Contact us at |support@ssldragon.com
FAQ

Are there any Wildcard EV SSL Certificates?

Unfortunately, there are no Wildcard EV SSL Certificates on the market. The Certificate Authorities refuse to issue EV Wildcard SSL Certificates because of the security reasons, so as they want to have complete control over the subdomains that they issue an EV SSL to. That is why, your only solution is to buy a Multi-Domain EV SSL Certificate that secures multiple domains and subdomains.

Brand Validation Reasons

 

In some cases, the CAs may require manual verification if your order fails any internal rules of Brand Validation. It takes around 24-48 hours to pass this manual check, and the CA will either issue or reject an order in such cases.

Here are the most common reasons why certificate authorities decide to do the brand validation for some orders:

1) Orders from some countries are reviewed manually more often than others, for example: South Korea, North Korea, Japan;
2) Restricted countries – Afghanistan (AF), Crimea (Russia), Cote d’Ivoire (CI), Cuba (CU), Eritrea (ER), Guinea (GN), Iraq (IQ), Iran (IR), Democratic People’s Republic of Korea (KP), Liberia (LR), Myanmar (MM), Rwanda (RW), Sudan (SD), Sierra Leone (SL), South Sudan (SS), Syrian Arab Republic (SY), Zimbabwe (ZW) – SSL are NOT issued for these countries;
3) The domain name includes a brand name, such as: facebook-app.com, sony-shop.net, dellshop.com, etc;
4) The domain name may have a hidden brand name. For example, your domain is “sibmama.com”, but the automated validation system may read it as “sIBMama” and flag the “IBM” brand. The certificate authority wants to check such orders manually;
5) The domain name has “stop words”, such as: pay, online, secure, booking, shop, bank, transfer, money, e-payment, payment, protection, violence, terrorists, and others. These words and many others are set as triggering words inside the validation system, and make the certificate authority review such orders manually;
6) Domain name is blacklisted OR has a bad reputation.
partner-order-id

What you can do to speed up the process?

Please contact Comodo/Sectigo and Thawte, RapidSSL, GeoTrust, Symantec directly via live chat and discuss the situation with the CA’s representative.

Please mention your “Partner Order ID” in your message.  You can find your “Partner Order ID” on the details page of your SSL Certificate inside your SSL Dragon account. See screenshot on the right.

Can I add 1st level and 2nd level sub-domains in the same Wildcard SSL Certificate?

The sub-domains that you can secure with one Wildcard SSL Certificate have to be either 1st level sub-domains (e.g.: *.example.com) or 2nd level sub-domains (*.mob.example.com). You cannot secure 1st and 2nd level sub-domains with one regular Wildcard SSL Certificate.

If you want to secure 1st level sub-domains and 2nd level sub-domains, you have to get a Multi-Domain Wildcard SSL Certificate, or 2 separate Wildcard SSL Certificates.

For example, a regular Wildcard SSL Certificate allows you to secure:

  1. One main domain name (example.com) and all its 1st level sub-domains (*.example.com):
    1. my.example.com
    2. test.example.com
    3. dev.example.com
    4. mail.example.com
    5. (etc)
  2. Or, one sub-domain (mob.example.com) and all 2nd level sub-domains (*.mob.example.com):
    1. my.mob.example.com
    2. test.mob.example.com
    3. dev.mob.example.com
    4. mail.mob.example.com
    5. (etc)

In order to secure one domain and all its sub-domains as shown in the first example, you have to include *.example.com as a common name (domain name) when creating a CSR (Certificate Signing Request). If you want to secure 2nd level sub-domains, then you have to enter *.mob.example.com as a common name (domain name) when creating a CSR (Certificate Signing Request).

Can I add another domain after the SSL Certificate has been activated?

The multi-domain certificate can be initially activated for the primary domain name.

If you wish to add more domains later, you need to reissue the certificate in your SSLDragon.com account, and add the SAN (additional domain) list in the SAN field, when reissuing.
due-date-2
due-date-2
If you need to add more domains than included by default, then please choose the Add/Change SANs option in order to pay for and activate the additional SANs.

Can I change the company that my SSL Certificate is issued to?

Yes, you can change the company name that your SSL Certificate is issued to. The procedure involves the reconfiguration and reissue of your SSL Certificate, and there are some additional steps if you have a Business Validation or Extended Validation Certificate.

Domain Validation SSL Certificates

You can reissue your SSL Certificate from your SSL Dragon account by following the next steps:
1) Log into your SSL Dragon account;
2) Go to Services -> My Services;
4) You will see the list of products which you bought from SSL Dragon. Click on the SSL Certificate which you would like to reissue;
5) Click on the “Reissue certificate” button on the left side (see the screenshot on the right);
6) Reconfigure your SSL Certificate. As a part of the reconfiguration, please create a new CSR code and enter the new company name, locality (city or town), state or province and country in it.
7) For Multi-Domain SSL – Don’t forget to include the SAN list in the SANs field;
8) After reconfiguring your SSL Certificate, you will have to pass the Domain Validation again.

For Domain Validation SSL Certificates, your SSL Certificate will be reissued for the new domain name after you pass the domain validation successfully.

Business Validation SSL Certificates

To change the company name in your Business Validation SSL Certificate, you have to go through the same reconfiguration and domain validation process as described under the “Domain Validation” section above. After that, you have to pass the entire Business Validation process again, so as the Certificate Authority needs to verify the legal existence of your new company, and your company’s phone number. You can read how to pass the Business Validation process at this link.

Your BV SSL Certificate will be reissued for the new company name after you pass the Business Validation process again.

Extended Validation SSL Certificates

To change the company name in your Extended Validation SSL Certificate, you have to go through the same reconfiguration and domain validation process as described under the “Domain Validation” section above. After that, you have to pass the entire Extended Validation process again, so as the Certificate Authority needs to verify the legal existence of your new company, and your company’s phone number. You can read how to pass the Extended Validation process at this link.

Your EV SSL Certificate will be reissued for the new company name after you pass the Extended Validation process again.

Can I change the domain in my SSL Certificate?

Yes, you can change the domain name that your SSL Certificate is issued to. The procedure involves the reconfiguration and reissue of your SSL Certificate, and there are some additional steps if you have a Business Validation or Extended Validation Certificate.

Domain Validation SSL Certificates

You can reissue your SSL Certificate from your SSL Dragon account by following the next steps:
1) Log into your SSL Dragon account;
2) Go to Services -> My Services;
4) You will see the list of products which you bought from SSL Dragon. Click on the SSL Certificate which you would like to reissue;
5) Click on the “Reissue certificate” button on the left side (see the screenshot on the right);
6) Reconfigure your SSL Certificate. As a part of the reconfiguration, please create a new CSR code and enter the new domain name in it.
7) For Multi-Domain SSL – Don’t forget to include the SAN list in the SANs field;
8) After reconfiguring your SSL Certificate, you will have to pass the Domain Validation again.

For Domain Validation SSL Certificates, your SSL Certificate will be reissued for the new domain name after you pass the domain validation successfully.

Business Validation SSL Certificates

To change the domain name in your Business Validation SSL Certificate, you have to go through the same reconfiguration and domain validation process as described under the “Domain Validation” section above. After that, you have to pass the entire Business Validation process again, so as the Certificate Authority needs to verify the legal existence of your domain name, company, and your company’s phone number. You can read how to pass the Business Validation process at this link.

Your BV SSL Certificate will be reissued for the new domain name after you pass the Business Validation process again.

Extended Validation SSL Certificates

To change the domain name in your Extended Validation SSL Certificate, you have to go through the same reconfiguration and domain validation process as described under the “Domain Validation” section above. After that, you have to pass the entire Extended Validation process again, so as the Certificate Authority needs to verify the legal existence of your domain name, company, and your company’s phone number. You can read how to pass the Extended Validation process at this link.

Your EV SSL Certificate will be reissued for the new domain name after you pass the Extended Validation process again.

Can I receive a refund for the unused domains on multi-domain certificate?

You can receive a refund ONLY for the additional domains (SANs) that you bought and NOT used.

If you have already activated the SAN (additional domain) for a particular domain name, then you cannot be refunded for that specific domain name.

Can I secure a domain name that has .local as an extension?

Unfortunately, domain names that end with .local are not supported from November 1st, 2015. If you request an SSL Certificate for a domain or sub-domain that has .local as an extension, your SSL Certificate will be rejected by the Certificate Authority.

If you want to secure a domain or sub-domain on your localhost, you can create a self-signed SSL Certificate. There is plenty of documentation online on how to do that.

Can I secure an IP address with an SSL Certificate?

Yes, you can secure an IP address with an SSL Certificate. However, only some specific SSL Certificates will allow you to do that. Here are those SSL Certificates:

– Comodo/Sectigo InstantSSL Premium
– GoGetSSL Public IP SAN

Please note that the Comodo/Sectigo InstantSSL Premium  is a Business Validation SSL Certificate, which means that you need to have a registered company in order to be issued this SSL certificate.

GeGetSSL Public IP SAN is a Domain Validation SSL Certificate which secures 2 IP addresses by default.

Can I secure multiple domains with a single certificate?

multi-domainYou can secure inexpensively and efficiently multiple domains and/or sub-domains with a Multi-Domain (SAN) SSL Certificate. Depending on the SSL Certificate brand and certificate product, the SAN cert will include a different number of additional domains at the price quoted on the SSL Certificate’s details page (see screenshot on the right).

You can find our full list of Multi-Domain (SAN) SSL Certificates at this link.

Can I secure multiple subdomains on the same domain name with a single certificate?

You can secure multiple subdomains by purchasing a Wildcard Certificate. This SSL was specifically designed for ensuring the security of your main domain, along with its multiple subdomains. For instance, if your site’s domain is ssldragon.com, then the Wildcard certificate for *.ssldragon.com will secure an unlimited number of your first-level subdomains like mail.ssldragon.com, account.ssldragon.com or login.ssldragon.com.

You can find our full list of Wildcard certificates at this link.

Can I secure site.com and www.site.com under 1 SAN (domain)?

multi-domain2When you buy or configure your Multi-Domain (SAN) SSL Certificate, please note that most Multi-Domain Certificates do not secure the domains with and without “www”. With other words if you want to secure both, example.com and www.example.com under one single Multi-Domain Certificate, that will be considered as two different domain names. The screenshot on the right shows you where you can find the attribute that tells you if your Multi-Domain Certificate secures both “www” and “non-www” under one single domain (SAN), or not.

Anyway, that is not a problem so as you cannot have the same website open both as www.example.com and as example.com. All website owners only choose one of these options and make the other option automatically re-direct to the other. For example, you can choose your website to always open at www.example.com and anybody who enters on example.com is automatically redirected to www.example.com. In this way, you only have to secure one domain, and that is: www.example.com.

Can I use an SSL Certificate for multiple domains on same IP address?

Yes, absolutely.

The Multi-Domain (UCC/SAN) SSL Certificate allows you to secure multiple domains or subdomains which are hosted either on one IP address or different IP addresses. This SSL Certificate type was particularly designed to secure multiple websites within one single SSL Certificate as an easy-to-use and cost-effective solution. 

Do I have to pass the Business Validation every year?

You have to pass the Business Validation when you buy a new BV SSL Certificate.

If you buy your BV SSL Certificate for 1 year, then your certificate will be valid for 1 year, and you will have to pass the Business Validation again in 1 years when you request a new BV SSL Certificate. If you buy your BV SSL Certificate for 2 years, then your certificate will be valid for 2 years, and you will have to pass the Business Validation again in 2 years when you request a new BV SSL Certificate.

At the same time, the process of completing the Business Validation is easier the following years, so as the Certificate Authority has more information about your company in their system, based on your previous BV SSL Certificates requests.
Please check the Renew/Reissue BV instructions.

Do I have to pass the Extended Validation every year?

You have to pass the Extended Validation when you buy a new EV SSL Certificate.

If you buy your EV SSL Certificate for 1 year, then your certificate will be valid for 1 year, and you will have to pass the Extended Validation again in 1 years when you request a new EV SSL Certificate. If you buy your EV SSL Certificate for 2 years, then your certificate will be valid for 2 years, and you will have to pass the Extended Validation again in 2 years when you request a new EV SSL Certificate.

At the same time, the process of completing the Extended Validation is easier the following years, so as the Certificate Authority has more information about your company in their system, based on your previous EV SSL Certificates requests.
Please check the Renew/Reissue EV instructions.

Do I have to re-issue my Wildcard SSL Certificate when I add sub-domains to it?

You can add sub-domains to your server and they will be covered by your Wildcard SSL Certificate automatically. You do not need to re-issue your Wildcard SSL Certificate each and every time when you add sub-domains to it. The newly added sub-domains will be automatically covered by your Wildcard SSL Certificate.

Do I need an SSL certificate for my website?

You have to purchase an SSL certificate if your website contains logins or web forms that require personal or credit card information from your customers. The SSL certificate will secure the personal data shared on your website and will make your clients feel safer while performing transactions, knowing that any information shared is within a secure environment and authenticated by a trusted Certificate Authority.

If you have an informative website, we still recommend you to purchase an SSL certificate. By having an HTTPS link, your website will be more trustworthy and Google will rank it higher in its search results.

Do I need SSL for a website that is primarily going to be used as a data server?

A data server provides a wide range of database services such as data storage, data manipulation, data analysis, and archiving. If your website offers Database-as-a-Service (DBaaS) solutions, you will need an SSL certificate to encrypt the sensitive information of your clients. Moreover, since Chrome and Firefox flag websites without SSL encryption as not secure, a valid SSL certificate will ensure that your site is accessible 24/7 from any browser.

Does the EV Green Bar display the company name or the DBA (Doing Business As) or both?

There are two options of what an EV SSL Certificate can display in the address bar:
1) The company name only, for example: GPI Holding, LLC [US]
2) DBA (Doing Business As) and the company name, for example: SSL Dragon (GPI Holding, LLC) [US]

Certificate Authorities do not allow customers to display only the DBA in the address bar. Such requests came from many customers over the years, and Certificate Authorities never approved them.

How can I contact a Certificate Authority?

partner-order-idYou can contact Certificate Authorities directly when you have any questions related to your SSL Certificates. Anytime you call them, please refer to your Order ID, which you can find on the SSL Certificate’s details page inside your SSL Dragon account (see screenshot on the right). Here is the contact information to all Certificate Authorities that we work with:

Comodo/Sectigo/GoGetSSL

Phone (USA): +1 (888) 266-6361
Phone (UK): +44 (0) 161 874 7070
Ticket System: https://www.comodoca.com/en-us/support and https://sectigo.com/support

More contact information on Comodo/Sectigo’s official website

Thawte

Phone (USA): +1 (888) 484 2983
Phone (UK): +44 203 450 5486
Phone (Australia & Asia Pacific): +61 3 9914 5641
Online chat: https://www.thawte.com/chat/chat_sales.html
More contact information on Thawte’s official website

GeoTrust

Phone (USA): +1 (866) 511-4141
Phone (UK): +44 203 0240907
Phone (Australia): +61 3 9914 5661
Online chat: https://www.geotrust.com/support/chat/
More contact information on GeoTrust’s official website

Symantec

Phone (USA): +1 (800) 745-6054
Phone (UK): +44 (0) 8000853204
Phone (Australia): 1800 000 423
Phone (New Zealand): 0800 697 962
More contact information on Symantec’s official website

RapidSSL

Phone (USA): +1 (866) 795-4669
Phone (Europe, UK, Australia): +44 203 024 0906
Online chat: https://www.rapidssl.com/chat/intro.html

How can I find the Private Key for my Comodo (Sectigo) Code Signing Certificate?

code-signing3The Private Key was generated on your machine when you configured your Comodo/Sectigo Code Signing Certificate initially. The screenshot from the right shows the page where you configured your Comodo/Sectigo Code Signing Certificate initially. As you can see in the screenshot, you were given instructions on how to check and backup your Private Key.

If you lost your Private Key, then you have to reissue your Comodo/Sectigo Code Signing Certificate. You can do that by following the next steps:

1) Login at https://secure.trust-provider.com/products/frontpage?area=ssl using the username and password that you used when you configured your Comodo/Sectigo Code Signing Certificate initially;
2) Once you are logged in, find the “Replace” button and click on it;
3) You will start the reissue process for your Comodo/Sectigo Code Signing SSL.
4) Follow the steps and instructions that come next, until you complete the Comodo/Sectigo Code Signing Certificate reissue.

When you configure or re-configure your Comodo/Sectigo Code Signing SSL Certificate, it is best to use some specific browsers for that. Here is an article that describes which browsers are best to use for configuring a Comodo/Sectigo Code Signing Certificate.

How can I install my SSL Certificate?

There are many different ways to install an SSL Certificate, and they all depend on your SSL Certificate brand, the web server type, the operating system on your server, and the web hosting panel that you have on your server.

These being said, please check our Installation Articles to get detailed instructions on how to install your SSL Certificate on about 44 different server types, hosting panels and operating systems.

Also, here are links to documentation on how to install your SSL Certificate on your server, based on the SSL Certificate brand that you have:
Comodo/Sectigo
Thawte/RapidSSL/GeoTrust/Symantec
GoGetSSL

We always recommend you to get specialized help with you SSL Certificate installation. If you have a web developer, or a system engineer, then they would be the right people to help you with your SSL Certificate installation.

If you want us to do the SSL Certificate installation for you, then we can definitely do that. We offer SSL Certificate installation services to our customers for a flat rate of $99.99 per domain per server.

How can I request a Comodo (Sectigo) Code Signing Certificate for individuals?

code-signingWhen you configure your Comodo/Sectigo Code Signing Certificate as an individual, you need to enter your first and last name in the “Company Name” field. This will tell Comodo/Sectigo that you are requesting a Code Signing Certificate for an individual instead of a company.

How Comodo (Sectigo) EV Code Signing works?

The main differences between Comodo (Sectigo) EV Code Signing and a regular code signing certificate from Comodo/Sectigo are the following two major features:

Extended Validation – offers the highest level of trust since Comodo/Sectigo verifies the publisher’s authenticity rigorously

Two-factor authentication – the main requirement to store the private key on an external hardware token (provided by mail by Comodo/Sectigo) in order to avoid any unauthorized access or malicious usage. Since the private key is stored only on this token, this feature drastically reduces the number of people who can access it, therefore protecting the key from being compromised. 

How CPAC SSL Certificates digitally sign your documents?

Comodo (Sectigo) Personal Authentication Certificate lets you easily sign any valuable and critical personal or company document, therefore ensuring compliance with industry requirements of digitally signed documents. By digitally signing the document, you identify yourself as the authentic document signer and certify its integrity by proving that your document hasn’t been altered since it was signed. In this way, CPAC SSL Certificates help you migrate from ink & paper to digital workflows of contracts, sign-offs, request forms and other important company documents, working in tandem with or replacing the visible signature feature in Microsoft® products such as Microsoft Office Suite, Open Office Suite, VBA Macros and more.

SaveSave

SaveSaveSaveSave

How CPAC SSL Certificates ensure user two-factor authentication?

Comodo (now Sectigo) Personal Authentication Certificate helps business reduce the risks and threats associated with using standard passwords through enabling the two-factor authentication of users. If you need a stronger guarantee that the person logging into your company network or account is your legitimate employee, CPAC SSL Certificates will allow you to secure your sensitive and private customer or corporate data by enabling the industry standard used by banks all over the world – two-factor authentication – seamlessly integrating the certificate as a second authentication element. In this way, you will protect your company access, including remote, from any hackers attempting to steal usernames and passwords. 

How CPAC SSL Certificates secure and encrypt your email communications?

Comodo (Sectigo) Personal Authentication Certificates provide you the highest level of protection by enabling end-to-end encryption of your email communications. By signing and encrypting your outgoing email messages, you protect them from Man-in-the-Middle attacks, https proxies, or packet-sniffers, therefore your messages can’t be intercepted and decrypted by a malicious third party.

Encrypting Email Messages guarantees their privacy and integrity, while digitally signing the messages authenticates you as being the genuine sender. In this way, you will secure yourself and your business from accidental or fraudulent data exposures, privacy breaches and other potential security threats associated with the business communication. 

SaveSaveSaveSave

How do I find the date when my SSL Certificate expires?

You need to go to your SSL Dragon account and check the “Expires” field for the SSL Certificates that you have with us. You can do that by following the next steps:

due-date-21) Log into your SSL Dragon account at: https://my.ssldragon.com/
2) Go to Services -> My Services;
3) You will see the list of SSL Certificates which you bought from us;
4) Click on the necessary SSL Certificate;
5) Find its “Expires” field on the SSL Certificate’s details page.

You may start the renewal process within 90 days before the “Expires” date by clicking on the “Renew” button.

Your new SSL Certificate will be connected with the old one. All remaining days from the previous SSL Certificate will be added to the new one.

How do I renew my SSL Certificate?

The process of renewing your SSL Certificate is almost the same as placing a new order. You may start the renewal within 90 days before the expiration date.

Here are the steps how to renew your Standard (Domain/IP address) SSL Certificate:

    1. renew-buttonClick on the “Renew” button on the product page of your expiring SSL Certificate within your SSL Dragon account.
    2. Complete the payment of the newly created invoice for the renewed SSL Certificate.
    3. Once the invoice for the renewed SSL Certificate is paid, click on “Back to Client Area” or go to “My Services” section inside your SSL Dragon account.
    4. Click on the renewed SSL Certificate. Once you are on the SSL Certificate’s details page, scroll down and click on the green button that says “Configure Now”.renew-order
    5. Under the “Order Type” you should choose “Renewal”. This information will go to the Certificate Authority, and they will know that you had an SSL Certificate and you are renewing it. In this way, your new SSL Certificate will be connected to the old one. All remaining days from the previous SSL Certificate will be added to the new one.
    6. After that, you have to submit a CSR. You can use the old CSR from your previous SSL Certificate, or generate a new CSR. Either way is fine.
    7. Fill in the rest of the form information for your renewed SSL Certificate.
    8. Then pass the domain validation, or business validation, or extended validation, depending on what applies to your SSL Certificate.
    9. When your SSL Certificate is renewed, you need to reinstall the new SSL Certificate on your server. With other words, you need to replace your old / expiring SSL Certificate with the new one which you have just received. The old certificate will NOT get replaced, renewed or continued automatically.

Please note:

  1. If you have a CPAC or Code Signing Certificate from GoGetSSL, Comodo/Sectigo, Thawte or Symantec, then steps 4-5 do not apply to you. You will have to fill in the certificate request form for your CPAC/Code Signing Certificate on the certificate authority’s website further and let us know about the details you field in, as usual.
  2. If you are renewing a Business Validation SSL Certificate or an Extended Validation SSL Certificate, you will still have to pass the Business Validation or the Extended Validation again. Anyway, the Business Validation and Extended Validation processes are quicker when renewing an SSL Certificate than when getting it for the first time.
  3. If you own a Multi-Domain (SAN/UCC) SSL Certificate for which you have previously purchased & added additional SANs (domains), don’t forget to include all of them in the SANs field when configuring the renewed SSL.
  4. If you want to change the validity of the renewed SSL Certificate – e.g. you have a Comodo PositiveSSL Multi-Domain with 4 SANs (5 Domains) for 2-year SSL, but you what to renew it for 3 years. Then you must order a 3-year SSL of the same type and configuration – a Comodo PositiveSSL Multi-Domain with 4 SANs (5 Domains) for 3-years – complete the payment, and click on the newly purchased SSL. Then please follow Steps 5-9 from above.

SaveSave

How do Multi-Domain Wildcard SSL Certificates work?

A Multi-Domain Wildcard SSL Certificate is specifically created to allow users to secure multiple domains and sub-domains using one single SSL Certificate.

NOTE #1: Any Multi-Domain Wildcard SSL Certificate should start with a non-Wildcard domain. This means that anytime you configure and request a Multi-Domain Wildcard SSL Certificate, you need to generate a CSR (Certificate Signing Request) for a single domain (such as: example.com), without any asterisk sign “*”. This is a requirement that comes from the Certificate Authorities. All the additional SANs (2nd, 3rd, 4th domains) can be Wildcard domains.

For example, a Multi-Domain Wildcard SSL Certificate that has 3 SAN (4 domains) by default, allows you to secure the following:

  1. One main domain and multiple Wildcard domains:
    1. example.com – included in the CSR (Certificate Signing Request)
    2. *.example.com
    3. *.mysite.com
    4. *.abcxyz.com
  2. One main domain and multiple Wildcard domains (with both, 1st level and 2nd level sub-domains):
    1. example.com – included in the CSR (Certificate Signing Request)
    2. *.example.com
    3. *.mob.example.com
    4. *.mysite.com
  3. Several domains and multiple Wildcard domains (with both, 1st level and 2nd level sub-domains):
    1. example.com – included in the CSR (Certificate Signing Request)
    2. *.example.com
    3. mysite.com
    4. *.mob.mysite.com

NOTE #2: If you add a SAN item like *.domain.com, you will protect its unlimited sub-domains but not the main domain. For example, if you want to secure secure two domains and all their sub-domains, you have to configure your SSL in the following format:

  1. domain.com – included in the CSR (Certificate Signing Request)
  2. *.domain.com
  3. mysite.com
  4. *.mysite.com

You can add sub-domains to your server and they will be covered by your Wildcard SSL Certificate automatically. You do not need to re-issue your Wildcard SSL Certificate each and every time when you add sub-domains to it. The newly added sub-domains will be automatically covered by your Wildcard SSL Certificate.

 

How does the SSL Certificate work?

An SSL Certificate takes the information that your users provide and encrypts it, so that only a web server can decrypt it and understand it. So as the information on the web is transmitted via HTTP language, your data is not protected, as HTTP itself is not secure. The SSL Certificate takes your information, encrypts it, and passes it securely to the server where the website is hosted, or directly to the payment processor. On the merchant’s server, or on the payment processor’s side, the SSL certificate receives the encrypted HTTP information, decodes it, and safely performs the action you requested (logging you in, processing a payment, etc).

In this way, the SSL Certificate turns your “HTTP” connection into an “HTTPS” (secured HTTP) connection and protects your data. With an SSL Certificate, your information is protected and safe.

How long does the validation process take?

The validation time of an SSL depends on the type of certificate you chose to buy.

Domain Validated certificates are issued within 3-5 minutes in 99% of the cases. Only when an SSL Certificate is requested for a domain name that contains a trademark or a brand name, then those SSL Certificates may pass brand validation, and can take up to a business day to be issued.

Business Validated certificates are usually issued within 1-3 business days.

Extended Validated certificates can take between 1-7 business days to be issued. The Certificate Authority does its part of the work very quickly. If all the information is provided to the Certificate Authority quickly and correctly, then the Certificate Authority can issue the EV certificate within 1 business day. We’ve seen situations when the EV Certificate was issued within a few hours. The 1-7 days period depends on how quickly the customer provides the required information to the Certificate Authority, and how quickly the customer responds to the Certificate Authority’s potential requests for additional information.

By doing the Validation process, the Certificate Authority’s is trying to confirm that you are the owner of the domain, and that the company that you are requesting a Business Validation or Extended Validation certificate for is active. That is why it is important that you keep your company’s records (address and phone number) up to date and you promptly respond to the Certificate Authority’s requests.

How many subdomains can I secure with a Wildcard certificate?

A Wildcard certificate will secure an unlimited number of subdomains.

How soon is the CSR generated?

A CSR is generated immediately. It will be generated to you as soon as you fill in the CSR Generator form.

How to add the VAT Number and Company Name to my invoice/account?

To add your Company Name and TAX/VAT number, you have to login into your SSL Dragon Account and follow these steps:

  1. Click on the “Hello, *Your Name*” button on the right top side of your account dashboard and select “Edit Account Settings”;
  2. On the ‘My Details’ page, you will find the ‘Company Name’ and ‘Company TAX/VAT ID’ field;
  3. Fill in these fields with the necessary information then click on ’Save Changes’. 

After you perform the above steps, your SSL Dragon account and all your invoices will be automatically updated with this information.

SaveSave

How to buy an SSL Certificate

How to buy an SSL Certificate

  1. Choose the SSL Certificate, then select the period (1, 2, or 3 years) and number of domains (only for Multi-Domain SSL Certificates), and click “Buy Now”;
  2. You’ll be redirected to your Shopping Cart, where you need to confirm the period (and, for Multi-Domain SSL Certificates, number of additional domains) and can order SSL Installation services, if necessary. Review your Order Summary then click “Continue”;
  3. On the Review & Checkout page, you’ll find the “New Customer” fillable form which you need to complete to create your SSL Dragon account. Afterwards, insert your Promotional Code (if you have it), any Additional Information (if necessary), select the desired Payment Method,  confirm that you’ve read and accepted our Terms of Service and click on “Checkout”;
  4. You’ll be redirected to your Invoice which you need to pay using your selected Payment Method. Once the payment is done, you will see your order number and additional details on your Order Confirmation page. You will find your SSL Certificate in “My Account” at “Services” -> “My Services“.
How to change the domain validation method?

Valid only for Comodo/Sectigo and GoGetSSL Certificates:

Please go through the next steps in order to change the domain validation type for your SSL Certificate:

1) Log into your SSL Dragon account;
2) Go to “Services” -> “My Services”;
4) You will see the list of products which you bought from SSL Dragon. Click on the SSL Certificate which you would like to change the domain validation type for;
5) Click on the green colored “Revalidate” button which you can find towards the bottom on the page;
6) Choose the new domain validation method for your domain(s); You can read more about what each validation type means at this link;
7) Click “Submit” to make the new validation method go into effect.

How to check what information my CSR has? Is it possible to look into my CSR?

Yes, you can look what information your CSR includes, by doing a process which is opposite to encrypting it. You can use our CSR Decoder tool in order to see what information is included in your CSR. You can do that our CSR Decoder page.

How to check what type of validation my SSL Certificate requires?

bv2bv1You can check whether your SSL Certificate requires Domain Validation, Business Validation or Extended Validation by looking at the attributes of your SSL Certificate. Please open the two screenshots on the right in order to see where you can find the information about the validation type of your SSL Certificate.

 

How to configure an SSL Certificate?
  1. Sign in to “My Account” on our SSL Dragon website;
  2. Once you are logged in, go to the main menu, select “Services” -> “My Services“;
  3. You will see the list of SSL Certificates which you bought on our website. Click on the SSL Certificate which you have just ordered, to enter its details page;
  4. When you are on the details page of the SSL certificate which you bought, go towards the bottom of the page, and click on the green button which says “Configure Now”;
  5. Fill in the form, by entering your order type, web server type, CSR and your company information;
  6. The second thing that you will be asked about on this form is the CSR (Certificate Signing Request). Insert your CSR (if you already have one), or use our CSR Generator tool to generate your CSR and your Private Key, based on the information which you will introduce in the CSR form. Copy and paste your CSR code in the text area which asks you for your CSR.

    Important: Please make sure to insert the entire CSR code, including the following two lines:
    —–BEGIN CERTIFICATE REQUEST—–
    (your CSR code)
    —–END CERTIFICATE REQUEST—–
  7. Only for Multi-Domain SSL: In the SANs Field, insert your additional domain name list, space separated, e.g.:
    yourdomain.com
    yourseconddomain.com
  8. Once the form is completed in full, click on “Click to Continue”;
  9. You’ll be redirected to the domain validation page, where you need to choose your Domain Validation Method (email, HTTP/HTTPS, or DNS) then click on “Click to Continue”;
  10. The configuration of your SSL Certificate is completed now, and your order will be submitted to the Certificate Authority. If you have a Business Validation, Organization Validation, or Extended Validation SSL Certificate, you will find directions to the next steps on this page.
How to convert my SSL Certificate into a different format?

Some servers and hosting companies may require you to submit your SSL Certificate in a different format than the original format in which your SSL Certificate was provided to you. Here are some links with instructions on how to convert an SSL Certificate to different file formats:

SSL convertor – various formats
Guide to convert SSL into various formats
CRT to PFX format conversion

1. Get PFX from CRT and txt containing private key for Azure
2. Bind an existing custom SSL certificate to Azure Web Apps
3. Exporting the SSL Certificate as a PFX file from IIS server
4. Convert your certificate to PFX

Convert .CRT to.CER file

It is easy to switch from .CRT format to .CER format. They are basically interchangeable. You can change the SSL Certificate extension/format by going with the steps written below:

  1. Copy and paste the CRT code which you got from your SSL Certificate’s details page in your SSL Dragon account and use Notepad to create a mywebsite.crt file from it;
  2. Double click on the mywebsite.crt file to open it and see the certificate being displayed;
  3. Click on the “Details” button, and then click on the button that says “Copy to File”;
  4. When you are on the Certificate Wizard, click “Next”;
  5. Then select Base-64 encoded X.509 (.CER), then click “Next” again;
  6. Click on “Browse” to choose the location where you want to save the converted file, and enter the desired name for your file (e.g.: mywebsite.cer);
  7. Finally, click “Save”, and you will have the .CRT to .CER conversion complete;
  8. You can get the mywebsite.cer file from the folder where you selected to save it to.
How to create the .well-known folder?

To confirm you are the owner of the domain name using the HTTP method, you’ll have to upload a TXT file to a location on your website and server that looks like this:

http://mywebiste.com/.well-known/pki-validation/HashFileName.txt

We will provide instructions on how to create the .well-known folder for various server types:

Linux based servers (Ubuntu, Debian, CentOS)

  1. Go to the root directory of your website
  2. Create a directory called “.well-known“
  3. Inside it, create another folder called “pki-validation“
  4. Upload the TXT file inside the “pki-validation” directory

cPanel

  1. Log into WHM, or skip this step if you don’t have WHM
  2. Locate and log into the cPanel account for your domain name
  3. Click on “File Manager”
  4. Choose the “Web Root (public_html/www)” option and click “Go.”
  5. Create a new folder called .well-known
  6. Inside that folder create another folder called: pki-validation
  7. Upload your TXT file inside the pki-validation folder

IIS

Windows based servers do not allow you to place a dot in a folder name, therefore you need to follow these steps:

  1. Go to the C: drive
  2. Create a new folder called well-known
  3. Inside the well-known folder, create another folder named pki-validation
    so far, your folders should look like this: C:\well-known\pki-validation
  4. Upload the TXT file in the pki-validation folder
  5. Open the IIS Manager on your server
  6. Do a right click on your website and select Add Virtual Directory
  7. In the Alias section write .well-known
  8. In the Psychical Path area enter the path to the well known folder. For example:
    C:\well-known
  9. Press OK to create this alias

For all server types, if you did everything correctly, you should be able open the following URL and see the hash code along with “comodoca.com” in any web browser:

http://mywebsite.com/.well-known/pki-validation/HashFileName.txt

 

How to install my Comodo (Sectigo) Code Signing Certificate?
How to install my CPAC Certificate?

You can install it your Comodo/Sectigo CPAC Certificate as soon as it has been issued to you.

Here are installation instructions for different browsers, email clients and mobile devices provided  by Sectigo/Comodo:

How to pass the Business Validation and Extended Validation for my Symantec SSL Certificate?

All Symantec SSL Certificates require customers to pass the Business Validation or Extended Validation process. On Symantec SSL Certificates, these two validation processes are identical. As a part of the Business Validation or Extended Validation process, you need to provide information about your company and your company’s phone number.

DUNS number

You need to provide your DUNS number to Symantec, and your DUNS profile needs to display your phone number. You can check your company’s DUNS number / profile at this website: https://www.dandb.com/. If you see that your DUNS listing does not contain a phone number, then you need to contact Dun & Bradstreet (at https://www.dandb.com/) and ask them to add your phone number to their “business directory and on the report”.

Please note that after asking DNB (Dun & Bradstreet) to add your phone number to your DUNS listing, it will take them a few days to do this update. You should expect to receive an email message from DNB saying that your DUNS profile has been updated successfully. Your phone number will start appearing on your DUNS profile on the https://www.dandb.com/ website only after you get that confirmation message from DNB.

partner-order-idAt that point, you should contact Symantec at +1 (877) 438-8776 (select option #1 and then option #2), and provide them your Symantec Order ID and your DUNS number. You can find your Symantec Order ID on your SSL Certificate’s details page inside your SSL Dragon account. See the screenshot on the right.

Symantec will proceed with the callback verification process to verify your phone number. Once that is completed, your Symantec SSL Certificate will be issued to you.

Legal letter

If adding your phone number to your DUNS listing takes too long, you can ask Symantec to tell you what alternatives you have for passing the Business Validation or Extended Validation. Symantec can send you an email message with information about a legal letter which you can write, then take it to a notary for them to sign it, and then scan and send it back to Symantec by email. The letter will have your company name, address and phone number. Once Symantec receives it, they will do the callback on the number which you provide in the legal letter, and will issue your Symantec SSL Certificate shortly after that. Other certificate authorities have this practice too, so providing a legal letter is a common method for passing the Business Validation and Extended Validation.

How to pass the Business Validation for my SSL Certificate?

bv2bv1You can check if you have a Business Validation SSL Certificate by looking at the attributes of your SSL Certificate. Please open the two screenshots on the right in order to see where you can find the information about the validation type of your SSL Certificate.

Different SSL Certificate brands have different Business Validation procedures. Please read the section that applies to your SSL Certificate brand below.

Comodo (now Sectigo)/GoGetSSL

Please send the necessary forms described below to Comodo/Sectigo by opening a ticket with Comodo/Sectigo Validation Center at https://sectigo.com/about/contact. Click on “Submit a ticket here”, select Validation Department and submit your request. Please mention your “Partner Order ID” in your message.

partner-order-idYou can find your “Partner Order ID” on the details page of your SSL Certificate inside your SSL Dragon account. See screenshot on the right.

I. New Orders

STEP 1: Business Validation
To pass Business validation, you may have to provide an official registration document, such as Business License, Article of Incorporation, and or Registration application.
Here are the BV options:

A. No paperwork. Your company’s legal existence will be checked via public government database using your company name and your unique Registration/Identification number OR via verified public 3rd party databases, such as GLEIF, Duns & Bradstreet, Hoovers, Companies House GOV.UK.

B. Paperwork. Your company will be verified using:

  • an official registration document, such as Articles of Incorporation, Government Issued Business License, or
  • a copy of a recent: company bank statement, company phone bill, or major company utility bill  (i.e. power bill, water bill, etc.).

STEP 2: Callback process
The last step is a callback process called the phone validation. Comodo/Sectigo will call you and asks to confirm your name and order to validate official company phone number.
Below are the 4 callback options. You don’t have to do all four things from below. Doing just one of them will be enough.

A. Yellow Pages Databases. Sectigo verifies your phone number via public Yellow pages Databases.

B. DUNS. The second way is to provide your DUNS number to Comodo/Sectigo. You can get your company’s DUNS number from this website: https://www.dandb.com/. If Comodo/Sectigo gets back to you and says that your DUNS listing does not contain a phone number, then you need to contact Dun & Bradstreet (at https://www.dandb.com/) and ask them to “add your company’s phone number to their business directory and on the report”.

C. Local phone database. If you don’t have a DUNS number, then the other thing you can do is to provide your company’s registration number for Comodo/Sectigo to check your company with your country’s governmental directories (e.g.: Corporation Division, Companies House, Department of State, etc). Please note that Comodo/Sectigo will be looking to see your company’s phone number listed there as well. Not all governmental directories have the companies’ phone numbers. If the governmental directory allows you to call them, email them, or use their website to add your phone number, then please go ahead and do that.

D. Legal OpinionIf the above two options (2.1 and 2.2) don’t work for you, then the third and last option to validate your phone number is to ask a CPA (Certified Public Accountant), or a Latin Notary, or an Attorney (Lawyer) to write, sign and send a letter to Comodo/Sectigo where they confirm your company name, address and phone number. You can find the sample letters below:

– Sample Accountant Letter
– Sample Legal Opinion Letter


II. Renewal/Reissue Orders

For reissues and renewal order, instead of Step 1 and 2, you must contact Comodo/Sectigo Validation Center at https://sectigo.com/about/contact, click on “Submit a ticket here”, or choose Live Chat, select Validation Department and submit the following request (please replace [] fields with the corresponding info):

Reason for the ticket: Validation
Order number: [Your Partner Order ID]
Subject: Business Validation 

Dear Sectigo!
Please validate order [Partner Order ID] using the company name [Your Company Name], with [Registration/ID number] and [DUNS number].

Sectigo will then contact you for Step 2 or any necesssary updates to the Step 1.


Thawte, GeoTrust, Symantec/VeriSign

If you bought a Business Validation SSL Certificate with Thawte, GeoTrust, Symantec/VeriSign, then the certificate authority will work on validating the legal existence of your company via local public databases, as a part of the Business Validation process. This may take between 1-3 working days. Please wait until one of the certificate authority representatives contacts you about any additional information that they may need you to provide them.

partner-order-idIf you do not hear from the Certificate Authority representatives in the next 5-7 days, then please call +1 (520) 477-3152 (Ext 2) to check the status of your SSL Certificate with the Certificate Authority. Please note that Thawte, GeoTrust, Symantec/VeriSign are all owned by Symantec, and they all have the same phone number provided above.  When you talk to them, you will need to provide the “Partner Order ID”, which you can find on the details page of your SSL Certificate inside your SSL Dragon account. See screenshot on the right.

How to pass the Domain Validation?

When requesting an SSL Certificate you have to prove that you own or you have management rights over the domain or sub-domain that you are requesting an SSL Certificate for.

STEP 1: Domain Validation (DV)

A. EMAIL

If you have an SSL Certificate issued by Comodo/Sectigo, GoGetSSL, GeoTrust, Thawte, Symantec and RapidSSL, then you can complete the domain validation is by responding to an automated domain validation message sent to your email address. You will be given a list of emails to choose from, and the automated domain validation message will be sent to the email address that you choose.

Always check your email address (including your Spam folder) so as you should receive an email message from the Certificate Authority with instructions on how to validate (prove the ownership of) your domain name. The email message will ask you to copy a unique code and paste it on a specific link provided in the same email message.

Important: Only 5 e-mail addresses are allowed for domain validation: [email protected], [email protected], [email protected], [email protected] and [email protected]
In some cases, the Certificate Authority may allow your administrative e-mail from WHOIS, too, but ONLY IF the Private registration is disabled.

If your SSL Certificate is issued by Comodo/Sectigo or GoGetSSL, there are 2 more ways how you can complete the domain validation:

B. HTTP / HTTPS method

The HTTP validation consists of uploading a TXT validation file to a pre-defined location on your website. You have to make sure that you can access this file and link from any web browser. Once you proceed with this domain validation method, Comodo/Sectigo will run a scan of your website and will look particularly for this file at the given link. Your SSL Certificate will pass the domain validation within a few minutes after Comodo/Sectigo’s system finds the TXT file on your website.

The HTTPS validation method is the same validation method as described above. You should choose the HTTPS option if you already have an SSL Certificate installed on your website.

C. DNS method

Comodo/Sectigo allows you to to add a pre-defined domain record to your domain registrar (the website where you registered your domain name). Make sure that your firewall doesn’t block Comodo/Sectigo validation robot. Comodo/Sectigo validation robot comes from secure.comodo.net / 91.199.212.132. The user agent should be “ComodoDCV” or “Sectigo DCV” or “COMODO DCV” or “SECTIGO DCV”.

Please note that newly added DNS records take between 10-48 minutes to propagate. This means that you will have to wait up to 48 hours to pass the domain validation if you go with this method. That is why we recommend the Email, HTTP, and HTTPS methods better, so as they would allow you to pass the domain validation instantly.

STEP 2: CAA Check

As of 8th September 2017, all Certificate Authorities (CAs) are obliged to respect your CAA policy, as a security measure.

The CAA record should allow the CA to issue the SSL for your domain name, otherwise, the order would be set as Pending until you update the record.

By default, if no CAA record found, any CA may issue SSL for your domain name. Otherwise, you should update your CAA record.

Here is how to do it:
– https://support.sectigo.com/Com_KnowledgeDetailPage?Id=kA01N000000zFMO
– https://knowledge.digicert.com/solution/SO29555.html

Here is how to test the record:
– https://toolbox.googleapps.com/apps/dig/#CAA/
– https://caatest.co.uk/scan.org.ua

Optional (Rare) – Brand Validation (Manual Check)

In some cases, the CAs may require manual verification if your order fails any internal rules of Brand Validation.

It takes around 24-48 hours to pass this manual check, and the CA will either issue or reject an order in such cases.

Here are the reasons why your order is under Brand Validation.


How to change the domain validation method?

If you chose one of these domain validation methods described above, and you see that your domain doesn’t get validated, then you can always change your domain validation method. Please go to this link to learn how to do that.

How to pass the Extended Validation for my SSL Certificate?

ev2ev1You can check if you have an Extended Validation SSL Certificate by looking at the attributes of your SSL Certificate. Please open the two screenshots on the right in order to see where you can find the information about the validation type of your SSL Certificate.

Different SSL Certificate brands have different Extended Validation procedures. Please read the section that applies to your SSL Certificate brand below.

Comodo (now Sectigo)/GoGetSSL

Please send the necessary forms described below to Comodo/Sectigo by opening a ticket with Comodo/Sectigo Validation Center at https://sectigo.com/about/contact. Click on “Submit a ticket here”, select Validation Department and submit your request. Please mention your “Partner Order ID” in your message.

partner-order-idYou can find your “Partner Order ID” on the details page of your SSL Certificate inside your SSL Dragon account. See screenshot on the right.

I. New Orders

STEP 1: Agreement signing
In a few hours after the order is placed, you will receive an email from Sectigo with a click-though link called the “Validation Manager link“.
Please use this click-through link to access the Validation form and sign the agreement using a digital signature and upload it directly to Sectigo.

If you didn’t receive the email with the link and/or can’t sign the agreement digitally, please fill these 2 forms  – Certificate Request Form and EV SSL Subscriber Agreement – and send them to Sectigo (see above instructions).
The forms can be also found here.

STEP 2: Business Validation
To pass Business validation, you may have to provide an official registration document, such as Business License, Article of Incorporation, and or Registration application.
Here are the BV options:

A. No paperwork. Your company’s legal existence will be checked via public government database using your company name and your unique Registration/Identification number OR via verified public 3rd party databases, such as GLEIF, Duns & Bradstreet, Hoovers, Companies House GOV.UK.

B. Paperwork. Your company will be verified using:

  • an official registration document, such as Articles of Incorporation, Government Issued Business License, or
  • a copy of a recent: company bank statement, company phone bill, or major company utility bill  (i.e. power bill, water bill, etc.).

STEP 3: Callback process
The last step is a callback process called the phone validation. Comodo/Sectigo will call you and asks to confirm your name and order to validate official company phone number.
Below are the 4 callback options. You don’t have to do all four things from below. Doing just one of them will be enough.

A. Yellow Pages Databases. Sectigo verifies your phone number via public Yellow pages Databases.

B. DUNS. The second way is to provide your DUNS number to Comodo/Sectigo. You can get your company’s DUNS number from this website: https://www.dandb.com/. If Comodo/Sectigo gets back to you and says that your DUNS listing does not contain a phone number, then you need to contact Dun & Bradstreet (at https://www.dandb.com/) and ask them to “add your company’s phone number to their business directory and on the report”.

C. Local phone database. If you don’t have a DUNS number, then the other thing you can do is to provide your company’s registration number for Comodo/Sectigo to check your company with your country’s governmental directories (e.g.: Corporation Division, Companies House, Department of State, etc). Please note that Comodo/Sectigo will be looking to see your company’s phone number listed there as well. Not all governmental directories have the companies’ phone numbers. If the governmental directory allows you to call them, email them, or use their website to add your phone number, then please go ahead and do that.

D. Legal OpinionIf the above two options (2.1 and 2.2) don’t work for you, then the third and last option to validate your phone number is to ask a CPA (Certified Public Accountant), or a Latin Notary, or an Attorney (Lawyer) to write, sign and send a letter to Comodo/Sectigo where they confirm your company name, address and phone number. You can find the sample letters below:

– Sample Accountant Letter
– Sample Legal Opinion Letter


II. Renewal/Reissue Orders

For reissues and renewal order, instead of Step 1 and 2, you must contact Comodo/Sectigo Validation Center at https://sectigo.com/about/contact, click on “Submit a ticket here”, or choose Live Chat, select Validation Department and submit the following request (please replace [] fields with the corresponding info):

Reason for the ticket: Validation
Order number: [Your Partner Order ID]
Subject: Extended Validation 

Dear Sectigo!
Please validate order [Partner Order ID] using the company name [Your Company Name], with [Registration/ID number] and [DUNS number].

Sectigo will then contact you for Step 3 or any updates of Step 1 or 2 described above.


Thawte, GeoTrust, Symantec/VeriSign

The validation team would send you agreement by email, during the verification process. Then the certificate authority will work on validating the legal existence of your company via local public databases, as a part of the Extended Validation process. This may take between 1-3 working days. Please wait until one of the certificate authority representatives contacts you about any additional information that they may need you to provide them.

partner-order-idIf you do not hear from the Certificate Authority representatives in the 5-7 days, then please call +1 (520) 477-3152 (Ext 2) to check the status of your SSL Certificate with the Certificate Authority. Please note that Thawte, GeoTrust, Symantec/VeriSign are all owned by Symanec, and they all have the same phone number provided above.  When you talk to them, you will need to provide the “Partner Order ID”, which you can find on the details page of your SSL Certificate inside your SSL Dragon account. See screenshot on the right.

How to pass the IP validation for a public IP address?

Certain SSL Certificates allow you to secure an IP address, only if it is a public IP address. The validation process for IP addresses is similar to validating a domain name, but it has its particularities. That is why we encourage you to follow the guidelines below.

GoGetSSL

1) First of all, you have to configure your SSL Certificate by filling in the configuration form inside your SSL Dragon account.

Important! When configuring your certificate, you will be asked to generate a CSR with NO Common Name. Here is how to do it.

2) Include your 2 IP addresses (or more, if you purchased additional SANs) in the SAN field, space separated, e.g.:

123.34.34.234
124.34.24.234

3) Once your certificate is configured, you have to prove the ownership or right to use that IP address. To do that, you have to pass the HTTP/HTTPS validation for your SSL Certificate. Email or DNS validation are not available for IP validation. To pass the HTTP/HTTPS validation, you have to create a .TXT file that contains the validation code provided on the “Content” field on the details page of your SSL Certificate page. The “Content” that you have to add to the .TXT file looks similar to this:

38622319C755B5952FA4CD590655F05000C4951C2EF07BFFCB2BBA23623BE9D6
COMODOCA.COM
t0520161001553133275

Then you have to upload the TXT file at a location on your server that looks like this:
http://127.0.0.1/.well-known/pki-validation/B34037F1D9BFE9F5936AFEA9798174AB.txt

127.0.0.1 should be replaced by the IP address that you are trying to validate. You can read information on how to create the .well-known folder at this link: https://www.ssldragon.com/blog/faq_category/domain-validation/#collapse-13950

Make sure that you can access this file and link from any web browser. Inform us when you uploaded the attached TXT file on your server, so that we could run a scan of your website and look particularly for this file at this given link.

If you follow these steps exactly, you will get your IP address validated successfully.

NOTE: If you have a router to secure instead of a server, there is no way to upload the TXT file on your router. The solution to get the IP addresses validated is to reroute the IP address to a server, put the TXT file on that server, pass the IP validation, and then reroute the IP address back to the router.

Comodo (now Sectigo)

1) First of all, you have to configure your SSL Certificate by filling in the configuration form inside your SSL Dragon account. When configuring your certificate, you will be asked to generate a CSR or enter an existing CSR. Please make sure you include your IP address as a “common name” (domain/IP that you want to secure) in your CSR;

2) Once your certificate is configured, you have to prove the ownership or right to use that IP address. To do that, you have to pass the HTTP/HTTPS validation for your SSL Certificate. Email or DNS validation are not available for IP validation. To pass the HTTP/HTTPS validation, you have to create a .TXT file that contains the validation code provided on the “Content” field on the details page of your SSL Certificate page. The “Content” that you have to add to the .TXT file looks similar to this:

38622319C755B5952FA4CD590655F05000C4951C2EF07BFFCB2BBA23623BE9D6
COMODOCA.COM
t0520161001553133275

Then you have to upload the TXT file at a location on your server that looks like this:
http://127.0.0.1/.well-known/pki-validation/B34037F1D9BFE9F5936AFEA9798174AB.txt

127.0.0.1 should be replaced by the IP address that you are trying to validate. You can read information on how to create the .well-known folder at this link: https://www.ssldragon.com/blog/faq_category/domain-validation/#collapse-13950

Make sure that you can access this file and link from any web browser. Inform us when you uploaded the attached TXT file on your server, so that we could run a scan of your website and look particularly for this file at this given link.

If you follow these steps exactly, you will get your IP address validated successfully.

NOTE: If you have a router to secure instead of a server, there is no way to upload the TXT file on your router. The solution to get the IP addresses validated is to reroute the IP address to a server, put the TXT file on that server, pass the IP validation, and then reroute the IP address back to the router.

3) The last step towards getting the SSL Certificate for your IP address is to pass the Business Validation. You can find detailed instructions on how to do that at this link: https://www.ssldragon.com/contacts/faq/#collapse-3176

How to pass the Organization Validation for my SSL Certificate?

bv2bv1You can check if you have an Organization Validation SSL Certificate by looking at the attributes of your SSL Certificate. Business Validation equals to Organization Validation. This being said, wherever you see “Business Validation” it also means “Organization Validation”. Please open the two screenshots on the right in order to see where you can find the information about the validation type of your SSL Certificate.

Different SSL Certificate brands have different Organization Validation procedures. Please read the section that applies to your SSL Certificate brand below.

Comodo (now Sectigo)/GoGetSSL

Please send the necessary forms described below to Comodo/Sectigo by opening a ticket with Comodo/Sectigo Validation Center at https://sectigo.com/about/contact. Click on “Submit a ticket here”, select Validation Department and submit your request. Please mention your “Partner Order ID” in your message.

partner-order-idYou can find your “Partner Order ID” on the details page of your SSL Certificate inside your SSL Dragon account. See screenshot on the right.

I. New Orders

STEP 1: Organization Validation
To pass Organization validation, you may have to provide an official registration document, such as Business License, Article of Incorporation, and or Registration application.
Here are the BV options:

A. No paperwork. Your company’s legal existence will be checked via public government database using your company name and your unique Registration/Identification number OR via verified public 3rd party databases, such as GLEIF, Duns & Bradstreet, Hoovers, Companies House GOV.UK.

B. Paperwork. Your company will be verified using:

  • an official registration document, such as Articles of Incorporation, Government Issued Business License, or
  • a copy of a recent: company bank statement, company phone bill, or major company utility bill  (i.e. power bill, water bill, etc.).

STEP 2: Callback process
The last step is a callback process called the phone validation. Comodo/Sectigo will call you and asks to confirm your name and order to validate official company phone number.
Below are the 4 callback options. You don’t have to do all four things from below. Doing just one of them will be enough.

A. Yellow Pages Databases. Sectigo verifies your phone number via public Yellow pages Databases.

B. DUNS. The second way is to provide your DUNS number to Comodo/Sectigo. You can get your company’s DUNS number from this website: https://www.dandb.com/. If Comodo/Sectigo gets back to you and says that your DUNS listing does not contain a phone number, then you need to contact Dun & Bradstreet (at https://www.dandb.com/) and ask them to “add your company’s phone number to their business directory and on the report”.

C. Local phone database. If you don’t have a DUNS number, then the other thing you can do is to provide your company’s registration number for Comodo/Sectigo to check your company with your country’s governmental directories (e.g.: Corporation Division, Companies House, Department of State, etc). Please note that Comodo/Sectigo will be looking to see your company’s phone number listed there as well. Not all governmental directories have the companies’ phone numbers. If the governmental directory allows you to call them, email them, or use their website to add your phone number, then please go ahead and do that.

D. Legal OpinionIf the above two options (2.1 and 2.2) don’t work for you, then the third and last option to validate your phone number is to ask a CPA (Certified Public Accountant), or a Latin Notary, or an Attorney (Lawyer) to write, sign and send a letter to Comodo/Sectigo where they confirm your company name, address and phone number. You can find the sample letters below:

– Sample Accountant Letter
– Sample Legal Opinion Letter


II. Renewal/Reissue Orders

For reissues and renewal order, instead of Step 1 and 2, you must contact Comodo/Sectigo Validation Center at https://sectigo.com/about/contact, click on “Submit a ticket here”, or choose Live Chat, select Validation Department and submit the following request (please replace [] fields with the corresponding info):

Reason for the ticket: Validation
Order number: [Your Partner Order ID]
Subject: Organization Validation 

Dear Sectigo!
Please validate order [Partner Order ID] using the company name [Your Company Name], with [Registration/ID number] and [DUNS number].

Sectigo will then contact you for Step 2 or any necesssary updates to the Step 1.

Thawte, GeoTrust, Symantec/VeriSign

If you bought an Organization Validation SSL Certificate with Thawte, GeoTrust, Symantec/VeriSign, then the certificate authority will work on validating the legal existence of your organization via local public databases, as a part of the Organization Validation process. This may take between 1-3 working days. Please wait until one of the certificate authority representatives contacts you about any additional information that they may need you to provide them.

partner-order-idIf you do not hear from the Certificate Authority representatives in the next 5-7 days, then please call +1 (520) 477-3152 (Ext 2) to check the status of your SSL Certificate with the Certificate Authority. Please note that Thawte, GeoTrust, Symantec/VeriSign are all owned by Symantec, and they all have the same phone number provided above.  When you talk to them, you will need to provide the “Partner Order ID”, which you can find on the details page of your SSL Certificate inside your SSL Dragon account. See screenshot on the right.

How to pass the validation for my Comodo (Sectigo) Code Signing Certificate?

Comodo/Sectigo Code Signing Certificates can be configured for a Business or for an Individual. If you configured your certificate as an individual, then you can go directly to the middle of this article, to the section called “Validation for Individuals”, where you will find detailed information about how to pass the validation as an individual. If you configured your certificate as company, then please continue reading.

Business Validation

Please send the necessary forms described below to Comodo/Sectigo by opening a ticket with Comodo/Sectigo Validation Center at https://sectigo.com/about/contact. Click on “Submit a ticket here”, select Validation Department and submit your request. Please mention your “Partner Order ID” in your message.

partner-order-idYou can find your “Partner Order ID” on the details page of your SSL Certificate inside your SSL Dragon account. See screenshot on the right.

I. New Orders

STEP 1: Business Validation
To pass Business validation, you may have to provide an official registration document, such as Business License, Article of Incorporation, and or Registration application.
Here are the BV options:

A. No paperwork. Your company’s legal existence will be checked via public government database using your company name and your unique Registration/Identification number OR via verified public 3rd party databases, such as GLEIF, Duns & Bradstreet, Hoovers, Companies House GOV.UK.

B. Paperwork. Your company will be verified using:

  • an official registration document, such as Articles of Incorporation, Government Issued Business License, or
  • a copy of a recent: company bank statement, company phone bill, or major company utility bill  (i.e. power bill, water bill, etc.).

STEP 2: Callback process
The last step is a callback process called the phone validation. Comodo/Sectigo will call you and asks to confirm your name and order to validate official company phone number.
Below are the 4 callback options. You don’t have to do all four things from below. Doing just one of them will be enough.

A. Yellow Pages Databases. Sectigo verifies your phone number via public Yellow pages Databases.

B. DUNS. The second way is to provide your DUNS number to Comodo/Sectigo. You can get your company’s DUNS number from this website: https://www.dandb.com/. If Comodo/Sectigo gets back to you and says that your DUNS listing does not contain a phone number, then you need to contact Dun & Bradstreet (at https://www.dandb.com/) and ask them to “add your company’s phone number to their business directory and on the report”.

C. Local phone database. If you don’t have a DUNS number, then the other thing you can do is to provide your company’s registration number for Comodo/Sectigo to check your company with your country’s governmental directories (e.g.: Corporation Division, Companies House, Department of State, etc). Please note that Comodo/Sectigo will be looking to see your company’s phone number listed there as well. Not all governmental directories have the companies’ phone numbers. If the governmental directory allows you to call them, email them, or use their website to add your phone number, then please go ahead and do that.

D. Legal OpinionIf the above two options (2.1 and 2.2) don’t work for you, then the third and last option to validate your phone number is to ask a CPA (Certified Public Accountant), or a Latin Notary, or an Attorney (Lawyer) to write, sign and send a letter to Comodo/Sectigo where they confirm your company name, address and phone number. You can find the sample letters below:

– Sample Accountant Letter
– Sample Legal Opinion Letter


II. Renewal/Reissue Orders

For reissues and renewal order, instead of Step 1 and 2, you must contact Comodo/Sectigo Validation Center at https://sectigo.com/about/contact, click on “Submit a ticket here”, or choose Live Chat, select Validation Department and submit the following request (please replace [] fields with the corresponding info):

Reason for the ticket: Validation
Order number: [Your Partner Order ID]
Subject: Business Validation 

Dear Sectigo!
Please validate order [Partner Order ID] using the company name [Your Company Name], with [Registration/ID number] and [DUNS number].

Sectigo will then contact you for Step 2 or any necesssary updates to the Step 1.

Validation for Individuals

There are a few things that you need to do to pass the Individual Validation for your Comodo/Sectigo Code Signing Certificate.

STEP 1: (Optional) The first thing that you need to do is to provide your individual DUNS number to Comodo/Sectigo. You can get your individual DUNS number from this website: https://www.dandb.com/. Make sure that your DUNS listing contains your full name, address and phone number. If it doesn’t, then you need to contact Dun & Bradstreet (at https://www.dandb.com/) and ask them to “add your full name, address and mobile phone number to their business directory and on the report”.

Duns and Bradstreet is an international company and they have a database with individuals and companies from all countries (USA, Canada, United Kingdom, Australia, New Zealand, South Africa, Germany, Israel, etc). So, they work with international customers, too.

STEP 2: You need to provide the following documents to Comodo/Sectigo:

a) Government issued photo ID (driver’s license or passport);
b) One financial institution document (a bank statement or credit card statement less than six months old);
c) One non-financial document (gas bill, water bill, power bill).

STEP 3: You need to get attested by a legal authority by filling out the face-to-face verification form. You can download the form at this link. The face-to-face verification letter should be signed by a Notary, Latin Notary, registered Attorney, Certified Public Accountant (CPA), or a Justice Of The Peace. The legal authority should have accreditation and a license number that is available online.

If you decide to go with a Legal Attorney, he or she must be registered with the BAR, and the BAR should have the Attorney’s full name and license number. You can find an attorney in your country by looking into these worldwide legal directories: http://www.hg.org/legal.html

partner-order-idSTEP 4: You need to provide all this information to Comodo/Sectigo Validation Department by contacting Comodo/Sectigo at https://www.comodoca.com/en-us/support/. Click on “Submit a ticket here”, select Validation Department and submit your request. Please include your Comodo/Sectigo Order ID in the subject and in the body of the message that you send to Comodo/Sectigo so that they know which order you are writing them about. You can find your Comodo/Sectigo Order ID on your SSL Certificate’s details page inside your SSL Dragon account. See the screenshot on the right.

If you don’t see your Comodo/Sectigo Order ID, then please open a ticket with us, or email us and let us know the name of the company or the name of the individual that you included in the SSL configuration form, so that we could provide you your Comodo/Sectigo Order ID.

SaveSave

How to pay for my invoice with a Credit/Debit Card via PayPal?

If your Credit / Debit Card payment via our default payment processor (Stripe) fails, you can always pay using a Credit/ Debit Card via PayPal. Here is how to do that:

  1. partner-order-idPlease go to “My Invoices” page inside your SSL Dragon account to see the unpaid invoice for your order: https://my.ssldragon.com/clientarea.php?action=invoices
  2. Click on your unpaid invoice to open it;
  3. Select PayPal as a payment method and click the orange “PayPal Checkout” button on the top right of the screen;
  4. When you are on the PayPal payment page, you can click on the “Pay with Debit or Credit Card” button (see screenshot on the right).

 

How to reissue a Comodo (Sectigo) Code Signing Certificate?

Here are the steps that you need to do in order to reissue your Comodo/Sectigo Code Signing Certificate:

1) Login at https://secure.trust-provider.com/products/frontpage?area=ssl using the username and password that you used when you configured your Comodo/Sectigo Code Signing Certificate initially;
2) Once you are logged in, find the “Replace” button and click on it;
3) You will start the reissue process for your Comodo/Sectigo Code Signing SSL.
4) Follow the steps and instructions that come next, until you complete the Comodo/Sectigo Code Signing Certificate reissue.

How to reissue a CPAC Certificate?

Here are the steps that you need to do in order to reissue your Comodo/Sectigo CPAC Certificate:

1) Login at https://secure.trust-provider.com/products/frontpage?area=ssl using the username and password that you used when you configured your Comodo/Sectigo CPAC initially;
2) Once you are logged in, find the “Replace” button and click on it;
3) You will start the reissue process for your Comodo/Sectigo CPAC SSL.
4) Follow the steps and instructions that come next, until you complete the Comodo/Sectigo CPAC Certificate reissue.

How to reissue an SSL Certificate?

How to reissue an SSL Certificate? (Except CPAC and Code Signing)

We allow you to reissue your SSL Certificate for various reasons. You may want to change your domain name, your company name, or maybe you changed servers and you were given another CSR which was generated on your new server, or you lost your Private Key and you need to get a new Private Key based on a new CSR that you generated.

Domain Validation SSL Certificates

reissue_ssl_certificateYou can reissue your SSL Certificate from your SSL Dragon account by following the next steps:
1) Log into your SSL Dragon account;
2) Go to Services -> My Services;
4) You will see the list of products which you bought from SSL Dragon. Click on the SSL Certificate which you would like to reissue;
5) Click on the “Reissue certificate” button on the left side (see the screenshot on the right);
6) Reconfigure your SSL Certificate. As a part of the reconfiguration, you will have to enter a new CSR code;
7) For Multi-Domain SSL – Don’t forget to include the SAN list in the SANs field;
8) After reconfiguring your SSL Certificate, you will have to pass the Domain Validation again.

For Domain Validation SSL Certificates, your SSL Certificate will be reissued after you pass the domain validation successfully.

Business Validation SSL Certificates

To reissue a Business Validation SSL Certificate, you have to go through the same reconfiguration and domain validation process as described under the “Domain Validation” section above. After that, you have to pass the entire Business Validation process again, so as the Certificate Authority needs to recheck the legal existence of your domain name, company, and your company’s phone number. You can read how to pass the Business Validation process at this link.

Your BV SSL Certificate will be reissued after you pass the Business Validation process again.

Extended Validation SSL Certificates

To reissue a Extended Validation SSL Certificate, you have to go through the same reconfiguration and domain validation process as described under the “Domain Validation” section above. After that, you have to pass the entire Extended Validation process again, so as the Certificate Authority needs to recheck the legal existence of your domain name, company, and your company’s phone number. You can read how to pass the Extended Validation process at this link.

Your EV SSL Certificate will be reissued after you pass the Extended Validation process again.

How to validate an IP address on a router

If your router has a public IP address, you can still validate that IP address.

HTTP/HTTPS validation is the only method available for IP address validation. The HTTP/HTTPS validation method consists of adding a TXT file on your IP address and having Comodo/Sectigo scan that IP address and validate it. There is no way to upload a TXT file on your router. The solution to get the IP address validated is to reroute the IP address to a server, put the TXT file on that server, pass the IP validation, and then reroute the IP addresses back to the router.

You can read more information on what the TXT file should include and where to upload it in the following FAQ item: https://www.ssldragon.com/contacts/faq/#collapse-14363

 

I added my phone number to my DUNS listing. Why didn’t I pass the validation yet?

Some Certificate Authorities (especially Comodo/Sectigo and Symantec) may ask you to update or add your phone number to your company’s DUNS listing, as a part of your Business or Extended Validation process.

After you have contacted Dun & Bradstreet and added your phone number to your company’s DUNS listing, it may take between 5 and 40 days for Dun & Bradstreet to make your DUNS listing update available to the public. When you talk to Dun & Bradstreet over the phone, they may tell you that they added or updated your phone number. However, they only initiated process. Your phone number will appear on the Dun & Bradstreet website (https://www.dandb.com/) in about 5 to 40 days after that.

You will know that your DUNS listing has been truly updated, only when you get an email message from Dun & Bradstreet saying that your DUNS profile has been updated successfully. Your phone number will start appearing on your DUNS listing only after you get this email from them. Also, Certificates Authorities (such as Comodo/Sectigo and Symantec) can verify your phone number based on your DUNS listing only when your phone number is publicly available. That’s why, you or we should contact the Certificate Authority requesting them to check your DUNS listing only after you get that confirmation by email.

In the past, we asked the Validation Department representatives from Comodo/Sectigo and Symantec to contact Dun & Bradstreet directly, and check our customer’s phone number with Dun & Bradstreet. We did that after our customers told us that they added or updated their phone number on their DUNS listing. Each time, Comodo/Sectigo and Symantec were told by the Dun & Bradstreet representatives that our customers’ DUNS listing update is “in progress” and “has not been completed yet”, and were advised to get back to Dun & Bradstreet when the customers receive an email message from Dun & Bradstreet which confirms them that their DUNS listing was updated.

If 5-40 days is too much to wait, we recommend you to go with other methods of validating your company and phone number, such as providing a legal letter written by a notary, an attorney, or a certified public accountant. This method will allow you to pass the Business or Extended Validation within 1-2 days.

I don’t know my webserver type. What should I choose?

When configuring your SSL Certificate, you are asked to choose your webserver type.

If you don’t know which server type you have, simply choose “Other” and your SSL Certificate will work on any server type for sure. For certificate authorities, the webserver type question is more a statistics question than an attribute which your SSL Certificate will be configured by. Certificate authorities needs to know what are the most used server types in order to build their certificates compatible with all these server types.

I have the CSR. What’s next?

Once you got your CSR code and Private Key, you can enter your CSR when ordering an SSL Certificate. Here is where you need to enter your CSR code:

  1. Sign in to “My Account” on our SSL Dragon website;
  2. Once you are logged in, go to the main menu, select “Services” -> “My Services“;
  3. You will see the list of SSL Certificates which you bought on our website. Click on the SSL Certificate which you have just ordered, to enter its details page;
  4. When you are on the details page of the SSL certificate which you bought, go towards the bottom of the page, and click on the green button which says “Go to the SSL Certificate configure wizard”;
  5. Fill in the 2 or 3 steps form, by entering your personal and your company information. The second thing that you will be asked about on this form is the CSR. Copy and paste your CSR code in the text area which asks you for your CSR;
  6. Once the 2 or 3 steps form is completed in full, your SSL Certificate order will be submitted to the Certificate Authority;
  7. A message will come on the email address which you selected on Step 2. You need to go to your email address, and confirm that you are the owner of the domain name which you asked for an SSL Certificate for;
  8. Once these are done successfully, you will receive your SSL Certificate in anything between 5 minutes (for a Domain Validation SSL Certificate) and 7-10 days (for an Extended Validation SSL Certificate).
I installed the SSL Certificate. Why does my site continue to show as insecure?
  1. One of the most common reasons why a website which has an SSL Certificate installed continues to show as insecure, is that your website continues to pull content, images or videos from unsecured HTTP links. You need to change all the links that you are pulling content from to HTTPS links, and your website will start showing as secure immediately.
  2. The second most common reason why a website may show insecure although you installed an SSL Certificate on it is that your server is outdated and/or doesn’t support the latest TLS settings requirements.
  3. The third most common reason why a website may show as insecure although you installed an SSL Certificate on it, is that you and other visitors continue to open your website through an unsecured HTTP link. You should put a redirect in the server configuration file or in the site’s htaccess file, so that whoever enters your website by typing “www.mywebiste.com” should be automatically redirected to https://www.mywebsite.com. With other words, you should put a redirect that sends all users to your secured site. Here are some articles on how to do this.
  4. You also might be missing the CA-bundle/Intermediate/Root SSL Certificates.
  5. Another problem might be the incorrect SSL installation

All 5 reasons and any other can be revealed by checking how well was your SSL installed using these tools: SSL Server Test and Why No Padlock? 

They will offer you a free report on your SSL Certificate installation along with detailed information on how to fix any vulnerabilities.

Also, we recommend you to read our article called: How to move your website from HTTP to HTTPS easily and with no pain. The article goes even further and comes with many more recommendations on what to check and do to have your website open from an HTTPS link correctly.

 

 

 

What are 3-Year SSLs?

Awesome news to the SSL market:

Now most of the renowned Comodo SSL certificates, as well as the new GoGetSSL Certificates, are available for 3-year Subscription Plans!

What’s a 3-year Subscription Plan?

Due to security reasons, your Comodo (Sectigo) or GoGetSSL  SSL certificate is initially issued with a maximum 2-years (27 months) validity because since March 1, 2018, the maximum duration of publicly-trusted SSL/TLS certificates issued by all Certificate Authorities has been set to 825 days (about 27 months).

Prior to the expiration, SSL Dragon, on behalf of Comodo and GoGetSSL, will issue free replacement certificates for an additional 1-year certificate included in the Subscription Plan. In this way, you can continue to benefit from multi-year discounting while still remaining compliant with CA/Browser Forum SSL expiration requirements.

You can still reissue your certificate at any time and as many times as you like.

At the end of the 2nd year, for Domain Validation SSL Certificates, will be required a short verification of domains via Email, HTTP, or DNS in order to receive the new SSL. The Business and Extended certs will require a short BV/EV recheck and callback process.

What are SSL installation best practices?

You can find detailed documentation about the SSL Certificates’ best installation practices at SSL Labs.

What are the benefits of each validation type (DV vs. BV vs. EV SSL Certificates)?

If you are still wondering what are the main benefits of each validation type (Domain Validation (DV), Business Validation (BV), and Extended Validation (EV)) and why you should choose one vs. another, then this is the right FAQ for you. Each of these SSL Certificate types was created having in mind a certain customer trust level:

  • BasicDomain Validation SSL Certificates – created for customers who aren’t interested in showing their company name and address in the SSL Certificate – either because they don’t need/want to or simply because they just don’t have a company. They only need to get the SSL Certificate very quickly in order to secure their domain name with HTTPS and have all web and mobile browsers display their website as “Secure”.
  • MediumBusiness Validation SSL Certificates – designed for clients who want to display their company’s name in their SSL Certificate’s details in order to ensure their customers that their business is real and trustworthy. BV SSL Certificates also allows you to display on your website a site seal provided by the third party Certificate Authority which proves that your SSL Certificate was issued to your company’s name and address.
  • Top Extended Validation SSL Certificates   developed for clients for whom users’ trust is highly important and they want to have a green address/URL bar that displays the company’s name on all web and mobile browsers (along with making this information visible in the SSL Certificate’s details). EV SSL Certificates also provide the site seal which proves that your SSL Certificate was issued to your website, company’s name and address but these certificates have the topmost trust level because they show your customers, prospectors, and visitors that your website is highly secure and that their information is always protected.

Now that you know the main differences between Domain Validation (DV), Business Validation (BV), and Extended Validation (EV) SSL Certificates, it should be much easier for you choose the one that fits you the best. 

What CPAC SSL Certificate to choose – Basic, Pro, or Enterprise?

Comodo (now Sectigo) Personal Authentication Certificates were designed for individuals and businesses who are looking at implementing the best web security practices, such as email & document encryption and user two-factor authentication. However, each CPAC SSL Certificate was designed to fit a particular need. Just like DV, BV, and EV SSL Certificates, CPAC SSL Certificates come with different validation requirements which enable certain certificate fields:

  • CPAC Basic – requires Domain Control and displays only your email in the SSL Certificate
  • CPAC Pro – requires Domain Control and Identity Verification in order to display your email, First and Last Name in the SSL Certificate
  • CPAC Enterprise – requires Domain Control, Identity Verification, and Organization Validation in order to display your email, First and Last Name, as well as Company Name and Address in the SSL Certificate.

Based on your actual needs, you can now decide which Comodo Personal Authentication Certificate is the best option for you, providing you an enhanced web security of your business activity. 

What documents should I provide for a Domain Validated SSL Certificate?

In order to buy a Domain Validated certificate, you do not need to provide any documentation. You will have to confirm the domain ownership through a simple email or file-based authentication. Following completion of one of these elements, the DV certificate will be signed and released to you.

What domains/sub-domains can I secure with a Multi-Domain (SAN) SSL Certificate?

multi-domainA Multi-Domain (SAN) SSL Certificate is specifically created to allow users to secure multiple domains and/or multiple sub-domains with one single SSL Certificate. Depending on the SSL Certificate product and brand, the certificate will include a different number of additional domains (called SANs) at the price quoted on the SSL Certificate’s details page (see screenshot on the right).

For example, a Multi-Domain (SAN) SSL Certificate that has 4 domains by default allows you to secure:

  • Four different domains:
    1. mysite.com
    2. example.com
    3. abcxyz.com
    4. demo123.com
  • Four different sub-domains:
    1. my.example.com
    2. mail.example.com
    3. test.mysite.com
    4. account.mysite.com
  • Four different domains and sub-domains:
    1. example.com
    2. my.example.com
    3. abcxyz.com
    4. mail.demo123.com

sanNOTE: Here is how you should configure your Multi-Domain SSL Certificate on our website: When you generate a CSR (Certificate Signing Request), please include one single domain name or sub-domain in it, such as: www.example.com. The rest of the domains or sub-domains, which are called SANs (2nd, 3rd, 4th domains or sub-domains) should be included in the fields for additional domains. You will see the fields for additional domains on the SSL Certificate configuration form, right under the text area for the CSR (see screenshot on the right).

What happens if I don’t renew my SSL Certificate?

non-secureYour current SSL Certificate will expire as soon as the “Expires” date for your SSL Certificate passes. If you keep your old and expired SSL Certificate on your website, then all the web and mobile browsers will show your website as insecure and will prompt users that your website has a major security problem, and will not let visitors enter your website unless visitors explicitly accept to enter your website on their own risk. You can see an example of these security alerts that visitors will see on your website if you keep an expired SSL Certificate.

The solution to prevent that is to renew your SSL Certificate, and install the newly renewed SSL Certificate on your website. In that case your website will continue to show as secure.

The other, less preferable solution, is to uninstall the SSL Certificate from your website. In that case, visitors will be able to see your website. They will not be stopped from viewing your website as shown in the screenshot from above. However, so as your website will not have an SSL Certificate in general, then visitors will see the “Not secure” message in the browser’s URL bar next to the name of the website.

What if I accidentally or purposefully put some wrong information in the CSR?

Whether you accidentally or purposefully enter some incorrect information during the CSR generation process, the CSR and the Private Key will still be issued to you immediately. However, once you use the CSR code to apply for an SSL Certificate, you may or may not be issued an SSL Certificate. It is solely at the Certificate Authority’s discretion to approve or decline your SSL Certificate issuance if you entered incorrect information about you and your company.

If you found out that the CSR is wrong and you already configured the SSL, please open a ticket with us and provide the correct CSR.

If you realized that you entered incorrect information in the CSR while generating it, you simply have to put aside, ignore or delete your existing CSR and Private Key. After that, you should generate a new CSR code (which will automatically generate a new Private Key too), using correct information about yourself and your company. Use the newer CSR when applying for an SSL Certificate, and then your newer Private Key when installing your SSL Certificate on your website and server.

What information the CSR must contain?

The CSR must contain the following mandatory encrypted information: your Country, State, City/Town, Name of the company, Department from your company, and the Domain name or IP address that you want the SSL Certificate to be issued for.

It may also contain this optional information: the email address where your CSR code and the Private Key will be sent to once they are both generated.

To avoid any errors, please make sure that:

  1. You DO NOT enter “http://” or “https://” along with your domain name as a common name when generating the CSR. Please enter only “www.domain.com” or “domain.com” as a common name. Also, make sure you don’t have any extra spaces before or after your domain name.
  2. When generating the CSR code you were given a CSR code and a Private Key. Make sure that you only enter the CSR code in the SSL Configuration form. DO NOT enter the Private Key, but save it and keep it in a safe location on your computer or email, because you will need it when installing the SSL Certificate on your website/server.
  3. The CSR that you enter in the SSL Configuration form should include the following two lines: “—–BEGIN CERTIFICATE REQUEST—–” header and “—–END CERTIFICATE REQUEST—–” footer.
  4. For Wildcard SSL Certificates – When generating the CSR code for a Wildcard SSL Certificate, you have to include an asterisk and dot (*.) before your domain name. In other words, you should fill in *.yourdomain.com as a common name in your CSR.
  5. For Multi-Domain Wildcard SSL Certificates – Any Multi-Domain Wildcard SSL Certificate should start with a non-Wildcard domain. This means that you need to generate the CSR for a single domain – example.com – without any asterisk sign “*.”. Please read more in this FAQ.
  6. For IP Address SSL Certificates – For Comodo InstantSSL Premium, the common name should be your IP address. For GoGetSSL Public IP SAN SSL Certificate, you will be asked to generate a CSR with NO Common NameHere is how to do it.
What is a Business Validated (BV) SSL certificate?

The Business Validation (BV), also called Organization Validation (OV), SSL certificate is recommended if you have an e-commerce website that is a registered business. Besides the domain validation performed through e-mail, you will have to provide company documentation to receive business authentication. During this authentication process, the Certificate Authority (CA) will verify if your business is carried out by a legitimate, good faith company operating at the provided location. Since the validation is done manually and involves paperwork, you will receive your Business Validation SSL certificate within 1-3 business days.

After receiving Business Validation, the green “https” and padlock icon will be displayed on your website’s address bar. These signs will make customers more willing to entrust you their personal and financial information. Yet, if your website purpose is to perform large sales, offer specific products/services or execute financial transactions, you should consider buying our Extended Validation (EV) certificate. This type of SSL certificate will activate the green address bar and will give your site a higher level of trust.

What is a CodeSigning Certificate?

The CodeSigning certificate was specifically developed for increasing the trustworthiness of your software products. This type of certificate protects your digital downloadable goods, like scripts or codes, by signing them and guaranteeing their authenticity and integrity. This certification brings a greater level of your customers’ trust, by ensuring them that your content is safe and it belongs to your company. Moreover, the Authenticode Technology guarantees that if the code will be damaged after being signed, the digital signature will break and alert the client that the software is no longer credible.

CodeSigning certificates are Business Validation (BV) and Personal Validation SSL certificates. The Business Validation SSLs require Certificate Authority’s (CA’s) authentication through providing your company’s documents, along with performing domain validation by email. The Personal Validation requires personal identification verification of the owner. The entire validation process may take up to 2 or 3 business days to issue your CodeSigning certificate that will serve as a third party guarantee for the authenticity of your digital goods.

You can find our full list of CodeSigning certificates at this link.

What is a CSR?

“CSR” stands for “Certificate Signing Request”. The CSR code represents an encrypted text message which a person or a company sends to the Certificate Authority through SSL Dragon as a part of applying for an SSL Certificate. The CSR code contains information about you and your company, which will be included in the SSL Certificate that will be issued to you.

What is a Domain Validated (DV) SSL certificate?

The Domain Validation (DV) SSL certificate is the most affordable choice for increasing the security of your blog, personal or small business website. Since there is no required paperwork, the process of acquiring the Domain Validation certificate is very quick and easy: you will have to prove that you are the domain owner just by responding to an automatic e-mail message. After a couple of minutes, you will receive the issued SSL certificate which can be installed immediately. Sites with Domain Validation certification can be identified by the green padlock that is displayed by most web browsers.

This type of SSL certificates is recommended to be used if you need to prove that your site is secured, by having a secured connection. The Domain Validation certificates don’t display the legal entity, as the identity of the website owner is not checked while issuing them. So, if you have an e-commerce website or a site that collects users’ personal data, you should consider buying our Business Validation (BV) or Extended Validation (EV) certificates, which will make your site more trustworthy.

What is a Multi-Domain or SAN SSL Certificate?

The Subject Alternative Name (SAN) SSL certificate, also called the Unified Communication Certificate (UCC) or the Multi-Domain SSL certificate was particularly developed to secure all your domains and subdomains by owning one single SSL certificate. This type of certificate ensures the security for both, your internal and external domains/subdomains and is fully compatible with your Microsoft Exchange products and Microsoft Office Communications Server.

UCC/SAN SSL certificates are not just easy to be managed but are the most cost-effective option. These certificates give you the opportunity to secure your main domain, for example, ssldragon.com, together with many other totally distinct domains, like ssldragon.net, ssldragonsslcertificates.com and its subdomains mail.ssldragon.com and account.ssldragon.com – all with 1 single certificate. Besides, unlike Wildcard SSL certificates, UCC/SAN certificates are available in all three validation methods: Domain Validation (DV), Business Validation (BV) and Extended Validation (EV).

You can find our full list of Multi Domain (UCC/SAN) SSL Certificates at this link.

What is a Site Seal?

A site seal is a security icon graphic showing the name of the issuing Authority of the SSL. The site seal on your website is a proof that your business has been verified by the Certificate Authority.

You will be issued a static or dynamic site seal, depending on the SSL certificate that you buy for your website. A dynamic site seal will usually display a live time and date stamp and/or your company name. Visitors can click on the site seal to display additional verification information.

By displaying the site seal in preeminent place on your website, you will make your clients feel safer while performing transactions, knowing that any information shared is within a secure environment and authenticated by a trusted Certificate Authority.

What is a Wildcard SSL Certificate?

The Wildcard SSL certificate was specifically designed for ensuring the security of your main domain, along with its multiple subdomains. For instance, if your site’s domain is ssldragon.com, then the Wildcard certificate for “*.ssldragon.com” will secure an unlimited number of your first-level subdomains like mail.ssldragon.com, account.ssldragon.com or login.ssldragon.com. By buying this SSL certificate, you don’t need to purchase other certificates for each subdomain. The Wildcard SSL certificate comes in two options: Domain Validation (DV) and Business Validation (BV).

Besides being a convenient way of securing your site, Wildcard SSL certificates are very easy to be managed because the domains will have the same renewal date. This is why you should consider getting Wildcard certificates if you own a complex website, with different subdomains, IP addresses or server storage options. Yet, if you have level 2 subdomains (like test.account.ssldragon.com) or you need an Extended Validation (EV) SSL Certificate, you may have to buy a separate SSL certificate for each domain/subdomain or a UCC/SAN SSL certificate for all of them.

What is an Extended Validated (EV) SSL Certificate?

The Extended Validation (EV) SSL Certificate is the best choice if you want to build customer relationships based on security and trust. This certificate is issued only after the Certificate Authority (CA) performed an extensive verification of your company and its owner, confirming that your business is trustworthy. The validation process can take a few business days. But if you keep your company’s records up to date, the Extended Validation SSL certificate will be issued quickly, confirming that your company owns the website.

This type of SSL certificate significantly enhances the trust level of your website. Extended Validation certificates are highly effective in providing protection against phishing attacks. By displaying the well-known green address bar, your clients feel safer while performing transactions, and this fact will definitely boost your conversions. This is why Extended Validation certificates are considered the most reputable SSL Certificates for your website.

What is an SSL certificate warranty?

An SSL certificate warranty is insurance which covers any damage that you may incur as a result of a data breach or hack that was caused due to a flaw in the certificate. The SSL warranties range in value from $5,000 to $1,500,000. This means that the higher value certificates come with more extensive warranties.

What is an SSL Certificate?

The “SSL Certificate” stands for “Security Socket Layers Certificate”. This protocol was created to protect data travelling between two machines through data encryption.

All the information from the Internet is basically transferred from one location to another in the form of HTTP language (Hyper Text Transfer Protocol). But HTTP by itself is unprotected and susceptible to Internet tricksters and thieves. That’s why SSL Certificates were developed to protect the information traveling on the Internet.

You may know about the SSL Certificates by some common things you see in your browser: the padlock, the browser bar turning green, the “HTTPS” on the browser tab (when HTTP is being protected by SSL it inherits the letter “S”).

These are all indications that the website you are using has SSL encryption and its information is secure against cyber attacks.

What is an SSL reissue and when will I need to request it?

The reissue of an SSL certificate means its replacement with a new SSL. The reissued SSL certificate will only be valid until the expiration of the original certificate.

You will need to request the reissue of your SSL certificate in any one of the following situations:

  • You have lost the private key for the certificate;
  • You have changed your web server/hosting provider;
  • You have changed your contact information and you need to update it on your certificate;
  • You feel that your private key is compromised.

The reissue of your SSL certificate is free of charge.

What is encryption strength?

Encryption strength is the size of the keys used to perform the encryption of data during an SSL session. The longer keys provide stronger encryption and make it difficult for computers to break the code.

All our SSL certificates support up to 256-bit encryption, as it is strongly recommended by the industry experts.

What is the difference between SHA-1 and SHA-2?

SHA – standing for Secure Hash Algorithm – is a hash algorithm used by certification authorities to sign certificates and CRL (Certificates Revocation List).

SHA-1 is an older version of the algorithm that is no longer considered to be secure by major browsers and industry experts. SHA-1 is no longer allowed to be used during the generation process by the industry.

SHA-2 is the latest version that is widely accepted and considered to be secure by all major industry experts and browsers. The encryption hash used in SHA-2 is significantly stronger and not subject to the same vulnerabilities as SHA-1.

What sub-domains can I secure with a Wildcard SSL Certificate?

A Wildcard SSL Certificate is specifically created to allow users to secure one single domain name and all its sub-domains. With other words, you can secure one single domain name and an unlimited number of sub-domains belonging to that domain name with one single Wildcard SSL Certificate.

You can add sub-domains to your server and they will be covered by your Wildcard SSL Certificate automatically. You do not need to re-issue your Wildcard SSL Certificate each and every time when you add sub-domains to it. The newly added sub-domains will be automatically covered by your Wildcard SSL Certificate.

NOTE: The sub-domains that you can secure with one Wildcard SSL Certificate have to be either 1st level sub-domains (e.g.: *.example.com) or 2nd level sub-domains (*.mob.example.com). You cannot secure 1st and 2nd level sub-domains with one regular Wildcard SSL Certificate.  If you want to secure 1st level sub-domains and 2nd level sub-domains, you have to get a Multi-Domain Wildcard SSL Certificate, or 2 separate Wildcard SSL Certificates.

For example, a regular Wildcard SSL Certificate allows you to secure:

  1. One main domain name (example.com) and all its 1st level sub-domains (*.example.com):
    1. my.example.com
    2. test.example.com
    3. dev.example.com
    4. mail.example.com
    5. (etc)
  2. Or, one sub-domain (mob.example.com) and all 2nd level sub-domains (*.mob.example.com):
    1. my.mob.example.com
    2. test.mob.example.com
    3. dev.mob.example.com
    4. mail.mob.example.com
    5. (etc)

In order to secure one domain and all its sub-domains as shown in the first example, you have to include *.example.com as a common name (domain name) when creating a CSR (Certificate Signing Request). If you want to secure 2nd level sub-domains, then you have to enter *.mob.example.com as a common name (domain name) when creating a CSR (Certificate Signing Request).

What term can I buy an SSL certificate for?

The validity of an SSL certificate varies between 1 and 3 years, depending on the certificate you choose to buy. The Extended Validated SSL certificates are valid for 1 or 2 years. The Domain and Business Validated SSL certificates offered by Comodo (now Sectigo), GoGetSSL, can be issued for up to 3 years, RapidSSL, Symantec, GeoTrust and Thawte – for 2 years.

You can save between 7% and 15% when purchasing an SSL certificate for 2 or 3 years ahead.

When should I renew my SSL Certificate?

expiry-dateYou may start the renewal process for your SSL Certificate within 90 days before its expiration date.

Your new SSL Certificate will be connected with the old one, which means that all the remaining days from the previous SSL Certificate will be added to the new one.

If you have a Domain Validation SSL Certificate, you can renew your SSL Certificate 1-2 weeks prior to your SSL Certificate’s expiration date.

Your SSL Certificate expires on its “Expires” date. Also, you should plan to have the SSL Certificate renewed enough time ahead so that you manage to install it on your website and server before your current SSL Certificate expires.

If you have a Business Validation SSL Certificate or an Extended Validation SSL Certificate, then we recommend renewing your SSL Certificate 3-4 weeks prior to the expiration date, so as you have to pass the Business Validation or Extended Validation again.

The Business Validation or Extended Validation process is quicker when renewing an SSL Certificate than when getting it for the first time.

Anyway, it is always good to do this as early as possible, in order to assure the continuity of your website being secured by an SSL Certificate.

Where can I check how well my SSL Certificate is installed?

Two great tools to check how well your SSL Certificate is installed are:
1) SSL Server Test
2) Why No Padlock?

You only have to paste your https URL to get a free report and an A++ to F grade on your SSL Certificate installation. These tools will tell you what are the vulnerabilities of your SSL Certificate installation, and will offer you detailed information on how to fix them.

We also recommend you to read our article called: How to move your website from HTTP to HTTPS easily and with no pain.

Where can I download my SSL Certificate from?

There is no place in your SSL Dragon account where you can download the SSL Certificate from. We provide you the SSL Certificate in the exact same form in which we get it from the Certificate Authority.

Anyway, if you need your SSL Certificate as actual files, then you can use any text editing tool such as Notepad and create the actual files that you need.

If you go to your SSL Dragon account, then to your SSL Certificate details page, you will find the 3 large pieces of codes that your SSL Certificate is made of:
1) The CSR code is the one which you generated along with your Private Key, and which you used to configure your SSL Certificate. If you need this code as a file, you can copy and paste this code in Notepad, and then save it as a .csr format file.
2) The CRT code which is your actual SSL Certificate code. Save this one as a .crt format file.
3) The CA Bundle code has the root and intermediate certificates in it. Save this one as a .ca-bundle format file.

You won’t be able to find your Private Key inside your SSL Dragon account, because we don’t have it, and we don’t store it. Private Keys are private, and it is only you who should have it. If you cannot find your Private Key, we recommend reading this article so as it may help you to find it, or generate a new one.

Where can I find my CSR?

If you generated your CSR code on the CSR Generator on our website, then the CSR and the Private Key were both shown to you when you generated your CSR. They were also sent to your email address that you included in the CSR form that you filled in on our website. The message that was sent to your email address came from [email protected] and it had the following subject: “Your CSR code and your Private Key”.

If you generated your CSR on your server, then your CSR code and your Private Key were both provided to you by your server. You had to copy both on your computer or email, and store them in a safe place. In some cases, some servers may show the CSR code and the Private Key, and at the same time store both these pieces of code for you on the server. In other cases, the server only provides you the CSR code and keeps the Private Key hidden on the server.

Also, your CSR code will be displayed to you again when your SSL Certificate is issued. Once the SSL Certificate is issued and shown in your SSL Dragon account, it will also show you the CSR code that you used to configure your SSL Certificate.

Where can I find my Private Key?

This is one of the most frequent questions that we get. Unfortunately we cannot send you the Private Key, because it is private, and we do not store it anywhere in our system and database. The Private Key is always confidential, and it is only you as the SSL Certificate owner who should have it. If we were to have or store your Private Key, this would compromise the “security” of your SSL Certificate.

If you generated your CSR code on the CSR Generator on our website, then the CSR and the Private Key were both shown to you when you generated your CSR code. They were also sent to your email address that you included in your CSR. The message that was sent to your email address came from [email protected] and has the following subject: “Your CSR code and your Private Key”.

If you generated your CSR on your server, then your CSR code and your Private Key were both provided to you by your server. You had to copy both on your computer or email, and store them in a safe place. In some cases, some servers may show the CSR code and the Private Key, and at the same time store both these pieces of code for you on the server. In other cases, the server only provides you the CSR code and keeps the Private Key hidden on the server.

re-issue-certificateThis being said, please look for the Private Key in your email address or on the server. If you cannot find it, then please generate a new CSR code on your server, or on the CSR Generator on our website. The CSR code will come with a Private Key. Once you generate a new CSR code and Private Key, then please go to the SSL Certificate details page inside your SSL Dragon account, and click on the “Reissue certificate” button from the left side bar on the page. You will have to pass the domain validation again, and once you do that, the SSL Certificate will be re-issued to you based on the new CSR code that you entered. Also, the re-issued SSL Certificate will pair with the Private Key which came along with the new CSR code.

If you cannot find the “Reissue certificate” button on the SSL Certificate details page inside your SSL Dragon account, then please send us the new CSR code via a Support Ticket inside your SSL Dragon account, or directly at [email protected] and we will re-generate the SSL Certificate for you, using the new CSR code. Please do not send us the Private Key, so as only you should be the one to have it. Store it in a safe place in your email or computer.

Where can I find my SSL Certificate?

You can get the SSL Certificate from your SSL Dragon account by following the next steps:
1) Log into your SSL Dragon account;
2) Go to Services;
3) Then go to My Services;
4) You will see the list of products which you bought from us. Click on the SSL Certificate which you bought;
5) When you are on the SSL Certificate page, scroll down, and you will see the codes that the SSL Certificate is made of.

The 3 large pieces of codes that you will see are:
1) The CSR code is the one which you generated along with your Private Key, and which you used to configure your SSL Certificate. If you need this code as a file, you can copy and paste this code in Notepad, and then save it as a .csr format file.
2) The CRT code which is your actual SSL Certificate code. Save this one as a .crt format file.
3) The CA Bundle code has the root and intermediate certificates in it. Save this one as a .ca-bundle format file.

You won’t be able to find your Private Key inside your SSL Dragon account, because we don’t have it, and we don’t store it. Private Keys are private, and it is only you who should have it. If you cannot find your Private Key, we recommend reading this article so as it may help you to find it, or generate a new one.

Where can I find root and intermediate certificates for Comodo (Sectigo)?

If you go to your SSL Dragon account, then to your SSL Certificate details page, you will find the 3 large pieces of codes that your SSL Certificate is made of:

1) The CSR code is the one which you generated along with your Private Key, and which you used to configure your SSL Certificate.
2) The CRT code which is your actual SSL Certificate code.
3) The CA Bundle code contains the root and intermediate certificates in it. 

Also, if you need more root and intermediate certificates for Comodo/Sectigo, you can find them all at this link.

Where can I get a site seal?

After installing an SSL Certificate on your website, you can also let your visitors and customers know that your website is secure by adding a site seal somewhere on a prominent place on your website. You can choose to place the site seal in the footer of your website, or on the checkout page where customers have to enter their credit card information, or in both these places.

Site seals are of two types: static and dynamic. All Domain Validation SSL Certificates come with a static site seal, which is basically an image. All Business Validation and Extended Validation SSL Certificates come with a dynamic site seal which can be hovered or clicked on, and they will show the name of your company, will confirm that your website was issued a legitimate SSL Certificate, and will prove that your website belongs to your company.


Site Seals for RapidSSL SSL Certificates 

If you purchased an SSL issued by RapidSSL, you can get your site seal at the following link:
https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=SO14424


Site Seals for GeoTrust SSL Certificates 

If you purchased an SSL issued by GeoTrust, you can get your site seal at the following link:
https://www.geotrust.com/support/seal/agreement/installation-instructions/


Site Seals for Thawte SSL Certificates 

If you purchased an SSL issued by Thawte, you can get your site seal at the following link:
https://www.thawte.com/ssl/secured-seal/installation-agreement/


Site Seals for Symantec SSL Certificates 

If you purchased an SSL issued by Symantec, you can get your site seal at the following link:
https://www.symantec.com/ssl/seal-agreement/install.jsp


Comodo/Sectigo Site Seals 

If you purchased a Comodo/Sectigo SSL  you can download the dynamic site seal at the following link:  https://sectigo.com/trust-seal


GoGetSSL Site Seals 

If you purchased a GoGetSSL SSL  you can download the dynamic site seal at the following link https://www.gogetssl.com/wiki/installation/gogetssl-site-seal-installation/

Which browser can I use to configure a Comodo (Sectigo) Code Signing Certificate?

When you configure your Comodo/Sectigo Code Signing SSL Certificate, it is best to use some specific browsers for that. Here is an article that describes which browsers are best to use for configuring a Comodo/Sectigo Code Signing Certificate.

code-signing2When you configure your Comodo/Sectigo Code Signing Certificate, make sure that “Advanced Private Key Options” is visible to you in the same way it is shown in the screenshot from the right. Internet Explorer is always a good option to configure your Comodo/Sectigo Code Signing Certificate.

For Mac Users, please see the following 2 resources:

Attention: The export instructions for Mac may produce a certificate that does not include the Root/Intermediate crt files. Please download the Root/Intermediate crt files and include them in the command for the Code Signing SSL.

Which BV certificates have a quicker and easier Business Validation process?

BV SSL Certificates issued by GeoTrust, Thawte and Symantec have a quicker and easier Business Validation process compared to those issued by Comodo/Sectigo.

With GeoTrust, Thawte and Symantec, the Certificate Authority does most of the company validation process all by itself, and in rare cases requires the customers to provide additional information and legal letters signed by a notary, certified public accountant, or an attorney.

On the other side, Comodo/Sectigo relies a lot on the customer to provide all the information about his/her company, as well as updating the company’s DUNS listing (on the Dun & Bradstreet website) and providing legal letters signed by a notary, a certified public accountant, or an attorney.

You can read what the Business Validation process with these different brands consists of at this link.

Which EV certificates have a quicker and easier Extended Validation process?

EV SSL Certificates issued by GeoTrust, Thawte and Symantec have a quicker and easier Extended Validation process compared to those issued by Comodo/Sectigo.

With GeoTrust, Thawte and Symantec, the Certificate Authority does most of the company validation process all by itself, and in rare cases requires the customers to provide additional information and legal letters signed by a notary, certified public accountant, or an attorney.

On the other side, Comodo/Sectigo relies a lot on the customer to provide all the information about his/her company, as well as updating the company’s DUNS listing (on the Dun & Bradstreet website) and providing legal letters signed by a notary, a certified public accountant, or an attorney.

You can read what the Extended Validation process with these different brands consists of at this link.

Which Multi-Domain certificate shall I choose?

This article will help you determine which multi-domain SSL Certificate you should get. We have categorized the multi-domain SSL Certificates in 4 groups, and we would recommend you to read about each group and then choose a multi-domain SSL Certificate from the group that meets your preferences best:

  1. Domain validated multi-domain certificates. There are two certificates in this category: PositiveSSL Multi-Domain and SSL UCC DV. These certificates will secure your websites by making it open from a permanent HTTPS link, will display a green padlock icon next to the URL bar, and will make your website show as “Secure” in all web and mobile browsers. These multi-domain certificates are the quickest and easiest to get, so as you only have to prove the domain ownership.
  2. Business validated multi-domain certificates. You need to have a registered company to be eligible for a business validated SSL Certificate. Besides the HTTPS link and the green padlock icon near your website’s URL, the people who visit your website will be able to see your company name when they search whom the SSL Certificate was issued to, and they will also see your company name and address when they roll over or click on the dynamic site seal which comes with your SSL Certificate and which you can add to your website. This type of certificates is issued within 1-3 days.
  3. Extended validated multi-domain certificates. These certificates are considered to be the highest standard in the SSL Certificates industry. They have all the other security elements described above, plus the famous green bar which shows the name of your company directly in the browser’s URL bar. This type of certificates is issued within 1-7 days.
  4. Multi-domain Wildcard certificates. These certificates allow you to secure one main domain and multiple wildcard domains using one single SSL Certificate. You can get a PositiveSSL Multi-Domain Wildcard SSL if you want a domain validated SSL, or a Multi-Domain Wildcard SSL if you prefer a business validated certificate. You can learn more about how multi-domain wildcard certificates work at this link.
Which SSL Certificate shall I choose?
There are SSL Certificates of three validation types:

1) Domain Validation SSL Certificates – are the least expensive SSL Certificates. They are the easiest to get, and are issued within 3-5 minutes. More info…

2) Business Validation SSL Certificates require you to have a registered company. When users click on the green padlock icon for your certificate, they will see your company name. Also, Business Validation Certificates come with a dynamic site seal, similar to the Comodo/Sectigo site seal that we have in the footer of our website. They are issued within 1-3 business days.  More info…

3) Extended Validation SSL Certificates come with the famous Green Bar which displays the name of your company right in the URL bar of the browser. They also come with a dynamic site seal similar to the one from the footer of our website. Just like the Business Validation certificates, the Extended Validation SSL Certificates require you to have a registered company. They are issued within 1-5 business days. More info…

Also, based on how many domains or sub-domains you want to secure, you can look at One Domain SSL Certificates which will secure only one single domain name or sub-domain, Multi-Domain (SAN) SSL Certificates which secure several domains and/or sub-domains at a time, and the Wildcard SSL Certificates which secure one domain and all its sub-domains under one certificate. Finally, don’t forget about the Code Signing SSL Certificates which will sign, secure and protect your software from being infected with malware and then distributed online.

Please note that all these SSL Certificates types come with the same exact security level and encryption strength.
Which SSL Certificates come with a Green Bar?

In order to have the Green Address Bar on your website, you have to purchase an Extended Validated (EV) SSL Certificate. We offer EV SSL certificates for different purposes, assuring different levels of security. You can find the whole list of EV certificates issued by 4 global leaders Internet Security at this link.

Who are the SSL providers?

All our SSL certificates are issued by global leaders in Internet Security: Symantec, GeoTrust, Thawte, Comodo (now Sectigo), RapidSSL.

Who can be issued an EV certificate?

Any business that is officially registered with a government authority can qualify for an Extended Validated SSL Certificate. This certificate is issued only after the Certificate Authority (CA) performed an extensive verification of your company and its owner, confirming that your business is trustworthy.

Who does the SSL Certificates’ validation?

The validation process is completed by the SSL provider, also called Certificate Authority (CA). The CA will contact you during the validation process to confirm that you are indeed the owner of the domain.

The certificate you purchase from SSLDragon will be validated by one of following CA: Symantec, GeoTrust, Thawte, Comodo (now Sectigo), RapidSSL.

Why do I get a certificate or Private Key mismatch error?

Sometimes, the SSL Certificate which was issued to you does not match the Private Key which you are trying to use when installing that SSL Certificate on your server. That is a common user generated error.

If the system says there is a mismatch, then you need to double check the CSR and Private Key which you generated, and which came together. You need to make sure that you used that specific CSR when you configured your SSL Certificate. When the SSL Certificate is issued, you need to use the Private Key that pairs with that specific CSR.

We see customers making the mistake where they generate one CSR and Private Key, then configure the SSL Certificate with a different CSR that is server generated. In that case the server generated CSR pairs with its own Private Key which you most probably don’t have.

The Private Key which you have works only with the CSR that it came with. Also, the Private Key which you have works only with the SSL Certificate that was configured using the CSR that pairs with that Private Key.

Solution

To solve this, you need to re-configure (re-issue) your SSL Certificate using a CSR code for which you have the Private Key that it pairs with. You may want to use a CSR code that your server provides, or generate a new CSR and Private Key.

Why do I need a CSR?

You need a CSR in order to apply for an SSL Certificate. Later, when your SSL Certificate is issued to you, then you will also use the CSR code for the activation of the TLS (Transport Layer Security).

Why does the domains validation for my multi-domain SSL Certificate take so long?

When you buy a multi-domain SSL Certificate and you include several domain names and/or sub-domains in it, the Certificate Authorities require you to pass the domain validation for each and every domain name and/or sub-domain that you included in your multi-domain SSL Certificate, and only after that the multi-domain SSL Certificate will be issued to you.

POSSIBLE PROBLEM: Sometimes the email addresses, or your HTTP options, or the DNS records that you choose for your multi-domain certificate do not get set correctly when they reach the Certificate Authority. You will know that when you see that you only got one single domain validation message to your email address instead of getting several domain validation messages, or your multi-domain SSL Certificate’s status still shows as “Awaiting Validation (Full)” even though you passed the domain validation for one of the domains.

partner-order-idHOW TO FIX: There is an easy way to fix that, and that requires getting in contact with the Certificate Authority’s Validation Department. When you contact them, please provide them your “Partner Order ID” (see screenshot on the right), and then tell them about the domain validation method that you chose to go with: HTTP, DNS or Email. If you chose to pass the domains validation by email, then double check with the Validation Department representatives what email addresses are set in their system, and ask them to send you the domain validation messages to your desired email addresses.

Comodo (now Sectigo)/GoGetSSL

Please call Comodo/Sectigo Validation Department at +1 (888) 266-6361 (Ext 4) or https://sectigo.com/about/contact for the above stated reasons. When you talk to them, you will need to provide them your “Partner Order ID”.

Thawte, GeoTrust, Symantec/VeriSign

Please call Thawte, GeoTrust, Symantec/VeriSign Validation Department at +1 (520) 477-3152 (Ext 2) for the above stated reasons. Please note that Thawte, GeoTrust, Symantec/VeriSign are all owned by Symantec, and they all have the same phone number provided above.  When you talk to them, you will need to provide the “Partner Order ID”.

Why SSL Dragon’s prices are cheaper than Comodo (Sectigo), Thawte, etc.?

SSL Dragon is a fully approved SSL Certificate Reseller that has a wide range of SSL products issued by trusted Certificate Authorities (CAs) such as Comodo/Sectigo, RapidSSL, Geotrust, Thawte, and Symantec.

Since SSL Resellers offer CAs greater access to a large number of clients, this highly successful distribution model allows the CAs to focus on product development and improvement, while the resellers perform most of the sales.

This partnership encourages resellers to buy SSL Certificates in bulk at highly favorable prices and hence charge considerably less for the same SSL Certificate offered by a CA.

Therefore, you don’t need to worry – there is nothing wrong with SSL resellers and the SSL Certificates they offer. Since all CAs are reputable brands, these companies won’t allow any third parties to represent them if they don’t meet the necessary requirements. Thus, you can feel confident that the CAs have verified and authorized SSL Dragon to market their products.

So, instead of shopping directly from Certificate Authorities, you have the chance to buy the same SSL Certificates based on a platinum reseller discount, along with other great value deals, 25-days money back guarantee, and dedicated support.

Why we don’t offer SSL installation support via email, phone, tickets?

We provide little to no support on how to install an SSL Certificate. There are countless combinations of “hosting providers X hosting panels X operating systems X web servers types  X technologies X release versions” for us to be able to provide support for all of them.

Also, there are too many factors to take into consideration when installing an SSL Certificate for the setup to be correct and secure. These being said, we politely prefer to decline to offer any SSL installation instructions over the phone, email or ticketing system.

Here are two links where you can start the research on how to use your SSL Certificate with Outlook / Office 365:
https://www.ssldragon.com/contacts/faq/#collapse-11423
https://www.ssldragon.com/contacts/faq/#collapse-15534
– https://www.ssldragon.com/blog/category/installation/

There is a lot of information online on your particular server setup, so you may want to look into that as well. Alternatively, we recommend hiring a web developer or a system engineer who has installed SSL Certificates many times before.