What is SSL?

SSL (Secure socket layer) is a standard security technology that provides secure communications between a web server and a browser. SSL uses a combination of public key and private key encryption to protect sensitive information like credit card numbers, login credentials, email addresses, etc. Furthermore, HTTPS, padlock and green address bar ensure users for a safe website browsing and online transactions.

What is a Domain Validated (DV) SSL Certificate?

Domain Validated (DV) SSL Certificates deliver the easiest & quickest solution to secure a domain since only the domain name is verified during the validation process. Anyone who can demonstrate control of a registered domain can get this SSL security within minutes of ordering. DV certificates are suitable for small or start-up businesses.

What is an Organization Validated (OV) SSL Certificate?

To receive an Organization Validated (OV) SSL certificate the customer must demonstrate control of a registered domain and provide certain pieces of company information that vendor can verify using third-party sources. The OV certificate is a good solution for business sites to increase user trust as the certificate certifies and displays company information to prove ownership of the website.

What is an Extended Validation (EV) SSL Certificate?

An Extended Validation (EV) certificate provides great assurance to customers by providing the Green Bar within the browser URL window, which is a global symbol of trust. Extended Validation (EV) SSL certificates provide a secure connection and provide visible proof to establish business identity validation.

How can I get the Green Bar for my website?

An Extended Validation (EV) SSL Certificate is only the certificate that provides the Green Bar.

Can I qualify for an EV certificate?

To have an EV SSL Certificate you must demonstrate that your business is an official company registered with a government authority. You cannot qualify for any EV SSL Certificate if you are a Sole Proprietor.

What certificates offer www and non-www coverage?

Most of our SSL Certificates offer www and non-www coverage automatically, except for specialty certificates such as multi-domain (SAN) certificates.

What is a Wildcard SSL certificate?

A Wildcard SSL Certificate secures a single main domain (domain.com) and an unlimited number of subdomains (mail.domain.com, blog.domain.com, login.domain.com etc.) A wildcard SSL certificate is annotated with an asterisk, as in *.domain.com.

What is a Multi-domain or SAN certificate?

Multi Domain or SAN (Subject Alternative Names) certificates protects multiple domain names with a single certificate (domain.com, example.net, website.org etc).

What is the difference between Wildcard and SAN/Multi-Domain functionality?

A wildcard SSL certificate secures a single domain (domain.com) and an unlimited number of sub-domains at a specific level. A multi-domain (SAN) certificate protects multiple domain names (domain.com, newdomain.org, otherdomain.com) under one certificate.

What is a Multi-Domain Wildcard SSL Certificate?

A multi-domain wildcard SSL certificate combines the features of a wildcard SSL certificate and a multi-domain certificate into one. It is designed to secure unlimited subdomains under multiple domains. During generation, the Common Name has to be a regular domain (www.domain.com) and the SAN fields can be your wildcard entries.

How can I use 256-bit encryption?

256-bit encryption (SHA-2) is available for all SSL certificates sold by TechBeam.

What is the difference between 1024- and 2048-bit key lengths?

1024 and 2048 bit key size or key length refers to the strength of the private key used in a cryptographic algorithm. 2048-bit keys are more secure than 1024-bit key size. 2048 keys are based on new latest industry standard.

What is the difference between SHA-1 and SHA-2?

SHA stands for Signature Hashing Algorithm which is used by the Certificate Authority to sign a certificate. SHA-1 is an older version of the algorithm and produce a 160-bit (20-byte) hash value. SHA-2 is the current hashing algorithm standard.

What is a Certificate Authority and what is your relationship to them?

Certificate Authority (CA) is an entity that is authorized to issue and manage digital certificates.We are resellers of major CAs such as Comodo, Symantec, Godaddy&DigiCert. We buy SSL Certificates in bulk which helps to keep our prices low.

What is the SSL certificate warranty?

SSL Certificate Warranty provides protection if your SSL is misused, hacked or met to a data breach due to flaws in the certificate. CAs offers different types of SSL with different warranty like $10,000, $25,000, $100,000, $1,750,000 etc.

What is browser ubiquity or browser recognition?

Browser recognition or browser ubiquity refers how many web browsers recognize an SSL Certificate and display SSL or trust indications properly. Higher browser ubiquity means higher browser recognition.

How long are your SSL certificates valid for?

Our SSL Certificates are offered from 1-3 years, depending on which certificate is ordered.

What is an Intermediate certificate?

An Intermediate Certificate is a CA Certificate that completes the chain between an SSL certificate and the trusted root in the web browser.

Where do I get my Intermediate certificate?

The appropriate intermediate certificate is emailed with your SSL Certificate.

Can I use SSL to cover an internal domain?

Internal domains can be secured through SSL but it must be an official registered domain (a publicly available FQDN). SSL certificates will not be issued for internal domains if it is not a registered or delegated domain.

What is the difference between 128- and 256-bit security?

The main difference is the key length after establishing an SSL connection in the browser. But practical purpose, 128 bit security is enough to ensure security. The only reason 256-bit security is needed is if it’s specifically required by your industry or company policy.

What is a UC Certificate (UCC)?

A Unified Communications Certificate (UCC) is exclusively developed to protect MS Exchange Server 2007, Office Communications Server 2007, and Live Communications Server 2005. A single UCC SSL enables you to secure communication for multiple domains and host names on a single IP address. The certificate is best suitable to protect both internal network names as well as external domain names.

What should I do with my private key?

A private key is essential for your SSL certificate to work and it must remain private to avoid any man-in-the-middle-attacks. Only your hosting company can see the private key to install SSL on the server.

How do I know what my Control Panel/Server OS is?

To know about your control panel or server OS, just contact to your web hosting provider or your IT support department.

If I buy a Domain Validated (DV) SSL Certificate, which document(s) do I need to provide?

Domain Validated (DV) SSL Certificate does not require any documents; you can have this certificate by simply proving your ownership of the domain.

If I buy an Organization Validated (OV) SSL Certificate, which document(s) do I need to provide?

The Organization validation SSL Certificate requires true identity of the business. So, you need to provide all accurate documents related to your company. Before asking any documents from you, Certificate Authority (CA) verify the organization through online government database. In case of inaccurate, incomplete, out of date business information, CA may request additional official government registration documents, which vary on a case-by-case basis.

If I buy an Extended Validation (EV) SSL Certificate, which document(s) do I need to provide?

Extended Validation (EV) SSL Certificate require strict verification. This certificate requires additional steps to have this certificate; you have to provide true organization verification, domain authentication, operational as well as the physical presence of the website owner for a simple telephone call by the Certificate Authority to complete the process.

If I buy a Code Signing Certificate, which document(s) do I need to provide?

There are two different types of Code signing available, code signing for individual or for an organization. You can have a code signing certificate by fulfilling all requirements of OV certificate. But, if you want to get a code signing for an individual, you need to complete a simple form to verify your identity. This form has to be notarized by a lawyer, CPA, or public notary, a scan of a government issued ID and you may also ask to provide additional documents by the Certificate Authority as need.

I haven't received my Domain Control Validation email (DCV) yet. What should I do?

There may be few reasons behind not receiving the Domain Control Validation (DCV). Check your order to make sure you entered the correct email address, without any typos. Also, check your spam or junk mail folders for the DCV email. You can request a change to your DCV email address; you can choose the registrant email address contained in the domain’s who.is registration or one of the following file authorized alias email addresses at your domain:

Admin@domain.com, Administrator@domain.com, Hostmaster@domain.com, Postmaster@domain.com, Webmaster@domain.com

How can I reschedule the phone verification call?

In case you missed the phone verification call and want to reschedule, just contact TechBeam via phone or e-mail and tell us your availability. Make sure that the phone number you have provided is verified by the Certificate Authority.

How long will validation take?

It depends on the type of certificate and the validation process of the Certificate Authority. Domain Validated (DV) Certificate can take a few minutes to a business day, Organization Validated (OV) Certificate can be issued within 2-3 days to be issued and Extended Validation (EV) Certificate usually take around 3-5 business days to be issued.

Can I use the email address listed in the WHO.IS record to complete Domain Control Verification (DCV)?

Yes, you can use the registrant email address listed in the WHO.IS record for DV, OV and EV certificates.

I have accidentally deleted my "private key" what can I do now?

You can re-install your ‘Private Key’ using your backup with the help of your system administrator. In case you don’t have a backup, contact your web server software vendor for technical support. The last alternative is re-issuance of the certificate following the re-submitting of a replacement CSR.

I have changed my server, or moved to a different provider; how do I move the certificate?

It’s easy, just create a new CSR on the new machine and have the certificate re-issued.

What is a CSR?

A Certificate Signing Request (CSR) is an encoded file that is generated on the server for all SSL Certificates. The CSR file includes information that identifies your organization and domain name.

How do I generate a CSR?

You can generate a CSR through your web server software. For more information please see our Knowledgebase.

I have noticed something incorrect in my CSR. What should I do?

You can’t modify CSR once it’s created. If you found anything incorrect information in your CSR than you have only one option that is to generate a new CSR with the correct details

The CSR cannot be decoded. What does that mean and what should I do?

Confirm that you have copied the correct file along with the complete header and footer lines to include all the hyphens, and be sure it is not your previous SSL or self-signed certificate or if it is bundled as a PKCS7 or PKCS12. Or, you could have a password that does not have alphanumeric characters or disallowed characters. If this is the case, you will require to generate a new CSR without the disallowed characters in the password. Keep in mind to use the English alphabet and numbers 0-9 but no special characters.

What should I do if I receive a 'CSR invalid' error during the certificate activation process?

You may see a CSR invalid error during the certificate activation process due to incorrect format for your certificate and also may be using disallowed characters in the other filed. In this case, you need to generate a new CSR using only the English alphabet and numbers 0-9 and do not use any special characters.

What is a private key used for?

A private key is important for SSL installation and it should be kept privately on your server. You should not expose it to your SSL provider or other users. Sometimes your web hosting company may ask for your private key to create an SSL secure connection, then you may share it with the only web host. In case, if you lost or deleted your Private Key, then you must generate a new CSR on your server because any Certificate Authority or SSL Provider doesn’t provide private key.

I have changed my server, or moved to a different provider; how do I move my SSL certificate?

You can move your SSL certificate to a different server, you need your private key on the active certificate. But, if you don’t have your private key then you will have to reissue the certificate with new CSR.

Do I need a dedicated/static IP address to use an SSL certificate?

You can’t use an SSL Certificate without a static IP address. You can obtain it from your webserver or you may need to purchase one from your web host if you own/operate your webserver.

My browser is not showing the green padlock/green bar, why?

There may be several reasons behind not showing the green bar or green padlock, check out the most common reason below –

  1. The issued certificate may be with the SHA-1 hash algorithm. And now browsers trust on the SHA-2 so you need to reissue the certificate with the SHA-2 hash algorithm.
  2. If your HTML elements of the site are linked with http then it may be seen as insecure content and need to update via your system administrator.
  3. Your certificate is issued from an intermediate file and if missing or invalid is, then the green padlock may not show. Make sure that you have installed this alongside your certificate on your server.
  4. In case of incorrect certificate. If you installed an old expired certificate or a certificate provided by your hosting company or a self-signed certificate on the site. You will need to identify the source of the incorrect certificate and contact that party to resolve the issue.
Why does the website say the SSL certificate is 'Untrusted'?

The common reason is if the intermediate certificate were never installed. Just install the intermediate certificate to resolve the issue.

How can I check to see that my SSL certificate works properly and has been installed correctly?

If you installed a certificate successfully and want to the status of the certificate is has been installed correctly and work properly, just use the SSL checker tool provided in our knowledgebase.

Do I need to create a new CSR to renew my certificate?

When you renew a certificate, you can use original CSR but this CSR uses the same exact private key which may be a drawback of security. So, we highly recommend to generate a new CSR to renew a certificate.

Do I need to provide my business verification document again for renewing my OV/EV SSL certificate?

It depends of the type of certificate. Usually, Certificate Authority may use your previous documents to renew process for some certificate, but in case if any information of the organization has changed then you need to submit your new documents again. In case of an EV SSL order, you are required to complete full business validation again if the certificate validated more than 13 months. For OV SSL, you can reuse the previous information up to 39 months from the original order.

I purchased a renewal certificate, but my website still displays the old certificate. What should I do?

If you have completed a renewal process and installed, but sill displaying the old certificate, then the issue may be with the configuration. To resolve this issue, just restart your webserver (http server) also to uninstall/delete the incorrect/old certificate(s).

Code Signing

What is a Code Signing Certificate?

Code signing certificate is a digitally signed certificate that used to prove that the code has not been altered or corrupted since it was signed by the author. You can sign many different types of codes including .exe, .cab, .dll, .ocx, and .xpi files.

How do I generate a Code Signing certificate? Do I need a CSR?

If you want to use in-browser control provided by the Certificate Authority, you must use Firefox as the default browser in order to generate a code signing certificate. The browser is essential because if the browser is not used properly, then you may receive an error message. If you use Firefox as default browser than you will be able to automatically generate the CSR and store the private key within Firefox’s file system and this will be due to in-browser controls. This unique private key will automatically be pulled by the corresponding certificate during the installation/download process.

How do I download my code signing certificate?

As you finish the validation process, the CA will send a ‘collection’ or ‘pick-up’ link to the verified email address. Follow the link and download the certificate using the same computer and the same Firefox browser which generated the order. Firefox will pull the previous stored private key automatically and install the code signing certificate. Export the code signing certificate and private key from the browser into a PFX (.p12) file when the downloading has finished.

Why can't I download my code signing certificate?

You may face trouble to download the code signing certificate and this may happen due to several different reasons. First, if Firefox is not default browser or if you are not using browser properly, then you will receive an error message. Second, if you are not using the same PC which generated the order, in this case if you use a different PC than the corresponding private key will be missed and you will not able to download code signing certificate.

How do I export my certificate from my browser?

Export your code signing certificate by following simple steps given below, but keep in the mind that the certificate can be generated and export from Firefox browser –

  1. Click the “Open” menu.
  2. Go to ‘Options’
  3. Click on “Advanced” or “Encryption”
  4. Select “View Certificates” under the certificate tab
  5. Under Your Certificates, click your certificate name
  6. Once highlighted, select “back up all” and enter in your passphrase
How do I use my platform's signing tool?

The most common platforms are Microsoft, JAVA, Adobe, etc… The platform is used by developers to sign their applications using specific tools. Each platform is different, so please reference official instructions for your particular platform.

What platforms can I sign for?

You can use following platforms to sign –

  1. Windows 8
  2. Any Microsoft format (32 and 64 bit), EXE, OCX, MSI, CAB, DLL, and kernel software
  3. Adobe AIR applications
  4. JAVA applets
  5. Mozilla Object files
  6. MS Office Macro or VBA (Visual Basic for Applications) files
  7. Apple Mac software for MacOS 9 and OSX
  8. Microsoft Silverlight applications or XAF files