Wait! Don't Leave Without Securing Your Site
Get enterprise - grade SSL certificates at a fraction of retail prices.
Save 10% on your first order, by entering coupon code SAVE10 during checkout.
FAQs
All
Business Validation
Certificate Authorities
Changes
Code Signing
Configuration
CPAC
CSR Code
CSR Decoder
CSR Generation Tutorials
CSR Generator
DigiCert
Domain Validation
Extended Validation
General
Install SSL Certificates
Installation
IP Address
LEI
Multi Domain
Payments
Private Key
Renewal
S/MIME
Types
Updates
Wildcard
Why do I get a certificate or Private Key mismatch error?
Sometimes, the SSL Certificate which was issued to you does not match the Private Key which you are trying to use when installing that SSL Certificate on your server. That is a common user generated error.
If the system says there is a mismatch, then you need to double check the CSR and Private Key which you generated, and which came together. You need to make sure that you used that specific CSR when you configured your SSL Certificate. When the SSL Certificate is issued, you need to use the Private Key that pairs with that specific CSR.
We see customers making the mistake where they generate one CSR and Private Key, then configure the SSL Certificate with a different CSR that is server generated. In that case the server generated CSR pairs with its own Private Key which you most probably don’t have.
The Private Key which you have works only with the CSR that it came with. Also, the Private Key which you have works only with the SSL Certificate that was configured using the CSR that pairs with that Private Key.
Solution
To solve this, you need to re-configure (re-issue) your SSL Certificate using a CSR code for which you have the Private Key that it pairs with. You may want to use a CSR code that your server provides, or generate a new CSR and Private Key.
Copy Link
How does the SSL Certificate work?
An SSL Certificate takes the information that your users provide and encrypts it, so that only a web server can decrypt it and understand it. So as the information on the web is transmitted via HTTP language, your data is not protected, as HTTP itself is not secure. The SSL Certificate takes your information, encrypts it, and passes it securely to the server where the website is hosted, or directly to the payment processor. On the merchant’s server, or on the payment processor’s side, the SSL certificate receives the encrypted HTTP information, decodes it, and safely performs the action you requested (logging you in, processing a payment, etc).
In this way, the SSL Certificate turns your “HTTP” connection into an “HTTPS” (secured HTTP) connection and protects your data. With an SSL Certificate, your information is protected and safe.
Copy Link
How long does the validation process take?
The validation time of an SSL depends on the type of certificate you chose to buy.
Domain Validated certificates are issued within 3-5 minutes in 99% of the cases. Only when an SSL Certificate is requested for a domain name that contains a trademark or a brand name, then those SSL Certificates may pass brand validation, and can take up to a business day to be issued.
Business Validated certificates are usually issued within 1-3 business days.
Extended Validated certificates can take between 1-7 business days to be issued. The Certificate Authority does its part of the work very quickly. If all the information is provided to the Certificate Authority quickly and correctly, then the Certificate Authority can issue the EV certificate within 1 business day. We’ve seen situations when the EV Certificate was issued within a few hours. The 1-7 days period depends on how quickly the customer provides the required information to the Certificate Authority, and how quickly the customer responds to the Certificate Authority’s potential requests for additional information.
By doing the Validation process, the Certificate Authority’s is trying to confirm that you are the owner of the domain, and that the company that you are requesting a Business Validation or Extended Validation certificate for is active. That is why it is important that you keep your company’s records (address and phone number) up to date and you promptly respond to the Certificate Authority’s requests.
Copy Link
How to Pass Extended Validation for Sectigo/Comodo Code Signing Certificates?
Here are the requirements for obtaining an Extended Validation (EV) code signing certificate from Sectigo/Comodo:
- Enrollment Forms: Complete the necessary application forms for the certificate.
- Organization Authentication: Prove the organization’s legitimacy as a genuine business entity.
- Operational Existence: At least three years of active operation and registration.
- Physical Address: Provide a valid physical business address for verification.
- Telephone Verification: Prove the organization’s contact number through government or third-party databases.
- Final Verification Call: Receive a call from the CA to validate organization details and authenticity.
For an in-depth explanation of each step, consult our guide on Extended Validation for Sectigo/Comodo certificates.
Copy Link
How soon is the CSR generated?
A CSR is generated immediately. It will be generated to you as soon as you fill in the CSR Generator form.
Copy Link
How to check what information is included in my CSR?
Yes, you can look what information your CSR includes, by doing a process which is opposite to encrypting it. You can use our CSR Decoder tool in order to see what information is included in your CSR. You can do that our CSR Decoder page.
Copy Link
How to Export a S/MIME / CPAC Certificate from Firefox?
To export a S/MIME certificate from firefox follow the instructions below:
- Open the Firefox browser and click the Options Menu button at the top-right corner, then select Settings
- Select Privacy & Security from the menu on the left
- On the Privacy & Security tab, scroll down to the Certificates section, and click View Certificates
- In the Certificate Manager window, select the Your Certificates tab, then select the certificate you wish to back up. Click Backup…
- Your certificate will be exported to a PKCS12 file. To learn more about certificate formats, check our comprehensive SSL formats guide. Please create a name for this file and specify where you want to save it.
- Next, you must create a password to protect your PKCS12 file. Remember this password because you need it if you import the certificate into another browser or mail client.
- Click OK to export your Sectigo Personal Authentication certificate.
Source: Sectigo’s Knowledge Base
Copy Link
How to Import and Export a CPAC Certificate on Mac OS X?
Follow the steps below to export your CPAC (which was already installed on Keychain into a PKCS12 file).
- Navigate to Applications > Utilities > Keychain Access
- In the Keychains options (on the left), select Login and click My certificates in the Category panel.
- Next, select the certificate you want to export ad click File then Export Items:
- Now, for the File Format, select Personal Information Exchange (.p12). Name it as you wish, and save it in a directory of your choice.
- Next, create a password for the exported file. It will be requested if/when you import the certificate into another browser/mail client or device.
- Click OK. You have successfully exported your Sectigo Personal Authentication certificate.
Once you’ve exported the Email;/Personal Authentication certificate into P12 format, you can import it into a MAC OC using Keychain Access. To complete the process, follow the steps below:
- Go to Applications > Utilities > Keychain Access
- In the Keychains panel on the left, select Login > File > Import Items…
- Now, locate your saved certificate file and click Open.
Note: If prompted to trust certificates issued by your CA automatically, select the Always Trust option to trust and install your certificate.
- You can view the installed certificate by clicking Category > My Certificates in the Keychain Access window.
Source: Sectigo’s Knowledge Base
Copy Link
How to install my CPAC Certificate?
You can install your Sectigo CPAC Certificate as soon as it has been issued to you.
Here are installation instructions for different browsers, email clients, and mobile devices provided by Sectigo:
- https://support.sectigo.com/Com_KnowledgeProductPageFaq?c=SMIME_PAC_Personal_Authentication_Cert&k=&lang=
- https://www.comodo.com/support/products/authentication_certs/setup/
Copy Link
How to pass Extended Validation for my SSL Certificate?
You can check if you have an Extended Validation SSL Certificate by looking at the attributes of your SSL Certificate. Please open the two screenshots on the right in order to see where you can find the information about the validation type of your SSL Certificate.
Different SSL Certificate brands have different Extended Validation procedures. Please read the section that applies to your SSL Certificate brand below.
DigiCert (including Thawte & GeoTrust)
The validation team would send you an agreement by email, during the verification process. Then the certificate authority will work on validating the legal existence of your company via local public databases, as a part of the Extended Validation process. This may take between 1-3 working days. Please wait until one of the certificate authority representatives contacts you about any additional information that they may need you to provide them.
If you do not hear from the Certificate Authority representatives in the 5-7 days, then please call +1 (877) 438-8776 to check the status of your SSL Certificate with the Certificate Authority. Please note that Thawte, GeoTrust, DigiCert are all owned by DigiCert, and they all have the same phone number provided above. When you talk to them, you will need to provide the “Partner Order ID”, which you can find on the details page of your SSL Certificate inside your SSL Dragon account. See the screenshot on the right.
Sectigo/GoGetSSL
Please send the necessary forms described below to Sectigo by opening a ticket with Sectigo Validation Center at https://sectigo.com/support. Click on “Submit a ticket”, select Validation Department, and submit your request. Please mention your “Partner Order ID” in your message.
You can find your “Partner Order ID” on the details page of your SSL Certificate inside your SSL Dragon account. See the screenshot on the right.
I. New Orders
STEP 1: Agreement signing
In a few hours after the order is placed, you will receive an email from Sectigo with a click-through link called the “Validation Manager link“.
Please use this click-through link to access the Validation form and sign the agreement using a digital signature and upload it directly to Sectigo.
If you didn’t receive the email with the link and/or can’t sign the agreement digitally, please fill these 2 forms – Certificate Request Form and EV SSL Subscriber Agreement – and send them to Sectigo (see above instructions).
You can also download the Sectigo EV forms from their knowledge-base.
STEP 2: Business Validation
To pass Business validation, you may have to provide an official registration document, such as Business License, Article of Incorporation, and or Registration application.
Here are the BV options:
A. No paperwork. Your company’s legal existence will be checked via public government database using your company name and your unique Registration/Identification number OR via verified public 3rd party databases, such as GLEIF, Duns & Bradstreet, Hoovers, Companies House GOV.UK.
B. Paperwork. Your company will be verified using:
- an official registration document, such as Articles of Incorporation, Government Issued Business License, or
- a copy of a recent: company bank statement, company phone bill, or major company utility bill (i.e. power bill, water bill, etc.).
STEP 3: Callback process
The last step is a callback process called Phone Validation. Sectigo will call you and asks to confirm your name and order to validate the official company’s phone number.
Below are the 4 callback options. You don’t have to do all four things from below. Doing just one of them will be enough.
A. Yellow Pages Databases. Sectigo verifies your phone number via public Yellow pages Databases.
B. DUNS. The second way is to provide your DUNS number to Sectigo. You can get your company’s DUNS number from this website: https://www.dandb.com/. If Sectigo gets back to you and says that your DUNS listing does not contain a phone number, then you need to contact Dun & Bradstreet (at https://www.dandb.com/) and ask them to “add your company’s phone number to their business directory and on the report”.
C. Local phone database. If you don’t have a DUNS number, then the other thing you can do is to provide your company’s registration number for Sectigo to check your company with your country’s governmental directories (e.g.: Corporation Division, Companies House, Department of State, etc). Please note that Sectigo will be looking to see your company’s phone number listed there as well. Not all governmental directories have the companies’ phone numbers. If the governmental directory allows you to call them, email them, or use their website to add your phone number, then please go ahead and do that.
D. Legal Opinion. If the above two options (2.1 and 2.2) don’t work for you, then the third and last option to validate your phone number is to ask a CPA (Certified Public Accountant), or a Latin Notary, or an Attorney (Lawyer) to write, sign and send a letter to Sectigo where they confirm your company name, address and phone number. You can find the sample letters below:
– Sample Accountant Letter
– Sample Legal Opinion Letter
II. Renewal/Reissue Orders
For reissues and renewal order, instead of Step 1 and 2, you must contact Sectigo Validation Center at https://sectigo.com/support. Click on “Submit a ticket”, or choose Live Chat, select Validation Department and submit the following request (please replace [] fields with the corresponding info):
Reason for the ticket: Validation
Order number: [Your Partner Order ID]
Subject: Extended Validation
Dear Sectigo!
Please validate order [Partner Order ID] using the company name [Your Company Name], with [Registration/ID number] and [DUNS number].
Sectigo will then contact you for Step 3 or any updates of Step 1 or 2 described above.
Copy Link