SSL (Secure socket layer) is a standard security technology that provides secure communications between a web server and a browser. SSL uses a combination of public key and private key encryption to protect sensitive information like credit card numbers, login credentials, email addresses, etc. Furthermore, HTTPS, padlock and green address bar ensure users for a safe website browsing and online transactions.
Domain Validated (DV) SSL Certificates deliver the easiest & quickest solution to secure a domain since only the domain name is verified during the validation process. Anyone who can demonstrate control of a registered domain can get this SSL security within minutes of ordering. DV certificates are suitable for small or start-up businesses.
To receive an Organization Validated (OV) SSL certificate the customer must demonstrate control of a registered domain and provide certain pieces of company information that vendor can verify using third-party sources. The OV certificate is a good solution for business sites to increase user trust as the certificate certifies and displays company information to prove ownership of the website.
An Extended Validation (EV) certificate provides great assurance to customers by providing the Green Bar within the browser URL window, which is a global symbol of trust. Extended Validation (EV) SSL certificates provide a secure connection and provide visible proof to establish business identity validation.
An Extended Validation (EV) SSL Certificate is only the certificate that provides the Green Bar.
To have an EV SSL Certificate you must demonstrate that your business is an official company registered with a government authority. You cannot qualify for any EV SSL Certificate if you are a Sole Proprietor.
Most of our SSL Certificates offer www and non-www coverage automatically, except for specialty certificates such as multi-domain (SAN) certificates.
A Wildcard SSL Certificate secures a single main domain (domain.com) and an unlimited number of subdomains (mail.domain.com, blog.domain.com, login.domain.com etc.) A wildcard SSL certificate is annotated with an asterisk, as in *.domain.com.
Multi Domain or SAN (Subject Alternative Names) certificates protects multiple domain names with a single certificate (domain.com, example.net, website.org etc).
A wildcard SSL certificate secures a single domain (domain.com) and an unlimited number of sub-domains at a specific level. A multi-domain (SAN) certificate protects multiple domain names (domain.com, newdomain.org, otherdomain.com) under one certificate.
A multi-domain wildcard SSL certificate combines the features of a wildcard SSL certificate and a multi-domain certificate into one. It is designed to secure unlimited subdomains under multiple domains. During generation, the Common Name has to be a regular domain (www.domain.com) and the SAN fields can be your wildcard entries.
256-bit encryption (SHA-2) is available for all SSL certificates sold by TechBeam.
1024 and 2048 bit key size or key length refers to the strength of the private key used in a cryptographic algorithm. 2048-bit keys are more secure than 1024-bit key size. 2048 keys are based on new latest industry standard.
SHA stands for Signature Hashing Algorithm which is used by the Certificate Authority to sign a certificate. SHA-1 is an older version of the algorithm and produce a 160-bit (20-byte) hash value. SHA-2 is the current hashing algorithm standard.
Certificate Authority (CA) is an entity that is authorized to issue and manage digital certificates.We are resellers of major CAs such as Comodo, Symantec, Godaddy&DigiCert. We buy SSL Certificates in bulk which helps to keep our prices low.
SSL Certificate Warranty provides protection if your SSL is misused, hacked or met to a data breach due to flaws in the certificate. CAs offers different types of SSL with different warranty like $10,000, $25,000, $100,000, $1,750,000 etc.
Browser recognition or browser ubiquity refers how many web browsers recognize an SSL Certificate and display SSL or trust indications properly. Higher browser ubiquity means higher browser recognition.
Our SSL Certificates are offered from 1-3 years, depending on which certificate is ordered.
An Intermediate Certificate is a CA Certificate that completes the chain between an SSL certificate and the trusted root in the web browser.
The appropriate intermediate certificate is emailed with your SSL Certificate.
Internal domains can be secured through SSL but it must be an official registered domain (a publicly available FQDN). SSL certificates will not be issued for internal domains if it is not a registered or delegated domain.
The main difference is the key length after establishing an SSL connection in the browser. But practical purpose, 128 bit security is enough to ensure security. The only reason 256-bit security is needed is if it’s specifically required by your industry or company policy.
A Unified Communications Certificate (UCC) is exclusively developed to protect MS Exchange Server 2007, Office Communications Server 2007, and Live Communications Server 2005. A single UCC SSL enables you to secure communication for multiple domains and host names on a single IP address. The certificate is best suitable to protect both internal network names as well as external domain names.
A private key is essential for your SSL certificate to work and it must remain private to avoid any man-in-the-middle-attacks. Only your hosting company can see the private key to install SSL on the server.
To know about your control panel or server OS, just contact to your web hosting provider or your IT support department.
Domain Validated (DV) SSL Certificate does not require any documents; you can have this certificate by simply proving your ownership of the domain.
The Organization validation SSL Certificate requires true identity of the business. So, you need to provide all accurate documents related to your company. Before asking any documents from you, Certificate Authority (CA) verify the organization through online government database. In case of inaccurate, incomplete, out of date business information, CA may request additional official government registration documents, which vary on a case-by-case basis.
Extended Validation (EV) SSL Certificate require strict verification. This certificate requires additional steps to have this certificate; you have to provide true organization verification, domain authentication, operational as well as the physical presence of the website owner for a simple telephone call by the Certificate Authority to complete the process.
There are two different types of Code signing available, code signing for individual or for an organization. You can have a code signing certificate by fulfilling all requirements of OV certificate. But, if you want to get a code signing for an individual, you need to complete a simple form to verify your identity. This form has to be notarized by a lawyer, CPA, or public notary, a scan of a government issued ID and you may also ask to provide additional documents by the Certificate Authority as need.
There may be few reasons behind not receiving the Domain Control Validation (DCV). Check your order to make sure you entered the correct email address, without any typos. Also, check your spam or junk mail folders for the DCV email. You can request a change to your DCV email address; you can choose the registrant email address contained in the domain’s who.is registration or one of the following file authorized alias email addresses at your domain:
Admin@domain.com, Administrator@domain.com, Hostmaster@domain.com, Postmaster@domain.com, Webmaster@domain.com
In case you missed the phone verification call and want to reschedule, just contact TechBeam via phone or e-mail and tell us your availability. Make sure that the phone number you have provided is verified by the Certificate Authority.
It depends on the type of certificate and the validation process of the Certificate Authority. Domain Validated (DV) Certificate can take a few minutes to a business day, Organization Validated (OV) Certificate can be issued within 2-3 days to be issued and Extended Validation (EV) Certificate usually take around 3-5 business days to be issued.
Yes, you can use the registrant email address listed in the WHO.IS record for DV, OV and EV certificates.
You can re-install your ‘Private Key’ using your backup with the help of your system administrator. In case you don’t have a backup, contact your web server software vendor for technical support. The last alternative is re-issuance of the certificate following the re-submitting of a replacement CSR.
It’s easy, just create a new CSR on the new machine and have the certificate re-issued.
A Certificate Signing Request (CSR) is an encoded file that is generated on the server for all SSL Certificates. The CSR file includes information that identifies your organization and domain name.
You can generate a CSR through your web server software. For more information please see our Knowledgebase.
You can’t modify CSR once it’s created. If you found anything incorrect information in your CSR than you have only one option that is to generate a new CSR with the correct details
Confirm that you have copied the correct file along with the complete header and footer lines to include all the hyphens, and be sure it is not your previous SSL or self-signed certificate or if it is bundled as a PKCS7 or PKCS12. Or, you could have a password that does not have alphanumeric characters or disallowed characters. If this is the case, you will require to generate a new CSR without the disallowed characters in the password. Keep in mind to use the English alphabet and numbers 0-9 but no special characters.
You may see a CSR invalid error during the certificate activation process due to incorrect format for your certificate and also may be using disallowed characters in the other filed. In this case, you need to generate a new CSR using only the English alphabet and numbers 0-9 and do not use any special characters.
A private key is important for SSL installation and it should be kept privately on your server. You should not expose it to your SSL provider or other users. Sometimes your web hosting company may ask for your private key to create an SSL secure connection, then you may share it with the only web host. In case, if you lost or deleted your Private Key, then you must generate a new CSR on your server because any Certificate Authority or SSL Provider doesn’t provide private key.
You can move your SSL certificate to a different server, you need your private key on the active certificate. But, if you don’t have your private key then you will have to reissue the certificate with new CSR.
You can’t use an SSL Certificate without a static IP address. You can obtain it from your webserver or you may need to purchase one from your web host if you own/operate your webserver.
There may be several reasons behind not showing the green bar or green padlock, check out the most common reason below –
- The issued certificate may be with the SHA-1 hash algorithm. And now browsers trust on the SHA-2 so you need to reissue the certificate with the SHA-2 hash algorithm.
- If your HTML elements of the site are linked with http then it may be seen as insecure content and need to update via your system administrator.
- Your certificate is issued from an intermediate file and if missing or invalid is, then the green padlock may not show. Make sure that you have installed this alongside your certificate on your server.
- In case of incorrect certificate. If you installed an old expired certificate or a certificate provided by your hosting company or a self-signed certificate on the site. You will need to identify the source of the incorrect certificate and contact that party to resolve the issue.
The common reason is if the intermediate certificate were never installed. Just install the intermediate certificate to resolve the issue.
If you installed a certificate successfully and want to the status of the certificate is has been installed correctly and work properly, just use the SSL checker tool provided in our knowledgebase.
When you renew a certificate, you can use original CSR but this CSR uses the same exact private key which may be a drawback of security. So, we highly recommend to generate a new CSR to renew a certificate.
It depends of the type of certificate. Usually, Certificate Authority may use your previous documents to renew process for some certificate, but in case if any information of the organization has changed then you need to submit your new documents again. In case of an EV SSL order, you are required to complete full business validation again if the certificate validated more than 13 months. For OV SSL, you can reuse the previous information up to 39 months from the original order.
If you have completed a renewal process and installed, but sill displaying the old certificate, then the issue may be with the configuration. To resolve this issue, just restart your webserver (http server) also to uninstall/delete the incorrect/old certificate(s).
Code signing certificate is a digitally signed certificate that used to prove that the code has not been altered or corrupted since it was signed by the author. You can sign many different types of codes including .exe, .cab, .dll, .ocx, and .xpi files.
If you want to use in-browser control provided by the Certificate Authority, you must use Firefox as the default browser in order to generate a code signing certificate. The browser is essential because if the browser is not used properly, then you may receive an error message. If you use Firefox as default browser than you will be able to automatically generate the CSR and store the private key within Firefox’s file system and this will be due to in-browser controls. This unique private key will automatically be pulled by the corresponding certificate during the installation/download process.
As you finish the validation process, the CA will send a ‘collection’ or ‘pick-up’ link to the verified email address. Follow the link and download the certificate using the same computer and the same Firefox browser which generated the order. Firefox will pull the previous stored private key automatically and install the code signing certificate. Export the code signing certificate and private key from the browser into a PFX (.p12) file when the downloading has finished.
You may face trouble to download the code signing certificate and this may happen due to several different reasons. First, if Firefox is not default browser or if you are not using browser properly, then you will receive an error message. Second, if you are not using the same PC which generated the order, in this case if you use a different PC than the corresponding private key will be missed and you will not able to download code signing certificate.
Export your code signing certificate by following simple steps given below, but keep in the mind that the certificate can be generated and export from Firefox browser –
- Click the “Open” menu.
- Go to ‘Options’
- Click on “Advanced” or “Encryption”
- Select “View Certificates” under the certificate tab
- Under Your Certificates, click your certificate name
- Once highlighted, select “back up all” and enter in your passphrase
The most common platforms are Microsoft, JAVA, Adobe, etc… The platform is used by developers to sign their applications using specific tools. Each platform is different, so please reference official instructions for your particular platform.
You can use following platforms to sign –
- Windows 8
- Any Microsoft format (32 and 64 bit), EXE, OCX, MSI, CAB, DLL, and kernel software
- Adobe AIR applications
- JAVA applets
- Mozilla Object files
- MS Office Macro or VBA (Visual Basic for Applications) files
- Apple Mac software for MacOS 9 and OSX
- Microsoft Silverlight applications or XAF files