SSL Support

Get all the help you need from our friendly SSL experts.

Frequently Asked Questions (FAQs)

General FAQs

SSL, which stands for Secure Sockets Layer, is a security protocol that authenticates internet websites and encrypts the connection, protecting the data from cybercriminals. It benefits customers and site visitors of websites who use credit cards for online transactions or give out other personal details. SSL/TLS certificates encrypt the data and ensure that all information exchanged between your browser and the website server stays private and protected. It is now being used by millions of websites to gain the trust of their customers and to ward off cybercrime.

When a customer visits a website that is secured by an SSL certificate, they’re using an encrypted connection that validates the authenticity of the website to its visitors.

  • Web browsers, while connecting with the server of a website that is secured using an SSL/TLS certificate, sends a request for identification information.
  • The server then responds by sending a copy of the SSL/TLS certificate.
  • Once the browser receives it, it then begins the process of verification and upon doing so, sends a message to the server.
  • The web server then sends an acceptance via digitally signed authentication to start the SSL encryption sessions.
  • Finally, access is granted to share encrypted data between the web server and the browser.

There are essentially 3 major types of SSL certificates:

  • Domain Validation SSL certificate.
  • Organizational Validation SSL certificate.
  • Extended Validation SSL certificate.

A wildcard certificate essentially works on securing an unlimited number of subdomains at a specific level.

A multi-domain certificate is a type of SSL/TLS certificate that secures the primary domain and covers other domain names under one certificate.

Google has been pushing for mandatory SSL certificates for a while now and all browsers from Google and Mozilla have mandated the use of SSL. It is done to encrypt exchanges and secure sensitive data sent over the wire. SSL’s growing popularity is because it provides customers and website owners with authentication, trust, and it’s also required to comply with certain regulatory standards such as PCI compliance.

SSL/TLS certificates provide up to 256-bit symmetric encryption with a 2048-bit RSA signature key.

If you own a website, be it an e-commerce site that handles sensitive data or an individual blog, it is now mandatory to have an SSL/TLS certificate installed.

  • SSL certificates secure client-server transactions by encrypting all personal information like credit card numbers, account credentials, etc.
  • It validates the website’s identity and authenticates it to customers. It is a way to communicate your trustworthiness to your customers.
  • For online businesses that handle payments, installing a digital certificate from a trusted third-party is one of the PCI/DSS requirements.
  • It generates trust in site visitors and also increases the brand value by taking the customer’s data privacy on priority.
  • Once installed and configured correctly on the webserver, it removes the “not secure” alert for your website.

Google has been pushing for mandatory SSL certificates for a while now and all browsers from Google and Mozilla have mandated the use of SSL. It is done to encrypt exchanges and secure sensitive data sent over the wire. SSL’s growing popularity is because it provides customers and website owners with authentication, trust, and it’s also required to comply with certain regulatory standards such as PCI compliance.


CSR Questions:

CSR or certificate signing request is an encoded file that has to be generated, filled, and submitted to the certificate authority who’s issuing your certificate. It contains all the information such as common name, identification information, location information, etc.  

You can generate a CSR using CSR generator tools but since the process varies slightly depending on the server being used, it is recommended to take a look at the CSR generation process for your specific server environment.

A private key is used for the successful execution of SSL/TLS communication and is stored securely on the server (typically the one using which the CSR is generated) or on external hardware devices. You should not be sharing the private key since a compromised SSL private key nullifies the benefits of a digital certificate and a new one will need to be issued.

To check the information on your CSR, you can use the CSR decoder tool and simply fill out your CSR information and click on check. All relevant information will be presented to you.

It may be that you have not filled one or more fields on the CSR. Also, you could have a password that does not have alphanumeric characters.

This error occurs due to an incorrect format for your certificate or if you have entered invalid characters in other required fields. You need to then generate a new CSR only using English alphabets and alphanumeric characters. Note that special characters are not allowed.


Certificate Installation queries

As the purchase of your certificate is completed, you’ll need to fill out and submit a CSR (certificate signing request). Depending on your certificate validation level,  your CA will verify the information provide and issue your certificate. It is typically shared on the registered email id. On receiving the certificate, you can install and configure it on your server. You can refer to installation documentation for specific servers or reach out to our customer support to help you with this process.

The installation process may vary for an SSL certificate for different types of web servers and devices. SSL certificate installation guidelines are given in the support pages as per your server name. Following the steps in the mentioned guidelines will help you install the SSL certificate in your system correctly. You can also contact our support team to assist you in configuring the SSL certificate on your server.

After the certificate is properly installed on your first server, it can be exported to your backup files and then imported to your other available servers. The additional step with wildcard certificates is uploading the private key when installing the certificate on each server. For more information please check the support page for wildcard SSL installation guidelines.

There can be several reasons for SSL certificate errors but one of the primary reasons could be an issue with the chain of trust. Essentially, if an intermediate certificate was not installed properly and the client browser is unable to trace back to the root certificate, you’ll see this error. To resolve this issue, you need to install the intermediate certificate or the CA bundle shared along with your certificate correctly.


Queries on Renewal of certificates:

The renewal process is similar to the process followed while purchasing a new certificate. While renewing, you have to purchase, generate, validate, and install the renewed SSL certificate.

Once you begin to renew your certificate, you can use the original CSR but it is to be noted that it will have the same private key as earlier. Therefore, it is highly recommended that a new CSR be generated during the renewal of your certificate.

After completing the renewing process for your certificate and installing it, if it still shows the older certificate then perhaps you need to reconfigure the renewed certificate on your server. To resolve this error you need to restart the webserver and also delete and remove any older or previous certificate. 


Queries on Certificate Management:

If you have entered the wrong common name, it is not possible to modify that record. The certificate needs to be canceled and reissued, and you’ll also need to generate a new CSR.

If your website is not displaying the sit lock properly or displaying wrong information, contact the CA or your SSL provider and inform them about the issue.

If your private key gets deleted, then a new certificate with a new CSR has to be generated on your server.

To convert the format of the SSL certificate, you can use a free SSL converter tool. 

If you intend to switch servers you can easily move your SSL certificate to the server of your choice. You will need to export your certificate and private key to a .pfx file (or another format, depending on your server) and import them onto the new server.


Queries on code signing

A code signing certificate is a digital signature placed on applications to assure end-users that the program has not been corrupted or altered in any form. Code signing certificates are like digital safe-keepers for documents, applications, or scripts, aiding in the safe and secure distribution of code over the internet.

After successful completion of the validation process, the CA will send the certificate to the registered email address.

Code signing certificates are available for platforms like –

  • Windows 8
  • Any Microsoft format (32 and 64 bit), EXE, OCX, MSI, CAB, DLL, and kernel software
  • Adobe AIR applications
  • JAVA applets
  • Mozilla Object files
  • MS Office Macro or VBA (Visual Basic for Applications) files
  • Apple Mac software for MacOS 9 and OSX
  • Microsoft Silverlight applications or XAF files

It typically takes 3-4 business days for a CA to issue the code signing certificate after the verification process and completing due diligence.


Buying SSL for first time?

NEW TO SSL. Quick. Easy to Understand. Learn SSL