Get the highest-level security for your website with our affordable web security services.
Frequently Asked Questions
Go Through These FAQs and Get Instant Answers to Your SSL Related QuestionsThe SSL industry has been going around for quite some time, and someone who isn't technical or looking for the SSL will have some questions, especially if they're first-timers.
Here our team has gathered common questions and answers that clients usually ask before purchase, during the validation process, or after issuance.
Common FAQs Regarding SSL
An SSL (Secure Sockets Layer) is the protocol that establishes a secure and encrypted connection between a client (browser) & a web server, and it helps secure, confidential information such as passwords. In addition, to know whether SSL is installed, the easiest way is to look through the URL. If the SSL is installed, you'll find URLs starting with HTTPS instead of HTTP and a secure padlock.
Lastly, there are three validation types of SSL
- Domain Validation
- Organization Validation
- Extended Validation
Domain Validated SSL, an abbreviation of DV SSL, is the most basic SSL certificate that provides you with a simple HTTPS URL and a secure padlock. It's the recommended SSL certificate if you want to secure a website with SSL mainly to prevent the "Not Secure" warning message.
Organization Validated (OV) SSL certificate is the advanced SSL certificate of DV SSL certificate used to secure the company's sensitive data. In an OV SSL certificate, CA (Certificate Authority) does a light business verification to ensure you've legitimate business with the physical location.
An Extended Validated SSL certificate is the most advanced SSL certificate specifically used by websites dealing with the user's sensitive financial information, such as banking or e-commerce website. Offered with the highest visible trust indicator like company name within a secure padlock, almost all giants use it that deals with a financial transaction like PayPal. In addition, to get this SSL certificate, applicants must undergo an extensive validation process where their business authenticity is thoroughly verified.
Similar to the validation level, there are also different types of functionalities of SSL certificates. And it's offered as Single Domain, Wildcard, Multi-Domain, SAN, and Multi-Domain Wildcard.
The single-domain SSL certificate is the standard SSL certificate that secures a single domain that includes both WWW and Non-WWW domains. For instance. www.domain-example.com and domain-example.com.
Wildcard SSL certificate secures one main domain and an unlimited number of first-level domains. The cost-reducing Wildcard SSL certificate secures all the sub-domains with one single SSL. For instance, with one single Wildcard SSL certificate, you can secure www.domain-example.com, domain1.domain-example.com, domain2.domain-example.com, and so on.
A Multi-Domain SSL certificate is another cost-effective SSL certificate that secures multiple domains with one single SSL certificate. For instance, if you've multiple websites like www.domain1.com, www.domain2.net, and www.domain3.org, the multi-Domain SSL certificate is cost-effective and easy to manage.
A SAN (Subject Alternative Name) is a type of SSL certificate that's similar to a Multi-Domain SSL certificate. But SAN certificate also allows you to secure multiple IP addresses as well.
Multi-Domain Wildcard SSL certificate is the combination of two SSL certificates, Multi-Domain and Wildcard. It secures multiple domains and their associated sub-domains with one single SSL certificate. For instance, this SSL is helpful if you have www.domain1.net, www.domain2.com, www.domain3.org, d1.domain2.com, d2.domain2.com, d3.domain1.net, and so on.
Certificate Authorities, abbreviated as CA, are the providers of SSL certificates. CAs like Sectigo, Comodo, Certera, etc are trusted by globally popular web browsers like Google Chrome and Mozilla Firefox. And in return, it ensures websites with SSL certificates installed will not face the "Not Secure" warning message shown by web browsers and devices.
Order Processing of SSL
As the name implies, you must keep your Private Key privately with you. In addition, only your hosting provider is the one who should have your private key, and that's also if anyone asks for it. Similarly, you should not delete it as it's an essential key that is needed to keep your installed SSL certificate working.
If you want your SSL certificate to be issued urgently for a certain reason, you'll need to contact us with your order details along with the request, and we'll help you get your purchased SSL certificate urgently.
Validation or Authentication Process of SSL Certificate
For getting a DV SSL certificate issued, you'll not require to submit any documents. Instead, you'll only need to prove your domain ownership, which gets completed within a few minutes. And once the domain validation is completed, your DV SSL certificate will get issued completely.
Read our detailed DV SSL Validation Process
To get your OV SSL certificate after purchasing, you'll need to complete a light business verification process that includes submitting certain government-issued documents like business registration details and publicly listed company telephone numbers. Similarly, it's accessible through certain acceptable public telephone directories with the exact business name and address. And this entire verification takes around 1 to 3 business days to be completed.
Read our detailed OV SSL Validation Process
To get an EV SSL certificate issued, you'll need to go through the rigorous vetting process that thoroughly verifies your business authentication by reviewing all the necessary documents. In addition, CA also does the phone verification to know that applicant is authorized to purchase an EV SSL certificate. Lastly, this entire EV validation process takes around 1 to 5 business days to complete.
Read our detailed EV SSL Validation Process
Code Signing certificates are offered in three different types: individual developer, organization validated, and extended validated. If you've purchased OV or EV code signing certificate, then you'll need to follow the validation process of the OV or EV SSL certificate as mentioned above.
However, if you choose to go with an individual code signing certificate, you'll need to submit a form to verify your identity as an individual developer. Similarly, you'll also need to submit a government-issued ID and some additional documents according to the policies of the certificate authority.
Depending upon which type of validation level you've chosen, your SSL certificate validation process is complete. For instance, if you've purchased a DV SSL certificate, it'll be completed within minutes once you prove your domain ownership. And if you've chosen to go with the OV SSL certificate, it'll take around 1 to 3 business days. Lastly, if you've chosen the EV SSL certificate, it'll take around 1 to 5 business days for the validation process to complete and get your SSL certificate issued.
You'll need to generate a new CSR (Certificate Signing Request) and a new private key. Similarly, you'll need to get your SSL certificate reissued.
If you've changed the server or moved your website to another hosting provider, you'll need to generate a new CSR and re-issue your SSL certificate.
Yes, you can reschedule your verification call, but you'll have to contact the SSL certificate provider and inform them when you want your verification call to be done.
Similarly, if you want to be called on another telephone number, then ensure the certificate authority verifies it. So, CA can confirm that the number they'll call will get answered.
You must let your SSL provider know if your telephone number is outdated, so we can tell the CA (Certificate Authority) from where to find your latest updated telephone number and update it.
Due to any reason, if the vendor fails to verify the information entered at the time of the generation process, the SSL vendor will contact the Administrator and request the documents. In addition, you can also directly attach all the asked documents and send them as an email. Furthermore, if the issue or question arises regarding the document, you can contact us directly, and we'll let you know about other alternative ways.
Usually, once your validation process completes, you get your SSL certificate issued and sent to the registered email address. And if you haven't received it, you can log in to your Certera account, check your order and if the validation is complete, you can download your certificate from there..
You can use Whois's registered email address for DV, OV, and EV SSL certificates.
If you've lost your login details or cannot remember them, go through the forgot password link. Similarly, if you can't remember the email address you used for signing, don't hesitate to get in touch with your SSL certificate provider, and they'll help you find your account.
CSR Generation
CSR (Certificate Signing Request) is mandatory to request your SSL certificate. The CSR gives the needed information to the SSL certificate provider about the applicant, like organization name, location, and for which domain SSL is requested.
The free online CSR generator tool is available where you are required to submit all the asked information, and once you click the generate button, it generates CSR. Secondly, CSR generation guides are also available if you wish to generate CSR using the OpenSSL command.
You cannot edit generated CSR. You'll need to generate a new CSR with all the correct information.
Make sure you've copied the correct file and are not using the self-signed certificate or the SSL you may have used earlier. Nonetheless, if your CSR isn't decoding, you'll need to generate a new CSR.
If you're receiving CSR Invalid error message, then there's a possibility you may not have formatted the common name accurately for the type of certificate you got. For instance, in Wildcard SSL certificate common name should be *.domain.com. And another possibility is that you may have used invalid characters in some fields. And the only option you're left with is to generate a new CSR using only English alphabets and numbers from 0 – to 9.
Private Key is used for server-side exchange for making a secure SSL connection. And you'll require to reissue your SSL certificate if you lost your Private Key or delete it by mistake, as the SSL certificate provider does not provide it, and it's generated at the time of generating CSR.
You might have missed one or more than one required field, or CSR might have non-alphanumeric characters within the mandatory fields. Nonetheless, you'll need to re-generate your CSR.
SSL Certificate Management
If the SSL is active, you'll need to reissue your SSL certificate to add additional domains within the SSL certificate.
Reissue your SSL certificate and generate a new CSR.
Yes, technical support is provided by the CA as and when required. For instance, if you come across any SSL-related issue or have any query, you'll always have 24x7 help available from the experts of the SSL.
SSL Installation Process
Once you generate your certificate and enter all the information for a technical contact, you'll receive an email containing the certificate authority bundle and certification, which you can download it, and it's needed at the time of SSL installation.
For installing an SSL certificate on multiple servers, you'll require the private key, an intermediate bundle, and the SSL certificate. And, then you'll have to install the certificate on each server.
Yes, you'll need a static IP address for the SSL certificate. And, if you don't have one, you'll have to assign one via your web server or buy from the web host service provider if you are using your own webserver.
Suppose you cannot see the secure padlock icon even after the SSL certificate installation. In that case, there's a possibility it's not installed correctly, or some URLs are still starting with HTTP. Similarly, you can check it using the online tool "Why No Padlock?" and it'll give you a detailed report on the same.
There can be multiple reasons why you get this error message whenever you try opening the website. Most of the time, it's because of the SSL certificate or the server you're using. And to find out, you'll need to perform a test using the SSL Labs tool, which will give you an accurate answer to what is causing it.
This error means the domain browser is trying to open, pulling a certificate of another domain name that isn't bound with the website you're opening. Similarly, there's also a possibility that your website could be using the default SSL certificate, which isn't provided to the host or the server. To correct this issue, you'll have to ensure that the SSL certificate is installed on the correct website for which the SSL is issued.
You can check using the free-to-use SSL checker tool that tests and let you know whether your SSL is installed correctly.
SSL Certificate Renewals
Renewal of SSL certificate is purchasing an SSL certificate. The term "renewal" is used within an industry by providers. To renew your SSL certificate, you'll go through the exact same process that you did for the first time. And, whenever you renew your SSL certificate, you buy it all over again. However, if you renew it before it expires, the remaining time is carried forward with the renewed SSL certificate.
It's not mandatory, but it's recommended that you generate new CSR for security reasons.
It depends entirely upon the information you provide at the time of renewal. The CA (Certificate Authority) may use past confirmed information. For example, if EV SSL is ordered, then it's necessary to have your valid documents of more than 13 months to complete your business validation process. And, if you're choosing OV SSL, then CA may allow validating earlier data up to 27 months from the original order date.
Code Signing Certificate
A code signing certificate is a digital security certificate used by software developers to sign and embed digital signatures on their software digitally. Similarly, the digital signature uses the public-private key infrastructure (PKI), which helps ensure the software isn't tampered with since its signing.
Suppose you aren't using Mozilla Firefox as your web browser to generate or export the code signing certificate with the same computer system. In that case, you will face an issue while downloading a code signing certificate. Henceforth, ensure you're on the same computer system and using Mozilla Firefox for all the code signing-related processes.