Web Server Certificates:
3.x Root Rollover

People running 3.x generation browsers can upgrade their security to the same level as that supported by 4.0 generation browsers.  The process takes about 2 minutes and ensures that your browser works with the tens of thousands of Thawte certified secure servers out there, well into the next century. You only need to do this once, preferably before July 27 1998, for your browser to be updated permanently.  If you have already done so then you can ignore this page!

Netscape Navigator 3.x

With Netscape Navigator 3.x you must first delete the old root and then install the new one. To do this follow these quick steps:

  1. Choose Options, Security Preferences. 
  2. Select the "Site Certificates" tab.
  3. Find the entry marked "Thawte Server CA".  Delete that certificate. 
  4. Close that dialog box. 
  5. Now point your browser at http://www.thawte.com/serverbasic.crt and accept the new root certificate.  You will be asked for a nickname, use "Thawte Server CA".  This certificate is identical to the last one, except that it is valid till 2020 and is the same as the certificate in Communicator 4.x.

Microsoft Internet Explorer 3.x

Even though the versions of IE 3.x that ship with the Thawte root (should be IE 3.01 and IE 3.02) use the old root, they are not affected by the expiration in July, because that browser does not check root expiration dates, only cert expiration dates.  If you see an error message when you try to connect to a Thawte secure site with IE 3.x it can probably be fixed by following these steps:  This only works on IE 3.x on Windows95 or NT 4.0.

  1. Point your browser at http://www.thawte.com/serverbasic.crt
  2. Choose "Open File" if you are asked, then "Accept and Enable", "OK".  
  3. Now restart IE.  You should now have a "Thawte Server CA" entry that is valid till 2020.

If you have the old root and want to roll it over for completeness you can do that too.   By following these steps.

  1. Choose View, Options, Security, Sites. 
  2. Look for the entry called "Thawte Server CA".  It may or may not be there, depending on your precise browser version and upgrade history.  If it is there, click on it, then click on "Delete" else continue at 3. 
  3. Click on OK. 
  4. Now point your browser at http://www.thawte.com/serverbasic.crt
  5. Choose "Open File" if you are asked, then "Accept and Enable", "OK".   
  6. Now restart IE.  You should now have a "Thawte Server CA" entry that is valid till 2020.

Mac IE 4.x

The version of IE 4.x for the Macintosh (no other platform) ships with both the old and the new roots.  To get it to work, you need to delete the old root.  In your security preferences, find the Thawte Server CA root that expired in 1998 (there should be two of them).  Delete them.  If you are asked for a password, leave it blank.   Do NOT delete the newer roots which expire in 2020.  You will now be able to connect cleanly.

© Thawte Consulting 1998