive
the certificate and who will provide notice if the Digital ID
is compromised. For example, this may be your
organization's
webmaster or the appropriate technical support
representative at your Internet Service Provider.
Renewal notices are sent to
both the technical and organizational contacts.
Organizational Contact: The person
within your
organization who will take responsibility for the certificate
and provide organizational information. For
example, this may be your organization's CEO or the
appropriate support person. The
organizational contact must be a member of your
organization, not
a representative of your Internet Service Provider.
Renewal notices are sent to both the technical and
organizational contacts.
return to Step 1
Definitions
Digital ID
A collection of electronic data consisting of a
Public Key, identifying information about the owner of
the Public Key, and validity information, which has been
Digitally Signed by a CA. Certified shall refer to the
condition of having been issued a valid
Digital ID by a CA, which Digital ID has not been
revoked.
Digital ID Revocation List
("CRL")
A collection of electronic data containing
information concerning revoked Digital IDs.
Certification Authority ("CA")
VeriSign or an entity which is Certified by
VeriSign to issue Digital IDs to Users in a VeriSign
Digital ID Hierarchy. VeriSign is Customer's CA
hereunder. Digital Signature
Information encrypted with a Private Key which
is appended to electronic data to identify the owner of
the Private Key and verify the integrity of the electronic
data. Digitally Signed shall refer to electronic data to
which a Digital Signature has been appended.
Private Key
A mathematical key which is kept private to the
owner and which is used to create Digital Signatures or
to decrypt electronic data.
Public Key
A mathematical key which is available publicly
and which is used to verify Digital Signatures created
with the matched Private Key and to encrypt electronic
data which can only be decrypted using
the matched Private Key.
return to top
|