SSL Certificates
Frequently Asked Questions:
How do I generate a Certificate Signing Request (CSR)?
Consult the documentation for your particular web server, as each one is slightly different. Thawte offers instructions for various packages at http://www.thawte.com/html/SUPPORT/keygen/index.html to help you.
My server has an "alias" and a "real" name... which one do I use for the server name (Common Name) in the CSR?
Generate the certificate request using the name that visitors will type, (and the name that links referring to your site use), to prevent client browser warning messages.
Should I call the Security Office to let them know I've requested a certificate?
There is no need to, they are automatically notified by Thawte of a new certificate request.
What domains are eligible to use this service?
The University of Iowa owns the uiowa.edu, uiowa.org, uiowa.net, and uiowa.com domains, which are all registered to our Enterprise PKI at Thawte. All systems within them are eligible to request certificates through this service.
What's up with the SuperCerts? Can we get one?
SuperCerts are designed to allow international browsers to use strong (128-bit) encryption, instead of 40- or 56-bit encryption. The standard SSL server certificates offered in this program provide 40-, 56-, and 128-bit encryption for domestic browsers, and 40- or 56-bit for international browsers.
The University of Iowa does not qualify for SuperCerts, so you can't get them through this program.
How many certificates can my department get through this service?
The service is funded to subsidize a "reasonable" number of certificates for the campus. Larger departments running many web servers may not get 50% funding for all of their servers. It will be reviewed on a case-by-case basis.
What if I make a mistake on the certificate request?
Please read and follow the instructions carefully. If duplicate certificate requests are received they will be billed at the full cost instead of at the discount rate.
What if I lose my password for the certificate?
If you click the Lost Password link and fill out the information, a new password will be e-mailed to the relevant contact for that request.
How do Thawte certificates compare to Verisign certificates?
Certificates generated and issued by these Certificate Authorities provide the same level of security. Both companies have their root CA certificate installed in standard browsers. Users and administrators should see no functional difference.