LogIn

FAQ

 Home / Support / FAQ

Frequently Asked Questions

  • What is a Certification Authority ?Open or Close

    A Certification Authority (CA) is a trusted entity responsible for issuing digital certificates that validate the ownership of cryptographic keys used in secure communication. The primary role of a Certification Authority is to validate and authenticate the identity of individuals, organizations, devices, or websites.


    CAs play a fundamental role in facilitating secure communication over the internet using technologies such as SSL/TLS (Secure Sockets Layer/Transport Layer Security). They issue digital certificates that bind cryptographic keys to entities, ensuring the confidentiality, integrity, and authenticity of digital transactions and communications.


    Key functions of a Certification Authority include:


    1. **Issuing Digital Certificates**: CAs issue digital certificates, containing a public key and details about the certificate holder (e.g., domain name, organization details), ensuring that the certificate holder is who they claim to be.


    2. **Validation and Authentication**: CAs verify the identity of the certificate holder before issuing a digital certificate. The validation process may involve confirming domain ownership, organizational details, or individual identity.


    3. **Revocation and Management**: CAs manage the revocation of certificates if they are compromised or no longer valid. They maintain Certificate Revocation Lists (CRLs) or use mechanisms like the Online Certificate Status Protocol (OCSP) to check if certificates have been revoked.


    4. **Maintaining Trust and Security**: CAs are responsible for maintaining the trustworthiness of the certificates they issue and ensuring the security of digital communications. The trustworthiness is maintained by following industry standards and best practices.


    5. **Compliance and Auditing**: CAs must comply with industry standards and undergo audits to ensure that they meet the required security and operational criteria.


    Well-known examples of CAs include companies such as DigiCert, Sectigo, Let's Encrypt, and GlobalSign. When a website has an SSL certificate issued by a trusted CA, web browsers recognize it as secure, displaying a padlock icon in the address bar, signifying a secure connection. This helps establish trust between the website and its visitors.


    CAs play a crucial role in ensuring the security and trust of digital communication and are integral to the functioning of secure online transactions and interactions.

  • What do I need to purchase an SSL certificate?Open or Close

    To purchase an SSL certificate, you'll need a few key items and pieces of information:

    1. **Type of SSL certificate**: Determine the type of SSL certificate that suits your needs. This could be a Domain Validated (DV) certificate, Organization Validated (OV) certificate, Extended Validation (EV) certificate, Wildcard certificate, or Multi-Domain (SAN) certificate.

    2. **Domain ownership**: You should have control and ownership of the domain for which you want to purchase the SSL certificate.

    3. **Server information**: Understand the type of server or hosting environment where the SSL certificate will be installed, whether it's a specific type of web server (e.g., Apache, Nginx, IIS, etc.).

    4. **Certificate Signing Request (CSR)**: Generate a CSR on your server. The CSR is used to generate the SSL certificate and includes information such as the domain name, organization details, and the public key.

    5. **Email address for approval**: During the certificate issuance process, a confirmation or approval email is sent to a specified email address associated with the domain. Ensure you have access to this email address.

    6. **Payment information**: Be prepared to provide payment details for purchasing the SSL certificate. Prices vary based on the type of SSL certificate, the Certificate Authority, and additional features.

    7. **Organization details (for OV and EV certificates)**: If you're purchasing an OV or EV SSL certificate, you'll need to provide accurate details about your organization, such as legal name, physical address, and other business registration information.

    8. **Compliance with the Certificate Authority's requirements**: Different Certificate Authorities may have specific requirements or processes, so ensure you understand and meet their criteria for obtaining an SSL certificate.

    Once you have these details ready, you can approach a reputable Certificate Authority or SSL certificate vendor to initiate the purchase of the SSL certificate. During the purchase process, you'll submit the CSR, complete verification steps, provide payment, and follow instructions to obtain and install the SSL certificate on your server.

  • Why need to renew ssl certificate?Open or Close

    SSL certificates need to be renewed periodically to maintain the security and trust of a website. Here are some key reasons why SSL certificates need to be renewed:

    1. Expiration: SSL certificates have a defined validity period, usually ranging from one to several years. After this period, the certificate expires. Renewing the SSL certificate ensures that your website continues to be secured with encryption. If an SSL certificate expires, the website becomes vulnerable to security risks, and visitors might encounter warning messages about the expired certificate when trying to access the site.

    2. Continued Encryption and Security: SSL certificates encrypt data transmitted between a user's browser and the website's server, ensuring that sensitive information remains secure. Renewing the SSL certificate ensures that this encryption remains active and effective.

    3. Trust and Credibility: Visitors to a website look for the padlock icon in their browser's address bar, indicating that the website is secure with an SSL certificate. If the SSL certificate is expired or not renewed, this trust indicator disappears, potentially causing visitors to be wary of the site's security. Renewing the SSL certificate maintains the credibility and trustworthiness of the website.

    4. Compliance and Best Practices: For businesses handling sensitive data or involved in e-commerce, SSL certificate renewal is crucial for maintaining compliance with industry standards and best practices in data security.

    5. Avoiding Downtime and Loss of Customers: In some cases, an expired SSL certificate can cause website downtime or disruptions. This can result in lost visitors or customers who might avoid the site due to security concerns.

    To maintain a secure and trustworthy online environment, regular SSL certificate renewal is necessary. Renewing the certificate before it expires ensures continuous security, protects user data, and maintains the smooth functioning of your website.

  • What is Domain Approver Email form validation?Open or Close


    The term "Domain Approver Email" refers to an email used during the process of obtaining an SSL (Secure Sockets Layer) certificate, particularly during the domain validation phase. When a website owner applies for an SSL certificate, the Certificate Authority (CA) often needs to validate ownership or control of the domain for which the SSL certificate is requested.


    As part of domain validation, the CA typically sends an email to an email address associated with the domain for which the SSL certificate is being requested. This email is sent to confirm that the person or entity applying for the SSL certificate has the authority to manage the domain.


    The Domain Approver Email is an email sent by the CA to a specified email address, usually in the form of admin@example.com, webmaster@example.com, postmaster@example.com, or another email address associated with the domain.


    The email contains instructions or a link that the recipient of the email (usually the website owner or administrator) must follow to confirm ownership or control of the domain. This process is typically a part of the domain validation requirements set by the CA to ensure that SSL certificates are only issued to individuals or organizations that have legitimate control over the domain.


    It's crucial to have access to the specified Domain Approver Email address and follow the instructions provided in the email to complete the domain validation process and successfully acquire the SSL certificate for the domain.


  • What's the difference between DV, OV & EV SSL certificates?Open or Close

    DV (Domain Validated), OV (Organization Validated), and EV (Extended Validation) SSL certificates are different types of certificates used to secure websites and provide various levels of validation and trust to visitors. Here's a comparison of the differences among them:


    1. **Domain Validated (DV) SSL Certificate**:

       - **Validation Level**: Requires the least amount of validation. It verifies domain ownership only.

       - **Issuance Time**: Typically issued quickly, sometimes within minutes.

       - **Displayed Information**: Basic SSL padlock in the browser bar without any organization details.

       - **Use Case**: Suitable for small websites, blogs, personal sites, or basic encryption needs.


    2. **Organization Validated (OV) SSL Certificate**:

       - **Validation Level**: Involves validation of the organization’s details (such as name, location, etc.).

       - **Issuance Time**: Takes longer than DV certificates due to additional verification.

       - **Displayed Information**: Displays the verified organization's name in the SSL certificate.

       - **Use Case**: Suitable for businesses and organizations looking to establish trust with their customers.


    3. **Extended Validation (EV) SSL Certificate**:

       - **Validation Level**: Involves the most rigorous validation process, verifying legal entity, physical existence, and authority to request the certificate.

       - **Issuance Time**: Takes the longest due to thorough validation, usually several days to weeks.

       - **Displayed Information**: Triggers the browser to display the company's name in a prominent way, often with a green address bar and organization details.

       - **Use Case**: Primarily used by e-commerce sites, financial institutions, and other businesses that require a high level of trust and security.


    The main differences among these certificates lie in the extent of verification performed by the Certificate Authority before issuing the certificate and the information displayed to users visiting the website. EV SSL certificates provide the highest level of assurance to website visitors, while DV certificates offer basic encryption with minimal validation. OV certificates fall in between, providing some organizational details to visitors but not to the same extent as EV certificates.

  • What documents are required for Extended Validation (EV) certificates?Open or Close

    Obtaining an Extended Validation (EV) SSL certificate involves a stringent validation process that requires the submission of specific documents to the Certificate Authority (CA) for verification. Here are the typical documents and information required for an EV SSL certificate:


    1. **Legal Entity Documents**:

       - **Business Registration**: You'll need to provide official documentation proving the legal registration of the entity applying for the EV certificate. This may include articles of incorporation, a business license, or a certificate of formation.


    2. **Proof of Operational Existence**:

       - **Physical Address Confirmation**: Documentation verifying the physical location of the organization is often required. This can include utility bills, lease agreements, or a recent bank statement displaying the organization's physical address.


    3. **Legal Authorization**:

       - **Certificate Requestor’s Authority**: Proof that the person applying for the certificate has the legal right to do so on behalf of the organization. This might involve articles of association, a board resolution, or a legal opinion letter from the organization’s attorney.


    4. **Contact Information**:

       - **Valid Contact Information**: Verifiable contact details, including a phone number and an email address associated with the organization applying for the EV certificate.


    The provided documentation is subjected to a thorough verification process by the Certificate Authority to ensure the legal and operational existence of the entity applying for the certificate. This validation process can take several days or weeks due to its rigorous nature.


    It's essential to submit accurate and up-to-date documents as requested by the CA, as incomplete or incorrect information can delay the issuance of the EV certificate. The purpose of this meticulous process is to provide a higher level of assurance to website visitors regarding the legitimacy and security of the organization holding the EV SSL certificate.

  • Email signing certificateOpen or Close

    An email signing certificate is a digital certificate used to sign and authenticate email messages. It is also known as a digital signature certificate for email or a Secure/Multipurpose Internet Mail Extensions (S/MIME) certificate. The certificate is issued by a trusted Certificate Authority (CA) and contains the public key of the email sender along with other identifying information.

    When an email sender signs an email message with their email signing certificate, the recipient can verify that the message was actually sent by the claimed sender and that the message has not been tampered with in transit. The digital signature created with the email signing certificate ensures the integrity and authenticity of the email message.

    Email signing certificates are particularly useful for organizations that need to send sensitive or confidential information via email, such as banks, financial institutions, and government agencies. By using an email signing certificate, these organizations can ensure the authenticity and integrity of the messages they send, and protect against email spoofing and other types of email fraud.

    To use an email signing certificate, the email client software must support S/MIME, which is a standard for secure email messaging. The email sender must also have a valid email signing certificate installed in their email client software. The recipient's email client software will verify the digital signature of the email message using the sender's public key, which is included in the email signing certificate. If the digital signature is valid, the recipient can be confident that the email message is authentic and has not been tampered with in transit.

  • How do I generate my CSR?Open or Close

    To generate a CSR (Certificate Signing Request), follow these steps:


    Access your server:

    Log in to your server where you plan to install the SSL certificate. This might be your web hosting control panel or directly on your server, depending on your hosting environment.


    Generate a Private Key:

    Use a command or interface to generate a private key. If you're using OpenSSL, you can generate a private key with the following command:


    openssl genpkey -algorithm RSA -out private.key -aes256


    Replace private.key with the file name you prefer. You'll be prompted to enter and confirm a password to secure the private key.


    Create the CSR:

    Once the private key is generated, use the following command to create the CSR:


    openssl req -new -key private.key -out request.csr


    Replace private.key with the filename of your private key and request.csr with the file name for the CSR.


    This command will prompt you to enter various pieces of information (such as your organization's details, location, etc.) which will be included in the CSR. Enter the required information as accurately as possible. The Common Name (CN) field should match the domain for which you're requesting the SSL certificate.


    Review and submit the CSR:

    Review the CSR file (request.csr). You will need to provide this CSR file to your SSL certificate provider (Certificate Authority) when you purchase an SSL certificate. Copy the content of the CSR file and paste it into the certificate request area during the SSL certificate purchase process.


    Submit the CSR to the Certificate Authority:

    After generating the CSR, you'll submit it to your chosen Certificate Authority to obtain the SSL certificate.


    Once you receive the SSL certificate files from the CA, you'll need to install these files on your server as per the instructions provided by the CA or your server/hosting environment.


    Remember to keep your private key secure and do not share it with anyone. It's essential for securely encrypting communication between your server and your visitors.

  • I do not see my email address in the Approval/DCV Email field?Open or Close

    If you're unable to see your email address in the "Approval/DCV Email" field during the SSL certificate issuance process, a few potential reasons could explain this:

    1. **Alternative Validation Method**: The Certificate Authority (CA) may use alternative domain control validation (DCV) methods instead of email validation. Some CAs utilize DNS-based validation or file-based authentication to verify domain ownership, eliminating the need for email validation.

    2. **User Interface Display**: The absence of the email address field might be due to the particular design or configuration of the SSL certificate provider's interface. It's possible that the field might be located elsewhere or may not be visible until a later step in the process.

    3. **Specific Requirements**: It's essential to confirm the specific requirements for domain validation as requested by the CA. Some CAs may have different validation procedures and might not require an email address for approval.

    To ensure a smooth certificate issuance process, consider the following steps:

    - Review the CA's instructions or documentation regarding domain validation methods to understand the validation process in use.
    - Contact the SSL certificate provider's support for guidance on the domain validation process and inquire about alternative validation methods if email validation isn't available.
    - Double-check the submission process to ensure that all required fields, including the email address, are correctly filled or provided at the appropriate stage of the validation process.

    If email validation is indeed required, but you're unable to find the field to input your email address, contacting the SSL certificate provider's customer support can help in addressing the issue and completing the validation process efficiently.

  • How do I install my SSL certificate?Open or Close

    The process for installing an SSL certificate can vary slightly depending on your hosting platform or web server software. Here are general steps for installing an SSL certificate:

    1. **Obtain the SSL certificate:** After purchasing the SSL certificate, the Certificate Authority (CA) will provide you with certificate files, typically including the SSL certificate itself, an intermediate certificate, and the private key. Download these files.

    2. **Access your server or hosting platform:** Log in to the server or hosting control panel where your website is hosted. This could be cPanel, Plesk, or direct access to the server via SSH or another method.

    3. **Prepare the certificate files:** Open the SSL certificate files provided by the CA. These files generally include the SSL certificate file (.crt), the intermediate certificate file (.ca-bundle or .pem), and the private key file (commonly in a .key format).

    4. **Install the SSL certificate:**
       
        a. **Upload Certificate Files:** Locate the section or settings in your server or control panel related to SSL or security. There should be an option to upload or paste the SSL certificate, intermediate certificate, and private key.
        
        b. **Paste the Certificate:** Copy and paste the content of the SSL certificate file into the appropriate field or upload the file itself. Do the same for the intermediate certificate file.
        
        c. **Private Key Installation:** Paste or upload the private key into the respective field or section. This key is crucial for securing your encrypted communications.

    5. **Save and Activate:** Save the changes. Some servers or control panels might ask you to activate the SSL certificate. Confirm any prompts that enable the certificate.

    6. **Verify the Installation:** To ensure the SSL certificate is correctly installed, access your website using "https://" in the URL. Check for the padlock icon in the browser's address bar or use online SSL checker tools to confirm the installation's success.

    7. **Update Website URLs:** After the SSL certificate installation, ensure that all internal links, resources (like images, scripts, or stylesheets), and any hardcoded links are updated to use "https://" to avoid mixed content warnings.

    The steps might differ slightly based on the hosting environment or the specific SSL certificate provider. If you encounter any issues during the installation process, contact your hosting provider's support or the SSL certificate issuer's support for guidance and assistance.

  • What type of web server do I have?Open or Close

    Determining the type of web server you have can be accomplished through various methods. Here are some common ways to identify the type of web server hosting your website:

    1. **Contact your hosting provider:** If you're unsure of your web server type, the simplest way is to reach out to your hosting provider or system administrator. They should be able to provide you with information about the server software running your website.

    2. **Check server documentation:** Review any documentation or information provided by your hosting service that outlines the server software and specifications.

    3. **View HTTP response headers:** Use online tools or browser extensions to inspect the HTTP response headers sent by your server. The "Server" header often reveals the type and version of the web server software being used.

    4. **Use online tools:** Several online tools can help identify the type of server software. Tools like builtwith.com, Netcraft, or Wappalyzer can analyze websites and provide information about the server software.

    5. **Check error pages:** Error pages, such as the default Apache or Nginx error pages, may provide clues about the server type in the footer or error message details.

    6. **Server response to server-specific requests:** Sending specific requests to the server to solicit a response can help identify the server type. For instance, checking for specific default files that are unique to certain server types.

    By using a combination of these methods, you should be able to identify the type of web server your website is hosted on. The most commonly used web servers include Apache, Nginx, Microsoft IIS (Internet Information Services), LiteSpeed, and others.

  • Why do I need to install intermediate certificates?Open or Close

    Intermediate certificates, also known as intermediate CA certificates or chain certificates, are an integral part of the SSL/TLS certificate chain. They are required for proper SSL/TLS certificate validation and to establish a complete and trusted secure connection. These certificates help ensure a secure and uninterrupted chain of trust between the SSL certificate issued for your domain and the root certificate authority.


    Here’s why installing intermediate certificates is important:


    1. **Certificate Hierarchy and Trust:** Intermediate certificates form the link between your SSL certificate and the root certificate authority. They establish a chain of trust, where the root certificate authority (CA) signs an intermediate certificate, which, in turn, signs your SSL certificate. By including intermediate certificates in the chain, it provides an unbroken trust link from your certificate to the trusted root CA.


    2. **Complete Chain of Trust:** When a visitor's browser or device connects to your website, it must verify the SSL certificate's validity. By providing the full chain of certificates, including the intermediate certificates, you ensure that the entire chain is present and validated. If the intermediate certificates are missing, the browser may not be able to establish a secure connection, leading to potential SSL errors or warnings for the site visitors.


    3. **Avoiding Trust Errors:** Not including intermediate certificates might lead to "incomplete chain" or "untrusted certificate" errors in certain browsers or devices. Visitors might see security warnings or be unable to establish a secure connection to your site.


    4. **Issuance by Trusted Intermediate CA:** Intermediate certificates are signed by the root certificate authority and are responsible for issuing SSL certificates. While root certificates are highly secure and kept offline, intermediates are used for day-to-day issuance, thus acting as a buffer between the highly secure root and the individual SSL certificates.


    During the SSL certificate installation process, it's important to ensure that the intermediate certificates provided by the Certificate Authority are properly installed along with your SSL certificate and private key. By installing the complete certificate chain (including the intermediate certificates), you help ensure a seamless and trusted SSL connection for visitors accessing your website.

  • CSR for SSLOpen or Close

    CSR stands for Certificate Signing Request, which is a message sent to a Certificate Authority (CA) to apply for an SSL/TLS certificate. The CSR contains information about the website and organization that the certificate will be issued to, including the public key that will be used to encrypt data transmitted between the website and its visitors.


    To generate a CSR, the website owner must first create a private key, which is a cryptographic key that is kept secret and used to decrypt data encrypted with the public key. The private key is generated on the server where the website will be hosted and is never shared with anyone.


    Once the private key is generated, the website owner can use it to create the CSR, which includes the following information:


    Common Name (CN): This is the fully qualified domain name (FQDN) for which the certificate will be issued (e.g., www.example.com).

    Organization Name (O): This is the legal name of the organization that owns the website.

    Organizational Unit (OU): This is the division or department within the organization that owns the website.

    City/locality (L): This is the city or locality where the organization is located.

    State/province (ST): This is the state or province where the organization is located.

    Country (C): This is the two-letter country code for the country where the organization is located.

    The CSR is then sent to the CA to apply for the SSL/TLS certificate. The CA will use the information in the CSR to verify the identity of the website owner and issue the certificate if everything checks out. Once the SSL/TLS certificate is issued, the website owner can install it on their server and begin using it to encrypt data transmitted between the website and its visitors.

  • Extended Validation for SSL CertificateOpen or Close

    Extended Validation (EV) is a type of SSL certificate validation that provides the highest level of authentication and trust for a website. EV SSL certificates require the certificate authority (CA) to perform a thorough and rigorous validation process to verify the legal and operational existence of the organization that owns the website.


    To obtain an EV SSL certificate, the organization must provide the CA with a range of documents and information that demonstrate its legal and operational existence. This typically includes business registration documents, tax documents, proof of physical address, and other supporting materials. The CA will perform extensive checks on this information, which can take several days or weeks to complete.


    Once the validation process is complete, the EV SSL certificate will be issued, and the website will display a green address bar in the visitor's web browser. This green bar is a visual indicator that the website has undergone a rigorous validation process and provides the highest level of trust and security. Additionally, the website owner's name and location will be prominently displayed in the certificate details, providing additional assurance to visitors.


    EV SSL certificates are ideal for websites that conduct sensitive transactions or handle sensitive information, such as e-commerce sites, banking and financial institutions, and government agencies. The EV validation process provides an additional layer of assurance and helps to reduce the risk of phishing and other types of online fraud.

  • Organization Validation for SSL CertificateOpen or Close

    Organization Validation (OV) is a type of SSL certificate validation that provides a higher level of authentication than Domain Validation (DV) but lower than Extended Validation (EV). OV SSL certificates require the certificate authority (CA) to verify the organization's legal and operational existence before issuing the certificate.


    To obtain an OV SSL certificate, the organization must provide the CA with several pieces of documentation that demonstrate its legal and operational existence. These documents typically include business registration information, tax documents, and proof of physical address. The CA will verify this information before issuing the certificate, which can take anywhere from a few days to a few weeks.


    Once the OV SSL certificate is issued, it will display the organization's name and location in the certificate details. This provides website visitors with additional assurance that they are communicating with a legitimate organization and not an imposter. OV SSL certificates are generally suitable for organizations that need a higher level of trust and security than DV SSL certificates can provide, but don't necessarily require the extended validation process of an EV SSL certificate.

  • Domain Validation for SSL CertificateOpen or Close

    Domain Validation (DV) is the most basic and simplest level of SSL (Secure Sockets Layer) certificate validation. When an entity (such as an individual, organization, or business) requests a Domain Validated SSL certificate, the Certificate Authority (CA) verifies only the domain ownership. The purpose is to confirm that the entity applying for the SSL certificate has control over the domain for which the certificate is being issued.


    The domain validation process typically includes one or more of the following methods:


    1. **Email Verification:** The CA sends an approval email to specific email addresses associated with the domain, such as admin@example.com or webmaster@example.com. The certificate requester must respond to this email or follow the provided instructions to confirm ownership.


    2. **File-based Authentication:** The certificate requester uploads a specific file to their website server, as instructed by the CA. The presence of the file demonstrates control and ownership of the domain.


    3. **DNS Record Verification:** The requester creates a specific DNS record in the domain's DNS settings. This method requires access to the domain's DNS settings to add the record provided by the CA.


    Once the requested method of validation is successfully completed, the CA issues a Domain Validated SSL certificate. This certificate provides encryption for the website, ensuring that data transmitted between the site and its visitors is secure. However, it does not verify any organizational details or information beyond confirming domain ownership.


    Domain Validated SSL certificates are quick to obtain, often issued within minutes, making them a convenient and cost-effective choice for personal websites, blogs, or small-scale projects where a higher level of verification might not be necessary.