Clyde... Renewing a VeriSign Certificate


This page is aimed at Concordia University Webmasters who need to renew an existing web site certificate for their secure (SSL) web server.

Note that VeriSign has subcontracted to Soltrus for Canadian operations.

Before you start

A few browser issues: first, you must have JavaScript turned on in your browser, at least for the domains "digitalid.soltrus.com" and "servicecenter.verisign.com". Second, if you use non-standard browser colours, be aware that Soltrus sets the background to white without also setting the text colour, which can cause problems if your settings are for "pale-on-dark". Finally, I couldn't get this page to work at all with Konqueror; I had to use Netscape.

Step 1: Create your CSR

If you still have the CSR you created when you first applied for your web server certificate (and the information in it is still valid), you can re-use it. Otherwise, you must create your CSR (certificate signing request) as per the instructions in the Soltrus step 3, or available from Soltrus at:

Remember to make a note of the "common name" (server name, something like YOURHOSTNAME.concordia.ca).

Step 2: Decide on a challenge passphrase

Come up with a challenge passphrase; this is a kind of password which you will need to have in the future when you need to deal with VeriSign about your certificate, so keep this passphrase in a secure place. Again, you can re-use the one you used last time if you like. Keep the passphrase shorter than 30 characters; experience shows that a longer one may cause problems with the Soltrus system later.

Step 3: Fill out the Soltrus forms, part 1

Go to the Soltrus renewal procedure pages, which start at:

and start paging through their "standard" application. You'll need to enter the "common name" ("YOURHOSTNAME.concordia.ca") of your web server, click renew, and submit the challenge phrase you set when you ordered your current certificate.
The rest of this procedure needs to be reviewed; I was unable to test it in May 2002 because I ran into problems with a long passphrase!

In their step 5, use the CSR you just generated (or the one you generated when you initially applied for a certificate).

Step 4: Fill out CIBC's forms, part 2

Fill out the form in step 6. Here's the information you'll need:

Within a couple of hours, you (the technical contact) should receive an e-mail message from VeriSign. This message will contain an important piece of information:

Step 5: Notify our organizational contact of your application

Soltrus will telephone Steve Bush (Concordia's organizational contact) to confirm the information on your certificate application, so you must make him aware of your application. Send e-mail to steveb@alcor.concordia.ca, containing:

Step 6: Get a purchase order

Send a purchase requisition to the Concordia Purchasing Department, as follows:

     Vendor:         Soltrus
                     P.O. Box 69534
	             Willowdale, ON
		     M2M 4K3
                     Fax: 1 877 862-2270

     Order:        1 Secure Server ID *** RENEWAL ***
                     NO DELIVERABLE.  * Please fax immediately. *
                     Make very sure this info appears on P.O.:
                     common name: YOURHOSTNAME.concordia.ca

Note the presence of your "common name" (YOURHOST.concordia.ca) on the requisition.

Step 7: Fax the P.O. number

Have Purchasing fax your Purchase Order to: 1-877-862-2270, reminding them to make sure your "common name" (YOURHOST.concordia.ca) appears prominently on the purchase order.

Step 8: After you have completed your order

Once Soltrus has received your order, usually a few hours after Purchasing has faxed your P.O. number, you will receive by e-mail your new certificate, along with pointers to instructions on how to install it. Install it.

Also, I'd appreciate it if you'd let me know that you are running a secure web server and have (or have not!) purchased a VeriSign certificate; I'm keeping a list of secure web servers at Concordia for statistical purposes, and also because if there turn out to be many such sites, we may be able to get better prices on the certificates.


Copyright, © 2005, Concordia University, (IITS).
Author: Anne Bennett
Credits: (none)
Maintained by: webdoc@clyde.concordia.ca
Last update: 2002/05/04 -- Anne Bennett

  [Clyde Home]