Obtaining Digital Certificates
The instructions in this document are specific to SSL certificates. For other types, contact the Digital Certificates Manager for more information. Note that the certificate request instructions below depend on the Thawte website, which may change. Should you have questions, please contact the Digital Certificates Manager.
Information Technology Services (ITS) has an account with Thawte under which Digital Server Certificates can be obtained. The cost for a new SSL certificate is $149.40. Renewal SSL certificates are $99.50. (ITS assesses no processing charge. The amounts are Thawte's charge for certificates.) The process of obtaining a certificate under this contract is somewhat simpler than the process required to set up your own account with a certificate supplier.
Before you can request a certificate at the Thawte website, you must have a Thawte user ID. Go to http://www.thawte.com/ and sign up for a "free personal e-mail certificate" under the Products menu. This will establish a Thawte ID for you. You will need to send that ID to (As manager of the Iowa State University account, the Digital Certificates Manager must authorize your Thawte ID before you can proceed.) The subject line of your message should say "Thawte Certificate Request". In the message, along with the ID, you should identify the machine for which you will be making a request.
To obtain a certificate under the Iowa State University account, please send an intramural purchase order for either $149.40 for a new certificate or $99.50 for a renewal to IT Services, 271 Durham Center, Attn: Bill Frazier. The item description for the intramural should be "Digital Certificate for <the-name-of-your-server>". If you wish to FAX the intramural, it should be addressed to Bill Frazier at 515-294-1717.
After submitting the intramural, you may proceed with generating the certificate request.
Step 1: Generate CSR (Certificate Signing Request)
Generate your CSR as prescribed by your web server software. You will need the CSR when you go to the Thawte Website to request your certificate. It is recommended that you specify at least a 1024-bit key length when generating your CSR. Some browsers have begun issuing warning messages if the key length is less than 900 bits, and users may find these messages confusing or alarming.
Step 2: Go to Thawte
-
Connect to Thawte
http://www.thawte.com/ -
Login
At the top of the screen, there is a "quick login:" dropdown menu. Select "SPKI console" and login using your Thawte ID. -
Select ISU Account
Select the "account" menu (left side of the screen). From the Account page, select "ISU". If you do not see ISU as an option, contact the Digital Certificates Manager for more information. -
Select Product
Select the "my products" menu, select "request" if you are obtaining a new certificate. If this is a renewal of an existing certificate, select "renew". -
Select Certificate Type
The only certificates we issue are "SSL Web Server Certificate" and "Code Signing Certificate". If you are setting up a webserver to do SSL, you want a "SSL Web Server Certificate". Select the appropriate certificate type and proceed. -
Enter Order Number (Renewal Requests)
The order number is the ID string associated with your certificate. It will be of the form USIOWAxxxx , where xxxx is some combination of numerals and dashes. (The reminder email about certificate expiration that you get from Thawte will include this value.)
Step 3: Complete the Form (New Requests)
Fill in the form. Listed below are the fields you need to fill in (do not touch other checkboxes, etc):
-
Certificate Signing Request (CSR)
Read, then delete the stuff pre-loaded in the text area box. Paste the contents of your Certificate Signing Request (CSR) file here, as generated by your software. Make sure you include the full BEGIN and END lines and all dashes. -
Web Server Software
Apache-ModSSL (depends upon what you're using) -
Number of additional licenses
0 (zero)
Next (button at bottom of page)
-
Background Information
Select an appropriate answer such as "University Department". -
DUNS Number
Leave blank. -
Corporate Contact Person
Full name: William Frazier Job title: Assistant Director Telephone: +01 515 294 8620 Email address: certificate-request@iastate.edu -
Technical Contact Person
Full name: <person responsible for this server> Job title: <title> Telephone: <phone number> Email address: <email address> -
Billing Contact
Select "Same as corporate contact".
Next (button at bottom of page)
-
Privacy Protection Password
This is the password that will be required to view the status of, and retrieve the actual copy of, your certificate. Do not forget it!
Next (button at bottom of page)
-
Subscriber Agreement for Certificate Request
Read, verify all your information, and click "Accept".
Step 4: Read Email Confirmation from Thawte
If all goes well, you'll almost immediately get email from Thawte noting that they have received the request with something like the following in the subject line:
Subject: Thanks for your Certificate Request: USIOWA999: <xxx>.iastate.edu
Step 5: Accessing Your Certificate
When your certificate is ready, you'll get another email; go to the URL as instructed in the email.
Step 6: Download Your Certificate
At the given URL, select:
Standard Certificate Format (this is what we use).
Fetch Certificate.
