VeriSign is one of the oldest and largest providers of Digital IDs on the Internet. The majority of secure Web sites prefer to use VeriSign IDs. For more information on VeriSign and their products, visit their Web site at http://www.verisign.com/.
Ordering a Digital Certificate from VeriSign
This section describes the four basic steps to obtain your own Digital Certificate as quickly as possible.
Currently, certificates issued by VeriSign cost $349 and are valid for one year. Renewals currently cost $249 per year. VeriSign’s prices are subject to change, so check their Web site for up-to-date pricing.
Step 1: Request a Certificate from VeriSign
To simplify the process of requesting a Digital Certificate from VeriSign, we have created a form that you can send to us. Follow these steps to submit the following Certificate Generation Request to us so that we can forward the information to VeriSign or Thawte:
- Fill out the following Certificate Generation Request form at https://www.4domains.com/ecommerce/csr.html.
Step 2: Forward your CSR to Verisign.
- After receiving this form, BLUEHILL.com will produce a Digital ID request and send it to you. You can then forward it to Verisign.
Your CSR will look something like this:
-----BEGIN NEW CERTIFICATE REQUEST-----
MIIBJTCB0AIBADBtMQswCQYDVQQGEwJVUzEQMA4GA1UEChs4lBMHQXJpem9uYTEN
1UEBxMETWVzYTEfMB0GA1UEChMWTWVs3XbnzYSBDb21tdW5pdHkgQ29sbGVnZTE
A1UEAxMTd3d3Lm1jLm1hcmljb3BhLmVkdTBaMA0GCSqGSIb3DQEBAQUAA0kAMEYC
QQDRNU6xslWjG41163gArsj/P108sFmjkjzMuUUFYbmtZX4RFxf/U7cZZdMagz4I
MmY0F9cdpDLTAutULTsZKDcLAgEDoAAwDQYJKoZIhvcNAQEEBQADQQAjIFpTLgfm
BVhc9SQaip5SFNXtzAmhYzvJkt5JJ4X2r7VJYG3J0vauJ5VkjXz9aevJ8dzx37ir
3P4XpZ+NFxK1R=
-----END NEW CERTIFICATE REQUEST-----
Step 3: Return your Certificate to us
After requesting your certificate from Verisign or Thawte you will need to verify your idenity to the signing agency. Each agency has their own process for this. Once your signing authority verifies everything they will send you a certificate, which will look something like this:
-----BEGIN CERTIFICATE-----
MDS/1TCCAmagAwIBAgIDAT5NMA0GCSqGSIb3DQEBBAUAMIHEMQswCQYDVQQGEwJa
QTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAb
BgNVBAoTFFRoYXd0ZSBfdfTRY45fdW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0
aW9uIFNlcnfdgfdgRFfdgFDG34dfeRkwFwYDVQQDExBUaGF3dGUgU2VydmVyIENB
MSYwJAYJKoZIhvfdgfdgrdFDF4533XItY2VydHNAdGhhd3RlLmNvbTAeFw0wMDA4
MDMxNjA4NTBaFw0wMTA4MTcxNjA4NTBaMIGaMQswCQYDVQQGEwJVUzETMBEGA1UE
CBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLUGFsbSBEZXNlcnQxLDAqBgNVBAoTI0Js
dWViZXJyeSBIaWxsIENvbW11bmljYXRpb25zLCBJbmMuMRcwFQYDVQQLEw5XZWIg
T3BlcmF0aW9uczEZMBcGA1UEAxYQKi40ZWNvbW1lcmNlLmNvbTCBnzANBgkqhkiG
9w0BAQEFAAOBjQAwgYkCgYEAtdJx7c2wB5fVHDNp1BxRFZKMLPVDGjbO7akQk4mB
7yj/4BotGjKTdorJD8FLBfO0sKXinZ2YMpj8RNln8l4a46/4gp39Bw04qqR8u97N
oIpKMC9Oh4rNw08BoaIwZlggwYo5Jk65Y/cFfhr6vKDgCjc2FyLJ8/kBVzR7laRi
scUCAwEAAaMlMCMwfdsgfdgfdRYTRgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAN
BgkqhkiG9w0BAQQFAAOBgQAhqQ4TE/jBYGhDlc/F1G/1VZMqF3snuxM2rCyp12G0
yOkG9q/NlbUNtRCbn9gB3XQgV6yBhpQ32TlSO2K1zF2wJesJDXc2irNVDdVB01Rh
oEQ/UTWXYffdsfdeWFwGTMnNyXwopMYP/hpRInwnTOu19QuLgGg0t+/cSX8JXesQ
nw==
-----END CERTIFICATE-----
Send this to support@bluehill.com and our support staff will install this on your NT server account.
12.2.2 Thawte
This section describes the four basic steps to obtain your own Digital Certificate from Thawte.
Currently, certificates issued by Thawte cost $159 and are valid for one year. Renewals currently cost $127 per year. Thawte’s prices are subject to change, so check their Web site at http://www.thawte.com/pricing.html for up-to-date pricing.
For more information on Thawte and their products, visit their Web site at http://www.thawte.com/.
Step 1: Request a Certificate from Thawte
To simplify the process of requesting a Digital Certificate from Thawte, we have created a form that you can send to us via email.
Follow these steps to submit the following Certificate Generation Request to us so that we can forward the information to Thawte:
- Fill out the following Certificate Generation Request form at https://www.4domains.com/ecommerce/csr.html.
Step 2: Check the Verification Message for Accuracy
After receiving the Digital ID request, Thawte sends a verification message back to BLUEHILL.com. We then forward a copy of that message back to you. A very important part of that message is an encrypted UIN tracking request that looks something like the following:
-----BEGIN NEW CERTIFICATE REQUEST-----
MIIBJTCB0AIBADBtMQswCQYDVQQGEwJVUzEQMA4GA1UEChs4lBMHQXJpem9uYTEN
1UEBxMETWVzYTEfMB0GA1UEChMWTWVs3XbnzYSBDb21tdW5pdHkgQ29sbGVnZTE
A1UEAxMTd3d3Lm1jLm1hcmljb3BhLmVkdTBaMA0GCSqGSIb3DQEBAQUAA0kAMEYC
QQDRNU6xslWjG41163gArsj/P108sFmjkjzMuUUFYbmtZX4RFxf/U7cZZdMagz4I
MmY0F9cdpDLTAutULTsZKDcLAgEDoAAwDQYJKoZIhvcNAQEEBQADQQAjIFpTLgfm
BVhc9SQaip5SFNXtzAmhYzvJkt5JJ4X2r7VJYG3J0vauJ5VkjXz9aevJ8dzx37ir
3P4XpZ+NFxK1R=
-----END NEW CERTIFICATE REQUEST-----
In addition to the tracking request, the verification message contains the information you provided about yourself. You should verify this information for accuracy. If an error is found, you should repeat Steps 1 and 2.
Step 3: Send an Authorization Letter to Thawte
After you receive the verification message, you need to visit Thawte’s Web site:
In this form there is a box where you should enter the UIN tracking section of the verification message that you received. Copy and paste the entire UIN tracking information from the email you received, just like the example shown in Step 2, and paste it into this form, then press Continue. This will take you to Thawte’s Enrollment Form.
After filling out all the information, your completed Authorization Letter will appear on the screen. Please review this letter for accuracy. If everything is correct, press “AGREE.” This finalizes the sign-up process. Thawte will then send an email message back to you containing a personal identification number (PIN). Use this PIN in all correspondence with Thawte concerning the processing of your Digital ID.
Step 4: Notify Us when You Receive Your Key Pairs
Once you have submitted your authorization letter to Thawte, you can expect a waiting period of up to three weeks while Thawte generates your secure key pairs. Please contact Thawte directly if you have concerns or questions about this process.
When the key pair generation process is complete, Thawte will send you a Secure Key in an email message. Forward a copy of this email message to support@BLUEHILL.com so that we can install the certificate on your Web server. Please allow 2 business days (48 hours) for the certificate installation.
12.3 Renewing Your Digital Certificate
Digital Certificates obtained through VeriSign or Thawte are issued for a period of one year. Prior to the end of that period, you will be reminded by your Certification Authority that you need to renew your certificate.
The process of renewing a certificate is identical to the process of obtaining a new one. To renew your certificate through VeriSign or Thawte, follow the instructions for Obtaining a Digital Certificate as outlined for either VeriSign or Thawte.
12.4 Using SSL: The HTTPS Protocol
Once your Digital Certificate is installed on your Web server, you will be able to connect to your Web server using the HTTPS protocol on an SSL-enabled Web browser such as Netscape Navigator or Microsoft Internet Explorer. Any file thatis transmitted from your Web server to a Web browser using the HTTPS protocol is considered secure. For example, you could get the BLUEHILL.com order wizard from either of the following URLs:
The only difference between the addresses is the protocol (http vs. https). However, only the URL using the https protocol would be considered secure. Whenever you want to link to a page from within your Web site, and you want that page to be transferred in secure mode, be sure to use the https protocol.
12.5 Frequently Asked Questions About SSL
- What is SSL (Netscape encryption)?
- As an add-on feature, BLUEHILL.com offers Secure Socket Layer (SSL), also referred to as "Netscape encryption." SSL allows a Web browser to securely communicate with your BLUEHILL.com NT Solution through an encrypted session. SSL is often used to transfer credit card numbers and other sensitive information.
- What does a Digital Certificate do?
- A server uses a Digital Certificate to prove its authenticity. The Digital Certificate establishes a legal relationship between a legitimate company and their Web site.
- What is the cost for SSL?
- The prices vary depending on which service provider you choose. Currently, the cost of purchasing a Digital Certificate from VeriSign is $349 for the first year and $249 for each year thereafter. For Thawte, the cost is $159 for the first year and $127 for each year thereafter. Because their prices are subject to change, you should visit these service providers’ Web sites for up-to-date pricing:
VeriSign Pricing: http://www.verisign.com/products/site/index.html
Thawte Pricing: http://www.thawte.com/pricing.html
In addition, we charge a one-time $75 setup fee for installing SSL and a $25 monthly fee.
- Can I use SSL encryption on a BLUEHILL.com NT Advantage or NT Starter?
- No. SSL can only be used on BLUEHILL.com NT Advantage Plus or BLUEHILL.com NT Advantage Pro account.
- Can I order SSL encryption after my server has been setup?
- Yes. SSL can be added to your BLUEHILL.com NT Solution at any time.
- How long does it take to set up SSL encryption?
- SSL can be added to your BLUEHILL.com NT Solution anywhere from 2 to 3 days. Unless you decide to use BLUEHILL.com SSL. There is a charge of $50/one-time setup and $5/month thereafter. With this feature, you can have SSL setup within one business day. With
the BLUEHILL.com SSL certificate a warning message will appear on the client's machine warning them that the certificate does not match the Web page's URL.
Technically, if you do not mind the warning message you do not need to purchase a new certificate as the BLUEHILL.com SSL is fully-functional.
- What additional information will BLUEHILL.com need to setup encryption?
- To add encryption, BLUEHILL.com only needs the DNS name associated with the virtual server. You will need to provide directly to VeriSign additional documentation for ordering the Digital Certificate.
- What information will I need to provide to VeriSign to get a certificate?
- To purchase a certificate from VeriSign, you must provide to them a signed copy of either a business license or articles of incorporation. You must also supply a signed copy of the VeriSign Web masters form letter. More information about Digital Certificates is available at URL http://www.VeriSign.com.
- What is a Challenge Phrase?
- VeriSign requires you to enter a Challenge Phrase, which is used like a password for future actions against your Digital ID. For example, if you lose your key pair, or your Digital ID is otherwise compromised, you must provide your Challenge Phrase to the Digital ID Center to verify that you are authorized to request revocation of the Digital ID. Choose a Challenge Phrase that will be easy for you to remember but hard for someone else to guess. Neither VeriSign nor BLUEHILL.com will have access to your Challenge Phrase, so you must remember it. You will need this phrase later if you wish to revoke your certificate.
- What if I want additional licenses/certificates for other Web sites I support?
- You can only use the same license for multiple sites if the domain name is registered to your company. In this case, you need to pay only the yearly renewal fee ($249 for VeriSign, $100 for Thawte).
- How do I order a Digital Certificate?
- To avoid potential problems, it is best to coordinate ordering certificates with BLUEHILL.com. For detailed information about the process of ordering your own certificate, please see the section of this guide entitled, “Obtaining a Digital Certificate.” Certificate processing takes about 2-3 weeks.
- How do I activate SSL?
- In order to activate SSL, simply change the URL to read "https" instead of "http." For example:
"https://www.mydomain.com/pagepath/mywebpage.html"
