|
Key and CSR Generation Instructions
An Important Note Before You Start:
By far the most common problem users have when going through this process is related to private keys. If you lose or cannot access a private key, you cannot use the certificate we issue to you and will need to request a free reissue. To ensure this never happens, we advise that a backup of the private key file is made and that a note is made of the password that is used to protect the export of the private key.
Note: In the interest of better security and the enablement of greater trust, we have decided that 1024-bit keys will now be the minimum strength used in the issuance of thawte digital certificates.
Under Administrative Tools, open the Internet Services Manager. Then open up the properties window for the website you wish to request the certificate for. Right-clicking on the particular website will open up its properties.
Click the Directory Security tab and then click on the "Edit" button in the Secure communications section.
Click the “Key Manager” button to start the Web Site Certificate Wizard.
Select the WWW service. Click on "Key", then select "Create New Key…”.
Select "Put the request in a file that you will send to an authority" and give your file a path and a name that you will remember (we recommend you click the ‘browse’ button and select a location to save the CSR file to). Then click "Next".
Note: If you forget this password you will not be able to install your certificate. This password is kept locally and thawte does not come into contact with it. If you forget it, we cannot tell you what it is and you will have to reissue your certificate (This can be done for free).
You should enter the company name as it appears on your official company registration documents. The organization unit is optional but IIS 4.0 SP6a makes this field compulsory therefore please specify an organization unit.
The term "common name" is X.509 speak for the name that distinguishes the certificate best, and ties it to your Organization. Enter your exact host and domain name that you wish to secure. Example: If you wish to secure www.mydomain.com, then you will need to enter the exact host (www) and domain name (mydomain.com) in this field. If you enter mydomain.com then the certificate issued to you will only work error free on https://mydomain.com. It will cause a certificate mismatch error when you or your users access the domain via https:// www.mydomain.com.
Enter your country, state or province and locality or city.
Fill in your name, email address and phone number. This information is not entered into the CSR therefore is not important although in order to complete the certificate request process you must fill in these details.
Now you have created your CSR. Click on "Finish" to complete the process.
This is a very important step in the process. Do not forget to Commit Changes before you exit. If you don't commit changes your private key will not be saved to the registry and the certificate you ultimately receive from thawte will not install and you will need to have it reissued.
If you create a new CSR, or new Key for the same web site, you will overwrite the ones you used to request your certificate. If that happens, you cannot use the certificate we issue you and will need to request a reissue. Please ensure you have a backup of your private key in case it is lost or overwritten.
Please backup your private key using the instructions at the following link: http://www.thawte.com/support/backup.html
To submit the CSR for processing you should start the certificate enrollment process at the following link:https://www.thawte.com/buy
Note: If you have a SPKI or Reseller account please submit the CSR through the enrollment process in your account.
If you encounter any problems, or errors when going through these steps, please read our IIS 4.0 FAQ’s.
| 
