Thawte SGC Super Certificates
Security Brigade Logo
Services | Products | Compliance | Training | Home | Clients | Contact Us
Menu
Services
Products
Training
Compliance
Whitepapers
Case-Studies
News
Media
Contact Us

Clients / Partners

Search
SGC SuperCert

Overview

This product is a Web Server certificate that conveniently allows you to secure multiple sub domains on one domain on the same server using *.domain.com pattern for the common name. Your customers will no longer need to spend time, money and effort on obtaining certificates for all their hosts on a domain.

The thawte's Wildcard Certificate offers comprehensive authentication procedures (domain name and identity verification). It also offers 256, 128, 56 or 40-bit encryption depending on your client's browser capability and the cipher suite installed on your web server. This ensures that information is kept private between your web server and your clients' web browsers.

  • Encryption - 256-bit with lowest possible encryption level of 128-bit protection for 99.9% of users even with older browsers.
  • Browser Compatibility - Highest in industry.
  • Certificate Details - Domain and identity authentication and verification.
  • thawte Trusted Site Seal - Included (available in 18 multiple languages).
  • Free Reissues - Yes - unlimited for the lifespan of the certificate.
  • Technical Support - Free, 24/5 multi-lingual for all global time zones.
  • Secures Internationalized Domains - Yes - thawte is the first Certification Authority to have all its SSL certificates support IDNs character sets.
  • Time to Issuance - Within minutes of completing enrollment.
  • SGC Technology - Yes – only a few CAs can offer this.
  • CRL - Yes - Certificate Revocation List fully supported.
  • Online Certificate Status Protocol - Yes.

Features

thawte's SGC SuperCert certificates enable more Windows 2000 users (without Service Pack 4 or the high-encryption pack installed) and others to connect with 128-bit encryption. The difference means tens of millions more users worldwide would get 128-bit encryption, if all e-commerce businesses used SGC.This was emphatically confirmed by an independent study conducted by the Yankee Group in September 2005. During the study the security consultants examined 23 combinations of client configurations and four typical web servers, running no less than 368 tests and using video to document results.

In the 1990s, the US government imposed restrictions on exporting strong cryptography to other countries. The restriction meant that software implementing SSL, such as web browsers, operating systems and web servers, had to limit encryption to weak algorithms and shorter key lengths if it was sold for use outside the United States. Lawmakers included an exception for financial transactions to ensure that customers worldwide could safely transact online using strong encryption.

SGC was created as an extension to SSL for consumers with export versions of web browser software to use strong cryptography for financial transactions. US export laws were upheld by issuing SGC certificates only to eligible financial institutions, creating an enforcement point at the server without any impact to the client. The restrictions on export of strong encryption have since been lifted, and SGC certificates may be issued to any institution.

Restrictions on encryption are evident in old versions of Windows 2000 running Internet Explorer that are still in use. Consumers and e-commerce vendors, particularly those outside the United States, are still using weak encryption, despite the fact that safer, stronger alternatives are available.

Although newer versions of Windows 2000 provide these features, millions still use old versions. Users who are still using old browser versions that only provide weak 40-bit or 56-bit encryption can gain full-strength 128-bit encryption when conducting business with SGC-enabled web sites.

With SGC, browser and operating system versions - whether exports or domestic - that would otherwise connect with weak encryption are afforded much stronger security. Until older versions of browser and operating systems disappear completely, SGC certificates can protect this portion of the user population.

Benefits

Discover how thawte's SGC SuperCert certificates allow every site visitor to enjoy the strongest SSL encryption available to them, regardless of their browser version or operating system.

Unlike normal SSL certificates that are only capable of negotiating with an internet browser to establish the strongest possible encryption that both the server and the browser can agree upon, SGC-enabled SSL certificates can, in very specific instances, automatically step up a browser to 128-bit. With the proper cipher suite installed on the server it would be possible to provide 256-bit encryption.

Essentially, unlike most other SSL certificates, SGC-enabled SSL certificates can help older browsers overcome prescribed limitations that have been programmed into them, which would otherwise restrict these browsers to connect at weaker 40 and 56-bit encryption levels.

For your business this means that with an SGC-enabled SSL certificate installed on your server, your customers will be able to connect at 128-bit encryption level even if they use certain older versions of Windows and Internet Explorer browser.

256-bit encryption can be achieved if the user's browser capability and the cipher suite installed on the web server are both 256-bit compatible.

In an independent study conducted by the Yankee Group in September 2005 it was shown that SGC-enabled certificates enable more Windows 2000 users (without Service Pack 4 or the high-encryption pack) to connect with 128-bit encryption. The difference means tens of millions more users worldwide would get 128-bit or higher encryption if all e-commerce businesses used SGC. This means greater security for more customers and for your business.

Greater security equates with more trust from users. According to a survey conducted by Questus, as many as 17% of internet users leave e-commerce websites simply because they have perceived them as being untrustworthy or not secure. So, ask yourself, are you doing enough to build confidence and trust in your users?

Support

thawte offers the same premium level of support across all products. As a thawte customer you will have FREE access to:

  • Full and unlimited online support for the lifetime of the certificate
  • Multi-lingual global support in 28 languages
  • Live online chat for sales and certificate order processing
  • 24 x 5 technical support
  • Unlimited access to thawte's extensive online knowledge base
  • Highly trained and dedicated support staff

Can you get the after sales technical support you need?

Depending on your level of experience in working with digital certificates, you may require assistance at various stages throughout the lifecycle of the product, from the initial request for a certificate to installation, renewal and possible reissuance of a certificate if required.

thawte has the support capabilities to assist you during the initial sales process as well as more unforeseen circumstances such as server migration, where competent support is always the most valuable. Most importantly, thawte's technical support is FREE and available globally 24 x 5.

Technical Details

thawte's SGC SuperCert certificates enable 128-bit SSL sessions in older browsers that are usually restricted to 40/56-bit encryption. The difference between SGC SuperCerts and normal SSL Web Server Certificates is that whenever one of these older browsers connects to a site that has a SGC SuperCert installed, the SSL session will be automatically 'stepped-up' to 128-bits, instead of being negotiated at an encryption level that the browser has been defaulted to (40/56 bits).

Certificate Signing Request (CSR) File
The process of applying for a thawte SGC SuperCert begins with the completion and submission of a Certificate Signing Request (CSR) file. thawte then verifies your identity, and when satisfied, signs that request file, using the trusted thawte CA root key, and issues it to you as your certificate.

Valid Certificate Request Formats
When we issue your certificate it will contain two critical pieces of information about you. The first is the "Distinguished Name", which is a set of values that describes your country, state or province, city or town, organisation, division within that organisation and your web server domain name. The second is your public key.

Keys
Session keys are made up of a public key (issued to you with your SGC SuperCert) and randomly selected private keys created by each browser when it connects to your server. Session keys are used to encrypt and decrypt data (transmitted to and from the server) after the initial browser/server 'handshake'. (A session key is not your Server Certificate key, which is either 1024-bit, or 512-bit).

Compatible web servers
Please note that the SGC SuperCert is chained, therefore please check that your web server supports Certificate chaining. Click to download a complete list of compatible web servers.

Upgrading Browsers
Those running 3.x generation browsers can upgrade their security to the same level as that supported by 4.0 generation browsers. The process takes about 2 minutes and ensures that your browser works with the tens of thousands of thawte certified secure servers out there. You only need to do this once for your browser to be updated permanently!

Copyright 2006 Security Brigade