|Yourfavorite.com supports SSL certificates
issued by Verisign and Thawte. Please be aware that the
company you choose will bill you directly for a Digital ID.
Pricing is per fully-qualified domain name (e.g.
Digital ID, first year: US$349
Renewal Digital ID, annually: US$249
NOTE: $249 applies to
renewals of all IDs issued after 8/18/97. IDs issued
between 8/18/96 and 8/18/97 can be renewed for $75.
Digital ID, first year: US$125
Renewal Digital ID, annually: US$100
for Digital IDs is not set or collected by
YourFavorite.com -- Be sure to check the pricing info
section of the company you chose prior to submitting SSL
requests to confirm the latest pricing.
A note regarding transfers of existing certificates...
If you wish to transfer an existing certificate from
another provider to yourfavorite.com, the certificate can be
transferred if it is coming from an existing Irix box running Stronghold
SSL software. The current system admininstrators will need
to provide us [via the user or reseller] with the private keys as
well as the current certificate. This information must be
submitted to yourfavorite.com's Technical Support department via firstname.lastname@example.org.
If this cannot be done, a new CSR will need to be generated and
the steps outlined below will need to be followed.
If you would like to obtain your own
certificate, please follow these steps:
Complete our Information Form
Fill-out and submit one of the following
information forms to begin the process:
For UNIX hosting accounts:
For NT hosting accounts:
A description of required form fields is listed
The forms listed
above can used to submit requests for both Verisign -AND- Thawte
Please remember that ALL fields on an SSL
request are REQUIRED. If any fields are left blank, we cannot
generate the CSR. The biggest offender for this is the
'Organizational Unit' field. If your client does not have a
specific organizational unit, we suggest using something like
'Secure Services Division'. Incomplete form submissions will be
returned with a request to resubmit accordingly
Receive "CSR" via e-mail from yourfavorite.com
After completing our form, we will gather
information about your site and generate an encrypted Certificate
Signing Request (CSR). The newly generated CSR will be returned to
you via email.
At the same time, a 30-day temporary SSL
certificate is created on the server. This certificate will expire
in 30 days of the date you filled out the form. During this period
of time visitors will be able to access your website securely,
however, visitors will also be able to detect that a temporary
certificate is in place. In addition, visitors may also encounter
a message which indicates that their web browser does not
recognize the authority who signed its Certificate. Regardless, it
is very important that the remaining steps of this procedure be
completed in a timely manner.
Submit your "CSR" to the Verisign or Thawte
Once you have received the CSR, you will
need visit either Verisign or Thawte's website to instigate the
enrollment process. At some point in the enrollment process,
you will be prompted to submit the new CSR through their
enrollment form. The enrollment forms can be found at the
The company you have chosen will generate an
encrypted server "key" and send that to you via email.
When prompted for
the Server Software Vendor, enter "Stronghold C2Net"
If this type is not specified, select "Apache SSL".
Verisign is currently displaying a message
which reads "warning, the certificate that you are requesting
uses a 512 byte key which is insecure". We are advising
customers to submit a request for the 512 byte key. The key is
still very secure and going to a 768 or 1024 byte key will not
increase security considerably but it will impact performance as
the stronger encrytion takes longer. We are researching the impact
of upgrading our servers from 512 byte to 768 or 1024 byte keys.
Receive your server "key" and send it to yourfavorite.com
You should receive your server
"key" via e-mail from either Verisign or Thawte shortly
after you submitted your "CSR" in step 3 above.
Send the "key" to email@example.com
to be installed on the server. Once completed, your
certificate is then activated and you will be able to SSL with
your own certificate. You will receive a notice of
completion from Technical Support when the certificate is
the form fields you will need to complete:
All fields are
Common Name: Your website's
fully qualified domain name (e.g. www.samplecompany.com).
The domain name must be registered to the organization specified
in this field. You cannot use the symbols "*" or
"?" as part of your Common Name.
legal name under which your organization is registered. Do
Organizational Unit: This
is used to differentiate between organizational divisions. A
DBA (Doing Business As) entry is acceptable -or- "Secure
Services Department" is commonly used. Do NOT
City/Locality: Required for
organizations registered only at the local level. Do NOT
complete name of the state or province in which your organization
Country: The two-character
ISO-format country code (e.g. GB for Great Britain, US for the
United States). Click here for a list
of valid country codes.
E-mail Address: Your
"CSR" will be sent to this address.
Technical Contact: The
person who should receive the certificate and who will provide
notice if the Digital ID is compromised. For example, this
may be your organization's webmaster or the appropriate technical
support representative at your Internet Service Provider.
Renewal notices are sent to both the technical and organizational
Organizational Contact: The
person within your organization who will take responsibility for
the certificate and provide organizational information. For
example, this may be your organization's CEO or the appropriate
support person. The organizational contact must be a member of
your organization, not a representative of your Internet Service
Provider. Renewal notices are sent to both the technical and
return to Step 1
A collection of electronic data consisting of a Public
Key, identifying information about the owner of the Public Key,
and validity information, which has been Digitally Signed by a CA.
Certified shall refer to the condition of having been issued a
valid Digital ID by a CA, which Digital ID has not been revoked.
Digital ID Revocation List ("CRL")
A collection of electronic data containing information
concerning revoked Digital IDs.
VeriSign or an entity which is Certified by VeriSign to
issue Digital IDs to Users in a VeriSign Digital ID Hierarchy.
VeriSign is Customer's CA hereunder.
Information encrypted with a Private Key which is
appended to electronic data to identify the owner of the Private
Key and verify the integrity of the electronic data. Digitally
Signed shall refer to electronic data to which a Digital Signature
has been appended.
A mathematical key which is kept private to the owner and
which is used to create Digital Signatures or to decrypt
A mathematical key which is available publicly and which
is used to verify Digital Signatures created with the matched
Private Key and to encrypt electronic data which can only be
decrypted using the matched Private Key.
return to top