6
An Important Note Before You Start:
By far the
most common problem users have when going through this process is
related to private keys. If you lose or cannot access a private key,
you cannot use the certificate we issue to you and will need to request
a free reissue. To ensure this never happens, we advise that a backup
of the private key file is made and that a note is made of the password
that is used to protect the export of the private key.
Note: In the interest of better security and the enablement
of greater trust, we have decided that 1024-bit keys will now be the
minimum strength used in the issuance of thawte digital certificates.
Under Administrative Tools, open the Internet Services Manager. Then
open up the properties window for the website you wish to request the
certificate for. Right-clicking on the particular website will open up
its properties.
Click the Directory Security tab and then click on the "Server
Certificate" button in the Secure communications section. This will
start the Web Site Certificate Wizard.
From the Web Site Certificate Wizard, select the "Create a new Certificate" option.
Select the "Prepare the request now, but send it later" option from
the list.
You will need to prepare the request now but will only submit the
request (CSR) via our online request forms. We do not accept CSR's via
email.
At this point you will decide what encryption strength your private
Key and CSR will be set at. It is advised to choose a 1024-bit key
size. Please note that you can choose a larger key size although some
browsers may have difficulty making a session with a bigger key size.
Do not check the option ‘Select cryptographic service provider (CSP)
for this certificate’.
You have now created a public/private key pair. The private
key is stored locally on your machine in the MMC, and is used for
decryption. The public portion is sent to thawte in the form of a
Certificate Signing Request (CSR), and will be used by your users to
encrypt the data they send to your site.
You will now create a
Certificate Signing Request (CSR). This information will be displayed
on your certificate, and identifies the owner of the key to users. The
CSR is only used to request the certificate. Certain characters must be
excluded from your CSR fields, or your certificate may not work.
You should enter the company name as it appears on your official
company registration documents. The organization unit is optional but
IIS 6.0 makes this field compulsory therefore please specify an
organization unit.
The term "common name" is X.509 speak for the name that
distinguishes the certificate best, and ties it to your Organization.
Enter your exact host and domain name that you wish to secure. Example:
If you wish to secure www.mydomain.com, then you will need to enter the
exact host (www) and domain name (mydomain.com) in this field. If you
enter mydomain.com then the certificate issued to you will only work
error free on https://mydomain.com. It will cause a certificate
mismatch error when you or your users access the domain via https://
www.mydomain.com.
Enter your country, state or province and locality or city.
Enter the file name for the certificate request (CSR) and the
location of where you would like to save the file (we recommend you
click the ‘browse’ button and select a location to save the CSR file
to). Then click "Nextâ€.
The next page will display the summary of the certificate request.
Click on 'Finish' to complete the "Web Server Certificate wizard".
If you create a new CSR, or new Key for the same web site, you will
overwrite the ones you used to request your certificate. If that
happens, you cannot use the certificate we issue you and will need to
request a reissue. Please ensure you have a backup of your private key
in case it is lost or overwritten.
Please backup your private key using the instructions at the following link:
http://support.emerge.com.my/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=217
