How to Obtain Your Own
SSL Certificate
(Digital ID)

We supports SSL certificates issued by Verisign and Thawte.   Please be aware that the company you choose will bill you directly for a Digital ID.  Pricing is per fully-qualified domain name (e.g. www.samplecompany.com).

A note regarding transfers of existing certificates...
If you wish to transfer an existing certificate from another provider to Sitebot, the certificate can be transferred if it is coming from an existing Irix box running Stronghold SSL software.  The current system admininstrators will need to provide us [via the user or reseller] with the private keys as well as the current certificate.  This information must be submitted to Sitebot's Technical Support department via support@sitebot.com.  If this cannot be done, a new CSR will need to be generated and the steps outlined below will need to be followed.

If you would like to obtain your own certificate, please follow these steps:

1. Complete our Information Form

Fill-out and submit one of the following information forms to begin the process:

For UNIX hosting accounts:
http://yourdomain.com/cgi-bin/secure/ssl (UNIX)

For NT hosting accounts:
http://yourdomain.com/stats/sslset.asp (NT)

A description of required form fields is listed below.

The forms listed above can used to submit requests for both Verisign -AND- Thawte Digital IDS.

Please remember that ALL fields on an SSL request are REQUIRED. If any fields are left blank, we cannot generate the CSR. The biggest offender for this is the 'Organizational Unit' field. If your client does not have a specific organizational unit, we suggest using something like 'Secure Services Division'. Incomplete form submissions will be returned with a request to resubmit accordingly

2. Receive "CSR" via e-mail from Sitebot

After completing our form, we will gather information about your site and generate an encrypted Certificate Signing Request (CSR). The newly generated CSR will be returned to you via email.

At the same time, a 30-day temporary SSL certificate is created on the server. This certificate will expire in 30 days of the date you filled out the form. During this period of time visitors will be able to access your website securely, however, visitors will also be able to detect that a temporary certificate is in place. In addition, visitors may also encounter a message which indicates that their web browser does not recognize the authority who signed its Certificate. Regardless, it is very important that the remaining steps of this procedure be completed in a timely manner.

3. Submit your "CSR" to the Verisign or Thawte

Once you have received the CSR, you will need visit either Verisign or Thawte's website to instigate the enrollment process.  At some point in the enrollment process, you will be prompted to submit the new CSR through their enrollment form.  The enrollment forms can be found at the following locations:

For Verisign:
http://digitalid.verisign.com/server/enrollIntro.htm

For Thawte:
https://www.thawte.com/cgi/server/step1.exe

The company you have chosen will generate an encrypted server "key" and send that to you via email.

When prompted for the Server Software Vendor, enter "Stronghold C2Net"  If this type is not specified, select "Apache SSL".

Verisign is currently displaying a message which reads "warning, the certificate that you are requesting uses a 512 byte key which is insecure". We are advising customers to submit a request for the 512 byte key. The key is still very secure and going to a 768 or 1024 byte key will not increase security considerably but it will impact performance as the stronger encrytion takes longer. We are researching the impact of upgrading our servers from 512 byte to 768 or 1024 byte keys.

4. Receive your server "key" and send it to Sitebot

You should receive your server "key" via e-mail from either Verisign or Thawte shortly after you submitted your "CSR" in step 3 above.  Send the "key" to support@sitebot.com to be installed on the server.  Once completed, your certificate is then activated and you will be able to SSL with your own certificate.  You will receive a notice of completion from Technical Support when the certificate is activated.

Explanation of the form fields you will need to complete:

All fields are required!

Common Name: Your website's fully qualified domain name (e.g. www.YourCompany.com).  The domain name must be registered to the organization specified in this field.  You cannot use the symbols "*" or "?" as part of your Common Name.

Organization/Company: The legal name under which your organization is registered.  Do NOT abbreviate.

Organizational Unit: This is used to differentiate between organizational divisions.  A DBA (Doing Business As) entry is acceptable -or- "Secure Services Department" is commonly used.  Do NOT abbreviate.

City/Locality: Required for organizations registered only at the local level. Do NOT abbreviate.

State/Province: The complete name of the state or province in which your organization is located.

Country: The two-character ISO-format country code (e.g. GB for Great Britain, US for the United States).  Click here for a list of valid country codes.

E-mail Address: Your "CSR" will be sent to this address.

Technical Contact: The person who should receive the certificate and who will provide notice if the Digital ID is compromised.   For example, this may be your organization's webmaster or the appropriate technical support representative at your Internet Service Provider.  Renewal notices are sent to both the technical and organizational contacts.

Organizational Contact: The person within your organization who will take responsibility for the certificate and provide organizational information.  For example, this may be your organization's CEO or the appropriate support person. The organizational contact must be a member of your organization, not a representative of your Internet Service Provider.  Renewal notices are sent to both the technical and organizational contacts.

return to Step 1

Definitions

Digital ID
A collection of electronic data consisting of a Public Key, identifying information about the owner of the Public Key, and validity information, which has been Digitally Signed by a CA. Certified shall refer to the condition of having been issued a valid Digital ID by a CA, which Digital ID has not been revoked.

Digital ID Revocation List ("CRL")
A collection of electronic data containing information concerning revoked Digital IDs.

Certification Authority ("CA")
VeriSign or an entity which is Certified by VeriSign to issue Digital IDs to Users in a VeriSign Digital ID Hierarchy. VeriSign is Customer's CA hereunder.

Digital Signature
Information encrypted with a Private Key which is appended to electronic data to identify the owner of the Private Key and verify the integrity of the electronic data. Digitally Signed shall refer to electronic data to which a Digital Signature has been appended.

Private Key
A mathematical key which is kept private to the owner and which is used to create Digital Signatures or to decrypt electronic data.

Public Key
A mathematical key which is available publicly and which is used to verify Digital Signatures created with the matched Private Key and to encrypt electronic data which can only be decrypted using the matched Private Key.

Back to Main Menu