SSL FAQs

          A Domain Validated (DV) SSL certificate is a quick and easy way to secure a domain. The Certificate Authority (CA) issue the certificate only by verification that the recipient actually owns the domain they wish to cover, and because of that this type of SSL Certificate is NOT recommended for websites that visitors have high important information like usernames, password or credit card information.

          An Organization Validated (OV) SSL certificate is for domain owned by company or organization, as the Certificate Authority verify the existence of the organization before issuing certificate. These certificates typically take between 5-7 days to be issued, depend on the verification’s step. The visitor can be acknowledge that the website they make a transaction with is owned by which organization.

          An Extended Validation (EV) SSL Certificate is the most premium type of SSL certificate. These certificates are identified on websites mainly by the green address bar, the most universally recognized symbol of trust on the web. EV certificates are becoming more and more commonplace in the industry, especially amongst ecommerce sites. These certificates require that a company complete a thorough vetting process before being issued. The verification will be more strict than OV and typically take between 5-10 days, depend on the verification’s step.

          The only way to get the green address bar on your website is with an Extended Validation (EV) certificate, and make sure that domain name is owned by organization that can be verify from public information and still exist.

          Wildcard SSL certificates can cover one main domain name (www.domain.com) and an unlimited subdomains of the main domain name.

          Multi-domain or SAN (Secure Alternate Name) SSL certificates can cover multiple domain names on just one certificate. It can cover up to 250 domains, depend on the type of certificate you choose.

          Wildcard SSL certificates can cover with just one main domain (www.testing.com or testing.com) and an unlimited amount of subdomains (aaa.tesing.com, bbb.testing.com, ccc.testing.com, ect.). But Multi-domain (SAN) SSL certificates can cover multiple domains with one certificate, for example, www.testing.com, testing.net, mywebsite.com or aaa.testing.com, and cover up to 250 domains, depend on the type of certificate you choose.

          All types of SSL Certificate can be ordered or renewed 2 years in maximum.

          First thing you have to do to get SSL Certificate no matter what type is by sending us your CSR (Certificate Signing Request) of domain name you wish to cover. You can ask for your server Provider to generate it for you. In case your domain name works on our server, we can do it for you all steps.

          There is no need for any documentation in order to purchase Domain Validation (DV) Certificate. Unless you give us your CSR, you need to have one specific email to confirm that you own the domain you wish to cover.

      The Certificate Authorities (CAs) specify one of below email that you can use to confirm the ownership.

•    admin@domain name you wish to cover
•    administrator@domain name you wish to cover
•    webmaster@domain name you wish to cover
•    hostmaster@domain name you wish to cover
•    postmaster@domain name you wish to cover

          The Certificate Authority (CA) will require checking your business registration for Organization Validation (OV) Certificate. If they can verify your company information using online government database, no additional documents will be required. However, if the online filings are not available or inaccurate or not up to date, the CA may request additional official government registration documents, or using Professional Opinion Letter (POL) signed by lawyer to approve your company. It’s vary on case by case.

          Extended Validation (EV) Certificate require a more stringent verification process than OV certificates and require you to complete a few extra steps, but most likely, the procedure is the same with OV certificate.

          Besides that you give us the CSR of main domain name you wish to cover, you should inform us the rest of domain name you wish to share with main certificate. You can change domain name or add more of it later, but the certificate will be re-issued.

          It will take no longer than 24 hours after approval email that has been sent directly from Certificate Authority. But for OV Certificate and EV Certificate it will take longer than 1 day because of organizaiton verification process, it may take 5-7 days depending on Certificate Authority.

          At first, check your backup information if you can install ‘private key’ again. If you don’t know how to do, you can contact your System Provider. Another option for you is re-generate CSR and then re-issue certificate with the new CSR to get new SSL Certificate.

          The easiest way is get CSR from your new server and send it to us to re-issue certificate and then you can install the certificate to your new server again.

          You can contact your system provider to do that. We recommend that you should generate CSR from the server that domain you wish to cover is pointed since there will be Private Key has been created together with the CSR, and the system will check that certificate you install is match with the Private Key or not.

          The private key is used on the server-side exchange for creating the secure connection. It should never be exposed to your SSL provider or outside users, unless specifically requested by your web host for installation. Please note if the private key is lost or deleted, you will have to make a new CSR and private key on your server. Your private key is not provided by the Certificate Authority (CA) or your SSL provider.

          All you need to do is generate a new CSR because it’s impossible to edit any field once the CSR has been created. You can generate a new CSR how many times you want.

          First, check your certificate license if it allowed for unlimited server. If it’s not, you have to make an order new certificate for the orther server. But if it does, you can generate CSR and private key from Server #2 or Server #3 and use that CSR to re-issue the active certificate.

          The previous certificate is still active until you replace it with the new certificate. In case you use re-issued certificate with another server, the one that use with current server is still active.

          You can add additional domains to an active certificate by reissuing it. (You can use your old CSR.)

          The issue is most likely solved by installing the intermediate certificates. Some system will automatically install Intermediate Certificates along with the certificate installation in your server, but some system need to install Intermediate Certificates manually.

      Below are the links that you can use to download your intermediate certificate from the vendor website:

•    https://knowledge.digicert.com/generalinformation/INFO4331.html
•    https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=AR1421
•    https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=AR1384
•     https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=AR1548
•     https://support.comodo.com/index.php?/Default/Knowledgebase/List/Index/108/sha-2

          There are several reasons why this could be occurring or a combination of several, the most common reasons are:
                   – There are HTTP elements on your site being explicitly linked by http. This would need to be fixed by eliminate insecure content and turn it to be secure content, such as change HTTP in you site to HTTPS.
                   – Missing or invalid Intermediate Certificate.
                   – Incorrect SSL Certificate is installed on your website, or certificate is expired.

          A renewal is basically the same as buying the brand new certificate. You can use the same CSR or generate the new one if you want. Certificate can be renewed 60 days in advance before expiration date.

          You don’t need to generate new CSR to renew certificate. But if want to change some information (except common name), you can create new one and send it us to renew certificate with the new CSR.

          The verfication’s step is the same as buying the new certificate, so you have to make sure that your organization information is up to date.