New to SSL? No problem! Find the answers to the most frequently asked questions about SSL/TLS. This FAQ is divided into individual sections to help you understand the SSL/TLS step-by-step. You will find the answers to commonly asked questions and may assist you with any technical issues or information you require about SSL. Take the time to review all information carefully to ensure a smooth start to the web security world.
If you have a question that isn't answered here, don't hesitate to send us your question via live chat, phone or email. We will do our best to answer your question, and maybe it will be added to our frequently asked questions list to be shared with others to make things easier for everyone.
An SSL is abbreviation of Secure Sockets Layer is cryptographic protocols designed to provide the standard security technology for establishing an encrypted link between a web browser and server. The SSL ensures that all data transmitted between the browsers and web server remain private and integral. An SSL certificate is used by millions of websites to protect customers sensitive information such as credit card numbers, usernames, passwords, email addresses, and more.
A domain validated certificate also commonly known as DV certificate is the most frequently SSL type. The DV SSL is issued by the CA (Certificate Authority), once the applicant has been validated by proving some control over a domain. Typically, domain control is validated using one of the four method: email based, http file based, https file based or CNAME. Most domain validation SSL can be issued in a matter of minutes since it does not require human intervention and paper documents. A DV certificates are often cheap compared to other SSL types.
An organization validation certificate provides more trust than DV SSL and require going through more validation to get OV SSL issued by CA. The certificate authority (CA) validates the company name, domain name and other information using public databases. These certificates serve as a median of DV and EV certificates and usually recommended for corporations, governments and ecommerce site that wants to provide extra layer of security and trust.
An extended validation certificate also frequently known as EV SSL requires full organization validation and provides your website visitors more confidence and highest available levels of trust since it displays verified legal identity/company name with a green address bar. This EV certificate sometimes also referred as green address bar SSL. This certificate is designed to strengthen e-commerce security and combat phising attacks.
A multi-domain SSL, also many times called SAN certificate offers same encryption level as other SSL, but it designed to secure the combination of completely unique multiple domains, subdomains and environments. This certificate offers complete control over the Subject Alternative Name (SAN) field. This SAN SSL is often used to secure Microsoft Exchange Server and Office Communications Server. You also have the option to add/change/delete any of the SANs as and when need arise. If you want to protect both www. and non-www. version of your domain/website with one multi domain SSL, both hostnames should be specified during the certification activation. The multi-domain does not require separate dedicated IP addresses for the hostnames.
Answer is simple! Get an EV (Extended Validation) SSL certificate for your website. This type of SSL certificates is sold by many certificate authorities. An extended validation certificate on the website turns web browsers to change the address bar to a green color and displays the name of the organization/business to which the certificate is issued. When it comes to the trust of visitors, the extended validation green address bar matters.
An EV SSL attracts a long and tough validation & authentication process. Before EV certificate is issued, the certificate issuing authority validates information about the organization including physical address and registered business identity verification. An extended validation SSL certificate cannot be issued to individuals, but the only exclusion is possible if you are a Sole Proprietor or have a small business.
According to the WWW standards a domain with www is a copy of the bare domain (non-www) website, though, it is still a different name for SSL certificates. Many Certificate Authority (CA) includes it as a free SAN (Subject Alternative Name), and some do not. Also, please note that these features depend on the SSL type and the Certificate Authority policy. Usually, single domain SSL certificate will secure both version of domain - your bare domain and its www version by default. But with the multi-domain certificates, it is different, if you want to secure both version of domain (www and non-www), it is required for you to fill them separately - one as a Common Name and one as a SAN (Additional Domain).
A wildcard certificate is used to secure your main domain and an unlimited number of subdomains. This SSL is comparatively flexible and easy to manage. Compared to other SSL types, wildcard certificate is a top choice for organizations/businesses with multiple site hosted on multiple subdomains. A wildcard notation consists of an asterisk (*) and a period before the domain name. For example a single wildcard for "*.[mydomainname].com" will also secure "www.[mydomainname].com" as well as "mail.[mydomainname].com", "help.[mydomainname].com", "account.[mydomainname].com" and so on.
Wildcard SSL certificates can cover one fully functional main domain and an unlimited number of subdomains. Whereas, Multi-domain or SAN (Secure Alternate Name) SSL certificates can protect multiple domains and host names by just one SSL certificate.
Theoretically, a 2048-bit RSA encryption is harder to break than a 1024-bit. The key size or key length is referred to the number of bits in a key used by a cryptographic algorithm and strength of the private key.
It is a data/file encryption technique that employs a 256-bit key to encrypt and decrypt files or data. 256-bit encryption is the most secure and modern encryption method after 128-bit and 192-bit encryption.
It is a has algorithm. SHA is used to sign certificates and certificates revocation list by certification authorities. The main fundamental difference between SHA-1 and SHA-2 is the length of the hash. The SHA-2 or SHA-256 creates a longer and more complex hash, whereas the SHA-1 is more basic hash version provides a short code with less unique combinations possibilities.
If you're an individual, then EV certificate cannot be issued. But if you are a Sole Proprietor or Small Business Owner you can get an EV SSL, but verification is required to validate a non-incorporated business entity. Unlike extended validation certificates, an organization validation certificate is easy to get. As per some of the Certificate Authority's policy if you apply for on OV SSL as an individual, the CA may ask you to provide more documents such as a copy of a valid driver's license or passport or copy of a recent utility bill (power bill, water bill etc.) or a bank statement to validate the identity.
A certificate authority or certification authority (CA) is a trusted entity who issues digital certificates. The certificate authority is an integral part of the PKI (Public Key Infrastructure) and a RA (Registration Authority) who verifies the details and issues an SSL (Secure Sockets Layer) certificates.
A warranty in SSL is an assurance and insurance for an end user. It is vital to protect the end user. If CA fails to correctly validate the information contained in an SSL certificate and due to this failure if the end-user lose money in connection with a fraudulent online transaction, then the end-user may file a recovery claim for the loss under the certificate warranty.
There are many web and mobile browsers. A browser compatibility or browser recognition rate in SSL specifies an estimated percentage that the SSL certificate is recognized. Higher the browser recognition rate of certificate, the more mobile and web browser recognize and accept it.
No documents need to be submitted to buy a DV certificate. As name suggest, domain validation, all that is needed from your side is to validate the domain ownership. This domain ownership validation is online and only takes about 5 minutes. You can verify domain ownership via one of the four method: email based, http file based, https file based or CNAME.
OV (Organization Validation) SSL is a high assurance certificate and requires going through the vetting process to validate your domain ownership, your business identity and your physical address. If your business identity is listed on online government databases, the certificate issuing CA can verify it and, in such case, you don't need to provide any documents. But if CA cannot verify it online, they may request official business registration documents. But it is seen that having a business listing on DnB (Dun & Bradstreet) can normally satisfy the requirements.
When you buy an EV certificate, it requires more rigorous verification and vetting as compared to other SSL types. The Certificate Authority will validate the applicant's legal status, flagged entity check, DBA/Trade name, physical and operational existence, phone number and domain ownership.
For code signing certificates the issuing CA will strictly verifies the legal identity, address, data of formation and more about the publisher. Also, they will cross check against lists of suspected or known malware publishers, producers and distributors.
Yes, you can use. Due to security reasons it can be sent either to a generic email adress from the list below or to the email address listed in the public WHOIS record for the domain.
The generic email addresses are:
The CA will send an email providing a unique validation code and a link; you need to open the link and enter the code to validate the domain ownership.
It is a message sent to Certificate Authority in order to apply for an SSL certificate. Typically, it holds the information about your organization (organization name, country etc.), your web server’s public key for which the certificate should be issued, and a unique mathematical match to your server’s private key.
The CSR is necessary to generate your SSL certificate by Certificate Authority. The certificate signing request must be submitted during the SSL enrollment process.
The primary source of information to generate a CSR is your web server technical manual or you can consult your hosting/server support team or server administrator.
A SAN (Subject Alternative Name) is the non-primary, additional domain. The multi-domain (UCC/SAN) SSL certificate allows you to add, remove, or change additional domain (SAN) at any time. Changing your SANs requires you to generate a new certificate, that you must install on your server.
For rectifying this mistake, you will have to Cancel & Reorder the certificate. Then, you will have to paste in a new CSR with the correct spelling.
In this case the reissue is the only way out. You will need a new pair of CSR code/RSA key generated. Note: You must completely remove the old certificate from the server, before installing your reissued SSL certificate.
Upon successful validation, the Certificate Authority will send an email to the Technical Contact mentioned on the order. You can also download a copy of files in your user account directly.
Yes, this is possible only if you have unlimited or additional server licenses.
Until recently, to install an SSL you would fist require a dedicated IP address. But these days, there is a quite new technology call SNI (Server Name Indication). So, if your web server is SNI- enabled, then you don’t need a dedicated IP in order to install SSL.