SSL Certificates for UWO web servers.

SSL has taken off in the web world and a need for signed SSL certificates has arisen on campus. To provide a streamlined aproval process for getting a certificate signed, UWO has signed up for the Enterprise PKI solution from Thawte Certification. This agreement between UWO and Thawte allows a local  represntative to approve signing requests from on campus. This removes the sometime lengthy and complex aproval process that would be required without this agreement.

Importance of a Signed Certificate

A signed certificate must be given its proper importance. Thatwe Certification required a strong aproval process in order to maintain a good reputation as a Certificate Authority (CA) out in the internet. Abuse of the Enterprise PKI solution may cause harm not only the UWO but also Thawte Certification and all the other Internet Parties Thawte certifies. Therefor it is important that the certificates be treated with a strong improtance. Consider them official documents of the University to be protected and used properly.

Instructions for generating a certificate signing request (CSR) and getting a signed certificate.

There are many different types of web servers out there and each has a different method for generating a CSR. Please select the type of web server you are using. If it is not on the list then please use the generic instructions.

How does the Enterprise PKI solution work.

Most of the work required to get a Signed SSL Certificate is in the hands of the requestor (you). Thawte has provided a robust web interface in which certificate requests can be submitted and approved. The turn around time of this process can be as little as 1 working day. Here is the basic process flow for generating a CSR and getting it signed and installed.
  1. Requestor generates a Private Key and Certificate Signing Request (CSR)
  2. Requestor submits the CSR through a web form provided by Thawte.
  3. Thawte verifies the certificate and sends an E-mail to the local Enterprise Security Officer (ESO)(ITS representative)
  4. The ESO logs into the Thawte Enterprise PKI console through a web interface and retrieves information about the CSR
  5. The ESO verifies the information and contacts the people involved to verify they submitted the request. Arrangements for payment are made at this time.
  6. The ESO approves to CSR.
  7. Thawte signes the Certificate and sends E-mail to the requestor informing them the certificate is ready.
  8. Requestor retrieves the certificate through a URL provided in the E-mail from Thawte. Installation of the certificate is done by the requestor.

Pricing Information.

Thawte currently charges $100 US per year for a signed certificate and this charge is passed on to the requestor. ITS will require a PeopleSoft account number to charge this fee to. It will be converted into Canadian funds on the day of purchase using the exchange rate given on the Finace Departments web site.
 

Additional Information.

If you have any questions about this process please send them to web-certificates@julian.uwo.ca. Additional information on the Enterprise PKI solution can be found at Thawte Certification.