Frequently Asked Questions

SSL is an abbreviation of Secure Sockets Layer. It's one of the technologies, which is used to establish a secured encrypted link between a browser & a web server. It's used to secure confidential data such as credit card numbers, passwords, user id, e-mail address, etc. There are several ways to determine whether your website is secured or not. For example, "https" and the padlock icon on the URL bar of the browser, you'll also get a site seal to go with your certificate, & if the website is using the premium certificate, you will also be able to see the verified business name.

Hide

A Domain Validated (DV) Certificate is the easiest and simplest validation style, these types of certificates will allow you to get your site protected in just minutes. As the name states, the Vendor will verify that you've got ownership of the domain that you're wanting to protect. Well it does get the job done, we only recommended this option for websites who are wanting to get their site protected quickly and that don't are just wanting a certificate that will get the job done.

Hide

An Organization Validated (OV) Certificate is the next step up from a Domain Validated (DV) Certificate. With an Organization Validated Certificate the Certificate Authority (CA) will verify that the certificate is going to be issued out to a valid business or organization. The weight carried by an Organization Validated Certificate is heftier than that of the Domain Validated because visitors will know that the site they're browsing is ran by a recognized company in the location they operate.

Hide

An Extended Validation (EV) SSL Certificate is the top dog when it's compared to both Domain Validated and Organization Validated. With an Extended Validation Certificate, the browser will showcase a "verified business name " which will make the site stand out when compared to other competitors, and at the same time put the site in the same family such as PayPal and Twitter. The Extended Validation Certificate carries the most weight due to the vigorous verification process that the business goes through prior to being issued the certificate.

Hide

To get qualified for the EV certificate it's mandatory that your business is officially registered company by the government.

Note: Sole Partnership and Sole Proprietor registered company of U.K., cannot be qualified for any type of EV SSL certificate.

Hide

All certificates offered by DigiCert, Thawte, GeoTrust, RapidSSL and Comodo will provide coverage for both www and non-www.

Hide

A Wildcard SSL Certificate will provide coverage for your domain (www.yourdomain.com), while at the same time providing coverage for unlimited subdomains such as mail.yourdomain.com, dev.yourdomain.com.

Hide

The certificate title says it all, a Multi-Domain (referred to as SAN) Certificate will allow you to extend your coverage across both other domains, and subdomains with just one certificate. Depending on your chosen brand you might have a limit on the amount of domains/subdomains you can cover, for example both DigiCert and Thawte Multi-Domain Certificates will only allow up to 250 domains in a single certificate.

Hide

The main difference between the two is that a Wildcard SSL Certificates will provide coverage for one domain name (www.yourdomain.com) and an unlimited number of subdomains for that domain (login.yourdomain.com, dev.yourdomain.com, mail.yourdomain.com). As for a Multi-Domain (SAN) SSL Certificate, you're given the option to cover both multiple domains and subdomains in a single certificate (www.yourdomain.com, www.yourdomain.net, login.yourdomain.com).

Hide

To use 256-bit encryption you'll have to edit the configuration for the hosting platform you're using, there's no involvement on the certificate side. To know more about how to set this, you'll have to get in contact with your hosting provider.

Hide

The difference between 1024-bit and 2048-bit is the encoding strength of the Private Key. At the moment 1024-bit is becoming easier to decode which is why we recommend generating your Private Key in the 2048-bit length.

Hide

SHA (Signature Hashing Algorithm), is a type of cryptographic function which is like a proof for the authenticity of the certificate. SHA-1 & SHA-2 are the two different versions of which SHA-1 is older one and outdated. SHA-1 is not trusted these days by major web browsers or the experts, whereas SHA-2 is the latest version these days. Whether it's regarding to experts or web-browsers.

Hide

If the Sole Proprietors are not from the U.K. they can get qualified for both OV & EV certificates. Though Sole Proprietors of the U.K. cannot be qualified for EV certificates & for OV certificate they have to provide some additional documents.

Hide

A Certificate Authority (CA) is the issuer of SSL Certificates, GeoTrust, RapidSSL, Thawte and DigiCert are all considered to be a CA. SSL Renewals falls into the equation as we're a platinum partner reseller of GeoTrust, RapidSSL, Thawte and DigiCert. By being a platinum partner we're able to extend the same offerings as the Vendor, but at a lower cost and guidance throughout the entire SSL process.

Hide

All the Certificate Authorities (CAs) that we carry are industry leaders and trusted world-wide. DigiCert is the largest CA in the world and offers the DigiCert Smart Seal, which is the most recognizable symbol across the web when it comes to trust and security.

Hide

Yes, all of the Certificate Authorities (CAs) that we offer on our site have their root included with 99% of all browsers and mobile devices.

Hide

The warranty that is offered with your SSL certificate is coverage in case of any damage that is caused by any data breach or hack that is caused by any flaw in the certificate. As you move up the chain of validation types (DV, OV, and EV) your protection will increase to be more in line with the validation type.

Hide

Browser recognition or ubiquity is one of the terms which can be used to describe that how many browsers are able to recognize & trust an SSL certificate. So you can say, if the browser ubiquity is higher of an SSL certificate then more browsers will be able to accept and recognize it.

Hide

It depends on which SSL certificate you are choosing, usually our certificates comes with 1 to 2 years of validation. As per the Certificate Authority / Browser (CA/B) Forum, an EV, OV and DV certificates of GeoTrust, Thawte, DigiCert, RapidSSL & Comodo are issued maximum for 2 years.

All certificates that we sell are capable of being purchased in increments ranging from 1 year up to the maximum amount of 2 years. However as per the guidelines set by the Certificate Authority / Browser (CA/B) Forum, an Extended Validation Certificate can only be issued out with the maximum amount of time of 2 years.

Hide

An Intermediate certificate is a file which helps the web browser to recognize who has issued the SSL certificate. It's not mandatory to have it, but it's advisable to install it along with your SSL certificate to enjoy the full compatibility among more browsers and mobile devices.

Hide

An intermediate certificate is generally sent with your certificate via email once it's issued. Another option is that you can directly download from the website of the vendor, which is useful when you don't receive in an email. It is referred to as "CA Bundle." One thing to note is that some of the certificates may have more than one intermediate certificate.

Here are some of the links, which you can use to download your intermediate certificate from the website of the vendor –

• https://knowledge.digicert.com/generalinformation/INFO657.html
• https://knowledge.digicert.com/generalinformation/INFO1421.html
• https://knowledge.digicert.com/generalinformation/INFO3805.html
• https://knowledge.digicert.com/generalinformation/INFO1548.html
• https://support.comodo.com/index.php?/comodo/knowledgebase/list/Index/71

Hide

Yes, SSL can be used to cover an internal domain, but it has to be an official registered domain (FQDN which is publicly available). The Certificate won't be issued if it's not a registered domain.

Hide

If the hosting platform you are using or the company says you can only go for one certificate file, then another option is that you can combine your server certificate with the intermediate file into one file.

Hide

The difference is of key lengths which are used after an SSL connection has been made in the browser. Though 256-bit security key is bigger, but it's similar to 128-bit key when it comes to level of security. The reason behind using 256-bit key is only if it's mandatory by the policy of your company or industry.

Hide

All Multi-Domain certificates available on our site support up to 250 additional domains.

Hide

Unified Communications (UC) is a new type of SSL certificate which is designed especially for Microsoft products like Microsoft Exchange 2007 & Microsoft Office Communications Server 2007. The biggest difference between a UCC SSL and a standard Multi-Domain certificate is that UCC offers security for both internal networks as well as external domain names.

Hide

It's one of the certificates which offers security for both multiple domains and their related sub-domains.

Hide

Its name says it all, it should remain confidential. Apart from you only hosting company is the one who can know your private key & that also if they ask for it. It should not be deleted as it's mandatory to make your certificate work.

Hide

If you're looking towards getting your certificate urgently, you can get in contact with us with the details of your order with your request, and we'll work with you on getting it expedited for you.

Hide

If you are not aware about your Control Panel/Server, it's advisable to contact your IT department or your web hosting service provider to get this information.

Hide

If you want to change the method of Domain Control validation from file-based to email-based, you can do that with any of the SSL certificates we offer.

Hide

There's no need to provide any specific documents to purchase your Domain Validated (DV) certificate. What you all have to do is provide a confirmation through an email or by a simple file-based authentication that proves you own the domain for which you want the coverage for.

Hide

In order to purchase Organization Validated (OV) certificate you have to provide the information regarding your business registration. If the online verification is possible by Certificate Authority (CA) then there won't be any need for addition documents. If the online files are not correct or something is missing, then they will ask for the government based registered documents, which differently depends on the case. The Vendor will also attempt to search for a 3^rd party telephone listing related to the domain to complete the telephone verification.

Hide

Extended Validation certificates have a more strict verification process compared to OV certificates. You'll first want to review the process for getting an OV certificate verification. It's true that EV certificates ask for some extra steps which includes physical as well as operational existence & apart from that a telephone call has to be made directly to Certificate Authority (CA).

Hide

In this you will get two different types of validation methods. You can go for a certificate individually or you can even go as an organization. If you are applying as an organization name, it's better you check all the OV requirements which are mentioned in the above question. If you go as an individual developer, the simple procedure of completing a form to do your identity verification will be asked by the Certificate Authority (CA). Apart from that, it has to be notarized by an advocate, CPA or any public notary. Additionally you have to give a scanned government issued ID and additional documents can also be required depending upon the CA.

Hide

Some of the reasons which can be possible that you didn't receive your Domain Validation email are like you might have not done the proper verification of the Domain Control Validation email (Note: this email address is different from the contact information given during the process of registration.) Or else if you want to change your DCV email address, you can go for email which is given on Whois registration for the domain you want to or else you can even go for the pre-approved 5 email addresses which are given below -

• Admin@domain.com
• Administrator@domain.com
• Hostmaster@domain.com
• Postmaster@domain.com
• Webmaster@domain.com

Apart from that, do not forget to check for Spam or Junk folder of the provided email address.

I would like to change my certificate's common name. The only way possible to change the common name is to cancel and reorder the certificate again. Please note that you can do this only within the first thirty (30) days of purchase.

Hide

It is mandatory to upload the file in the correct directory. In order to check whether the authorization is successful or not, you have to check that file is viewable from at both the end i.e., yourdomain.com/file & subdomain.yourdomain.com/file.

Hide

For the rescheduling of the verification call, you have to get in contact with us and inform us of your availability so we can get in contact with the Vendor regarding scheduling the call. . Note that, all telephone numbers are accepted. The number you are providing should be verified by the Certificate Authority (CA). So, it is good enough to confirm the number on which the call of CA will be received.

Hide

It's mandatory that you get in contact with us regarding your telephone number so we can askwhere Certificate Authority (CA) has found the phone number from and then ask for the proper method to update the correct number or else a new listing. Your provider will be able to provide you proper guidance on how to make a correct listing.

Hide

It all depends upon the type of certificate you have chosen to buy and your response time also matters. Though whatever type of certificate you go for, it is for sure that the Certificate Authority (CA) will contact you directly and thereafter as per your response further steps will be taken. If you go for Domain Validated (DV) certificates, it can be issued anywhere within few minutes to one business day. If you look at Organization Validated (OV) certificate, it takes around 1 – 3 business days and lastly, if you go for Extended Validation (EV) certificates, it takes anywhere between 1 – 5 business days for the issuance.

Hide

If for some reason the Vendor isn't able to verify the information entered during the generation process they'll get in contact with the Administrator contact request the documents. You can directly attach the documents to that email, or if there's any issues or questions about the document you can get in touch with us directly and we'll explain the alternatives to you.

Hide

On a rare occasion you might find that your certificate is marked as "Failed Security Review", this is a status which the Certificate Authorities (CA) systems scan for keywords relating to bigger companies. Often the flag is a false positive and will be reviewed within twenty-four hours

Hide

After the completion of the validation process, you will receive the certificate from the Certificate Authority through email. It's the same email address which you have given as a technical contact. For some reason, if you did not receive it you can login to the client portal and download the certificate from the order detail page.

Hide

Of course you can, whether it's DV, EV or OV certificates, it doesn't matter.

Hide

If you don't recall your login details you can attempt to do a password reset request at the following link -> https://www.sslrenewals.com/forgotpassword.aspx . If you don't remember the email address you signed up with please get in contact with us and we'll work on getting your account all situated.

Hide

Not to worry! You can generate a new certificate signing request (CSR) which will also generate a new private key and perform a reissue of the certificate. To go through the reissue process you'll want to login to your account and go into the order detail page for the certificate and at the bottom click the "Re-issue Certificate" button.

Hide

The easiest way to move a certificate is to generate a new certificate signing request (CSR) on the new machine and to go through the reissue process.

Hide

A Certificate Signing Request (CSR) is a requirement to request a SSL Certificate. The CSR provides information to the Vendor about the requester such as their location, organization, and the domain they're wanting to protect.

Hide

To generate a Certificate Signing Request (CSR) you'll want to figure out what operating system you're using or if you have a control panel. Once you've figured this information out, you can use our Free tool to generate a CSR.

Hide

Once CSR has been created, it's not possible to do any editing in any of its field. It's better to generate a new CSR with correct information.

Hide

It's better you are aware that you have copied the correct file and not your self-signed certificate, your earlier SSL or even if it's bundled as PKCS7 or PKCS12 or it's even possible if you have a pass-phrase without alpha-numeric character or the characters which are invalid. In these types of scenarios you have to generate new CSR in the proper way. Use only English alphabet and number from 0 to 9. Let's say, if your Company Name have "&," write "and."

Hide

If this is the case, then you might have not formatted the common name properly for the type of certificate you have (For eg. *.domain.com should be used in wildcard SSL certificate) or it's possible you might have used invalid characters in some of the fields. The only option you have is to create a new CSR which uses only English alphabet and numbers from 0 to 9.

Hide

Its name says it all. Private Key should remain confidential and should not be shared with anyone unless it is asked by your web host during the installation process, as it's used for server-side exchange for making a secured connection. If you have lost your private key or it's been deleted the choice you are left with is to create a new CSR and private key for your server. Private Key is not provided by your SSL provider or Certificate Authority (CA).

Hide

It's possible one or more required field is missing or CSR might have non-alphanumeric characters in the mandatory fields.

Hide

By reissuing you can add additional domains to the certificate once it's active.

Hide

To solve this problem you'll have to reissue your certificate and new CSR has to be generated.

Hide

You'll want to check if you have any backups of the private key first, but if you're not able to find any you'll want to generate a new certificate signing request and perform a reissue of the certificate.

Hide

If the original private key is available to you on the active server, then you can install it to your new server or you can give it to your new web host. If you don't have the private key, then you'll have to generate a new certificate signing request and perform a reissue of the certificate.

Hide

Generally all technical support mattes relating to your SSL Certificate will be handled by us if the need arises. If you were to get in contact with the Certificate Authority, you'll be informed to get in contact with us to handle your issues. However if you're contacting relating to the validation of your certificate they'll be able to assist for this process.

Hide

When you generated your certificate you entered information for a Technical Contact. The Technical Contact will receive an email containing both the certificate and the certificate authority bundle which will both be needed to install the certificate.

Hide

To install the certificate on more than one server, you'll want to gather together both your private key, intermediate bundle, and the certificate. Once you've managed to get them all together you'll then want to install the certificate on the new server. If you want documentation on how to install you check our knowledge base for documentation on installation.

Hide

The issue is not with certificate but with the browser you are using, which is not able to identify who is the issuer of your certificate. First look for that your visitors are not seeing an outdated or any incorrect type of certificate. After you have confirmed that, it is most likely that the problem will be solved by the installation of the intermediate certificates.

Following are the links which can help you to download the intermediate certificate -

1. https://knowledge.digicert.com/generalinformation/INFO1421.html
2. https://knowledge.digicert.com/generalinformation/INFO3805.html
3. https://knowledge.digicert.com/generalinformation/INFO1548.html
4. https://support.comodo.com/index.php?/comodo/knowledgebase/list/Index/71

Hide

Yes, it is mandatory to use a static IP address in order to use your SSL certificate. If you don't have that, then the only option you are left with is like to assign one through your webserver or you can even buy one from your web host service provider if you are having your own webserver which is usually around about few dollars a month.

Hide

There are several reasons why you'd receive this kind of error message, majority of them actually don't relate to the certificate at all, but more so the server you're using. To diagnosis this issue you'll want to conduct a SSL Labs (https://www.ssllabs.com/) test to see where the issue is coming from and how you need to address the issue.

Hide

What this error means is that the domain which the browser is attempting to visit is pull a certificate for another domain name that isn't tied to the one being pulled up. Another reason for this is that your site could be using the default certificate that's provided by either the host or self-signed by the server. To correct this you'll want to make sure that the certificate is installed on the correct domain that you've gotten the certificate issued to.

Hide

When you experience this issue, it's primarily due to the intermediate file might have not been installed. The error can be resolved by installing them. Below are some of the links from where you can find and start the installation process of the intermediate certificate & lastly you can always look out towards contacting your SSL provider.

1. https://knowledge.digicert.com/generalinformation/INFO1421.html
2. https://knowledge.digicert.com/generalinformation/INFO3805.html
3. https://knowledge.digicert.com/generalinformation/INFO1548.html
4. https://support.comodo.com/index.php?/comodo/knowledgebase/list/Index/71

Hide

You can always look on our SSL checker tool in order to make a test that your SSL certificate is installed correctly. Here is the link - Click here to verify your SSL installation.

Hide

A renewal is nothing but purchasing all over again. The word "renewal" is simply an industry word which is used by all providers in the Industry. To renew your certificate you have to go through all the same process. Whenever you get an access for "renewal" option while buying SSL certificate, be sure to get the remaining time carried forward from the certificate which is about to get expired to your new renewal certificate.

Hide

We recommend generating a new CSR at the time of renewal for security reasons, however you're capable of using the original CSR if you decide.

Hide

It all depends upon the information provided at time of renewal. The Certificate Authority (CA) can use some of the earlier parts of the information which was confirmed. If the order is of EV, it's mandatory to have valid documents of more than 13 months for the completion of business validation again. Whereas if you go for OV, then CA can make use of the earlier valid data for up to 27 months from the date of original order. Most importantly, if any of the information regarding your organization changes, you have to provide those documents as well.

Hide

When you go through the renewal process it's similar to how you purchased your certificate the first time, most often people forget the fact that they have to generate the certificate again. If you've already generated the certificate, you'll want to check that you've completed all the validation steps for the certificate. After the certificate is issued, you'll need to install new one over the old existing certificate. The reason for having to install it again is because the certificate is hard coded and can't be edited, so you'll have to upload the newest one with the additional time.

Hide

When you go through the renewal process it's similar to how you purchased your certificate the first time, most often people forget the fact that they have to generate the certificate again. If you've already generated the certificate, you'll want to check that you've completed all the validation steps for the certificate. After the certificate is issued, you'll need to install new one over the old existing certificate. The reason for having to install it again is because the certificate is hard coded and can't be edited, so you'll have to upload the newest one with the additional time.

Hide

A code signing certificate is one type of digital signature algorithm as a certificate which verifies that code has not been changed or it's not malicious as it is signed by the author. You can say that it's one kind of "digital shrink-wrap" which assures that the code can be trusted and there's nothing wrong with it which eventually increase the trust of clients and willingness will also be there to download and install the same. All the major type of operating systems such as Windows, Apple OS X, & Linux supports this certificate and they also use it for their own to make sure that malicious code does not get distributed, if it's there any.

Hide

To generate a Code Signing you'll want to be using FireFox as your browser, and you'll want to make sure that when you do the process, you're on a computer that you'll be able to access again. If you can't get access to the computer later when the certificate is issued, you won't be able to collect the certificate. When generating you'll be given browser controls to get your certificate generated and once generated your private key will be stored in FireFox's file system.

Hide

After the completion of all the validation, the CA will issue the certificate and it will send as 'collection' or which is even said as 'pick-up' link to the provided email address. In order to download the certificate it's essential to use the same PC which was used in generating the order & Firefox should be used as a browser. After all this, Firefox will pull out the previously stored private key and it will install the code signing certificate on its own. It's advisable to export code signing certificate and private key into a PFX (.p12) file from the browser after the completion of download.

Hide

The reason why you can't download your code signing certificate is probably going to be caused by you're not using FireFox as your web browser to generate or export the certificate. Along with you're not using the same computer which was used to generate the certificate. You'll want to make sure you're on the same computer and using FireFox for all steps of the Code Signing process.

Hide

Before going to the following steps be sure that you are using Firefox browser as it tends to be the most compatible browser with both Generation and Exportation. . Below the steps which should be used to export your code signing certificate and private key in Firefox -

1. Click "Open" menu
2. Go to "Options"
3. After you'll want to go to "Advanced" or "Encryption".
4. Now, select "View Certificates" from the certificate tab.
5. After that, click the name of your certificate which is under Your Certificates.
6. After it's highlighted, select "back up all" and then enter your passphrase.

Hide

Your Developers should know how to sign the code using their development platform, however if they're unfamiliar they can reference to the official documentation provided by the platform.

Hide