SSL Certificates

Is this product right for my business?

Your choice of digital certificate depends mainly on whether your customers require identity assurance. This facility comes standard with both the SSL Web Server Certificate and the SGC SuperCert. After a stringent verification process, your company details are added as part of the certificate contents. Having established the need for either of these certificates, answering ‘yes’ to any of the following questions will indicate the need to install a thawte SGC SuperCert rather than a thawte SSL Web Server Certificate:

• Do you have an international audience/customer-base?
• Do you need to ensure that you are providing the best possible encryption for each and every visitor to your website?
• Do you conduct medium to high value e-commerce transactions via your web interface?

thawte's SGC SuperCert automatically steps up to 128-bit encryption for certain end-users with the Windows 2000 operating system who, in the past, would not receive 128-bit encryption irrespective of the version of Internet Explorer used. The systems affected are those that shipped prior to about March of 2001 and did not subsequently have Microsoft's High Encryption pack or Service Pack 2 installed.

If you require an SSL certificate that offers the highest possible protection in all circumstances, then thawte's SGC Certificate is the right product for you.

What does the certificate do?

A thawte SGC SuperCert enables Server Gated Cryptology (SGC) or "Step-Up" functionality in Netscape or Microsoft browsers, and turns 40-bit and 56-bit browsers into 128-bit strong browsers (IE 4.X or Netscape 4.06 and later) while users are visiting your site. 256-bit encryption can also be enabled if your client's browser capability and the cipher suite installed on your web server are both 256-bit compatible.

thawte is one of the few Certification Authorities (CAs) that have been awarded the trusted status and license rights to use this SGC technology.

When one applies for a thawte SGC SuperCert, the verification and authentication procedure that that particular individual/group/company is subject to is of the very highest standard. In fact, a stringent checklist of activities is undertaken to ensure that you really are who you claim to be. An overview of the validation process is as follows:

• Authentication:
• Company registration details confirmed
• Confirmation that domain is owned by requesting party.
• Verification:
• 3rd party telephone listing used to confirm that the authorized person requesting certificate is employed by requesting party.

The value of this process cannot be underestimated, and it is this that has been the foundation of thawte's enviable reputation as a rock-solid independent Certification Authority (CA).

Technical Details

thawte's SGC SuperCert certificates enable 128-bit SSL sessions in older browsers* that are usually restricted to 40/56-bit encryption. The difference between SGC SuperCerts and normal SSL Web Server Certificates is that whenever one of these older browsers connects to a site that has a SGC SuperCert installed, the SSL session will be automatically 'stepped-up' to 128-bits, instead of being negotiated at an encryption level that the browser has been defaulted to (40/56 bits). * (IE 4.X or Netscape 4.06 and later)

Certificate Signing Request (CSR) File
The process of applying for a thawte SGC SuperCert begins with the completion and submission of a Certificate Signing Request (CSR) file. thawte then verifies your identity, and when satisfied, signs that request file, using the trusted thawte CA root key, and issues it to you as your certificate.

Valid Certificate Request Formats
When we issue your certificate it will contain two critical pieces of information about you. The first is the "Distinguished Name", which is a set of values that describes your country, state or province, city or town, organization, division within that organization and your web server domain name. The second is your public key.

Keys
Session keys are made up of a public key (issued to you with your SGC SuperCert) and randomly selected private keys created by each browser when it connects to your server. Session keys are used to encrypt and decrypt data (transmitted to and from the server) after the initial browser/server 'handshake'. (A session key is not your Server Certificate key, which is either 1024-bit, or 512-bit).

Compatible web servers
All browsers from IE 4.x or Netscape 4.06 and later should work with the SGC SuperCert. Please note that the SGC SuperCert is chained, therefore please check that your web server supports Certificate chaining. Click to download a complete list of compatible web servers.

Upgrading Browsers
Those running 3.x generation browsers can upgrade their security to the same level as that supported by 4.0 generation browsers. The process takes about 2 minutes and ensures that your browser works with the tens of thousands of thawte certified secure servers out there. You only need to do this once for your browser to be updated permanently!