A Digital Certificate is a document which gives your customers the assurance that your Web Site is legitimately yours and not an impostor's. A Digital Certificate will also provide you with a legal basis for transactions on the Internet. The Secure Server (httpsd) that we provide has a Digital Certificate embedded in the binary. This certificate contains information about who owns the certificate (company name, domain name, contact address, etc) as well as information about the issuing authority (VeriSign, Thawte, etc). Because the certificate is embedded in the web server binary, you can only support one Digital Certificate per Virtual Server. Therefore, virtual hosts which share the same Virtual Server, must also share the same Digital Certificate. Additional information about Digital Certificates is presented below in the following sections:
The Default Digital Certificate It really isn't necessary to order your own Digital Certificate. You can instead use the default Digital Certificate included with your Secure Server. As was stated earlier, the Digital Certificate includes information about the ownership of the certificate. When your clients visit your Secure Web Site, their browser (Navigator, MSIE, etc) will check the domain name on the certificate to see if it matches the site name included in the URL. If a match is not found, a warning is generated and displayed to your client. The warning states that the domain names do not match and that "it is possible, though unlikely, that someone may be trying to intercept communication with this site" (taken from Netscape Communicator 4.04). Actually, the domain name mismatch in no way hinders the security of the transactions. The warning simply notes that the domain name included with the Digital Certificate ownership information does not match the domain name of the web site requested. The transaction is still secure. Even though the warning is couched in "unlikely" terms, many of your clients may feel uncomfortable conducting a transaction with you after such a warning is generated. There is a way around this warning for all browsers which support Thawte signed certificates (MSIE 3.0+, Netscape 3.0+) which still insures complete integrity of the secure transactions. The "default" Digital Certificate installed with your Secure Server is owned by our parent company, Daze Networks, Inc., which uses the domain name "securenow.com". If you would like to use this domain name to avoid purchasing your your Digital Certificate, we can set up a CNAME in the securenow.com zone file for your account (standard DNS configuration charges apply). This CNAME will have the form "[account-name].securenow.com". For example, if the account name for your Virtual Server is "numax" then a CNAME "numax.securenow.com" can be set up for your use. You can then access your Secure Server without generating a warning by referencing https://numax.securenow.com/. An example of this reference is illustrated below:
Of course, you may setup a similar service for your virtually hosted clients by ordering your own "wildcard" certificate from Thawte for your domain name. If you would rather not use the default Digital Certificate (securenow.com), of if you would like to order a wildcard certificate from Thawte, then please refer to the sections below for more information about ordering your own Digital Certificate. Ordering Your Own Digital Certificate There are several companies that issue Digital Certificates--they are known as Certificate Authorities (CA). The two largest and most widely supported issuing authorities are VeriSign and Thawte. The Verisign certificate price schedule is somewhat higher than that of Thawte, but the VeriSign certificate is supported by a larger number of the older browsers. To order and install a VeriSign or Thawte digitally signed certificate you will need to do the following:
| ||||||||
![[Legal Notice]](/images/copyrite.gif){kind=small}
