This article explains how to install the new 2048-bit security CA by Thawte. All new certificates will need this CA in order to function properly.
Dedicated, Colocated, and Virtual Machines running the Windows Operating System.
In order to install the new CA certificate from Thawte, please follow the steps below.
- First, ensure that the SSL certificate needs the new CA. To verify, go to Thawte's SSL Checker Page and enter in the fully-qualified domain of the SSL. If the test passes, the new CA is installed already. If not, proceed with the steps below.
- Log into the server via Remote Desktop as an administrator.
- Determine which type of SSL your SSL is by going to the SSL type validator page and filling in your domain name. The most common one we issue is Thawte 123 Certificates.
- Download the new CA from this link.
- Once downloaded, install the new CA. To start, navigate to Start > Run and type mmc. From the File menu, click Add/Remove Snap-In and choose Certificates as the snap-in using your computer account. Click OK.
- Expand Certificates > Intermediate Certification Authorities and right-click on the Certificates folder to choose All Tasks > Import.
- Browse to the location of the new CA you downloaded in Step 4.
- Select the option to Place all Certificates in the following store and select Intermediate Certification Authorities. Click OK, Next, and Finish.
- Next you will need to remove the old Thawte CA. To do so, expand Trust Root Certification Authorities and click on the Certificates subfolder.
- Find the certificate issued to Thawte Primary Root CA with a expiration date of 17th July 2036.
- Right click this certificate and choose Properties.
- In the Certificate purposes section, select Disable all Purposes for this Certificate and click OK. The new CA is now installed fully and can be checked following Step 1's SSL Checker page.