Wait! Don't Leave Without Securing Your Site
Get enterprise - grade SSL certificates at a fraction of retail prices.
Save 10% on your first order, by entering coupon code SAVE10 during checkout.
FAQs
All
Business Validation
Certificate Authorities
Changes
Code Signing
Configuration
CPAC
CSR Code
CSR Decoder
CSR Generation Tutorials
CSR Generator
DigiCert
Domain Validation
Extended Validation
General
Install SSL Certificates
Installation
IP Address
LEI
Multi Domain
Payments
Private Key
Renewal
S/MIME
Types
Updates
Wildcard
What CPAC Certificate to choose – Basic, Pro, or Enterprise?
Sectigo Personal Authentication Certificates were designed for individuals and businesses who are looking at implementing the best web security practices, such as email & document encryption and user two-factor authentication. However, each CPAC SSL Certificate was designed to fit a particular need. Just like DV, BV, and EV SSL Certificates, CPAC SSL Certificates come with different validation requirements which enable certain certificate fields:
- CPAC Basic – requires Domain Control and displays only your email in the SSL Certificate
- CPAC Pro – requires Domain Control and Identity Verification in order to display your email, First and Last Name in the SSL Certificate
- CPAC Enterprise – requires Domain Control, Identity Verification, and Organization Validation in order to display your email, First and Last Name, as well as Company Name and Address in the SSL Certificate.
Based on your actual needs, you can now decide which Sectigo Personal Authentication Certificate is the best option for you, providing you an enhanced web security of your business activity.
For more info about validation requirements for each type of certificate, check this FAQ section.
Copy Link
Validation Requirements for Personal Authentication Certificates
You can order a Sectigo Personal Authentication Certificate (SPAC) for any valid email address. Below are the validation requirements for each type of Personal Authentication Certificate:
SPAC Basic
Validation requires a challenge-response from you, which is sent to the email address you provide. Once you have followed the instructions in the challenge email, the certificate is issued.
SPAC Pro
To obtain a SPAC Pro certificate, you need to complete the following steps:
- Provide a government-issued photo ID such as; a driver’s license, passport, national ID card, or military ID. The name on the government-issued photo ID must match the name of the certificate. You must provide a legible and readable copy of the photo ID.
- Verify your email address by responding to a challenge sent to the email address listed on the certificate.
After you complete the instructions in the challenge email, the certificate is issued.
SPAC Enterprise
Validation for an Enterprise requires the following:
- Business Identity verification using a QIIS, QGIS, or QTIS document (the definitions of these acronyms are at the end of this FAQ).
- Authenticating the identity of the applicant (listed as the admin contact on the order). The name on the government-issued photo ID (driver’s license, passport, national ID card, or military ID) must match the name of the admin contact. Sectigo requires applicants to provide a legible and readable copy of the photo ID.
- Physical address verification via QIIS QGIS or QTIS document.
- Order authentication via a callback process using the business telephone number included in a QIIS, QGIS, or QTIS document.
Once the above steps are completed, the certificate is issued.
Definitions:
QIIS stands for Qualified Independent Information Source – an up-to-date public database that provides reliable and accurate information for which it is consulted. Examples of QIIS are local phone directories or third-party commercial credit services such as Dun and Brandsheet.
QTIS (Qualified Tax Information Source) is a governmental database that contains tax information relating to Private Organizations, Business Entities, or Individuals. Employer Identification Number (EIN) is considered a QTIS.
QGIS stands for Qualified Government Information Source – a database maintained by a Government Entity that contains legal business registration, corporate filing, trademarks, and patents.
Source: Sectigo’s Knowledge Base
Copy Link
Why we don’t offer SSL installation support via email, phone, tickets?
We provide little to no support on how to install an SSL Certificate. There are countless combinations of “hosting providers X hosting panels X operating systems X web servers types X technologies X release versions” for us to be able to provide support for all of them.
Also, there are too many factors to take into consideration when installing an SSL Certificate for the setup to be correct and secure. These being said, we politely prefer to decline to offer any SSL installation instructions over the phone, email or ticketing system.
Here are three links where you can start the research on how to use your SSL Certificate with Outlook / Office 365:
– SSL Certificate Installation
– CPAC Certificate Installation
– SSL installation FAQ
There is a lot of information online on your particular server setup, so you may want to look into that as well. Alternatively, we recommend hiring a web developer or a system engineer who has installed SSL Certificates many times before.
Copy Link
Can I add another domain after the multi-domain SSL is issued?
The multi-domain certificate can be initially activated for the primary domain name.
If you wish to add more domains later, you need to reissue the certificate in your SSLDragon.com account, and add the SAN (additional domain) list in the SAN field, when reissuing.
If you need to add more domains than included by default, then please choose the Add More SANs option in order to pay for and activate the additional SANs.
Copy Link
Do I need an SSL for a website that will be used as a data server?
A data server provides a wide range of database services such as data storage, data manipulation, data analysis, and archiving. If your website offers Database-as-a-Service (DBaaS) solutions, you will need an SSL certificate to encrypt the sensitive information of your clients. Moreover, since Chrome and Firefox flag websites without SSL encryption as not secure, a valid SSL certificate will ensure that your site is accessible 24/7 from any browser.
Copy Link
I installed the SSL certificate, but my site is still not secure – Why?
- One of the most common reasons why a website which has an SSL Certificate installed continues to show as insecure, is that your website continues to pull content, images or videos from unsecured HTTP links. You need to change all the links that you are pulling content from to HTTPS links, and your website will start showing as secure immediately.
- The second most common reason why a website may show insecure although you installed an SSL Certificate on it is that your server is outdated and/or doesn’t support the latest TLS settings requirements.
- The third most common reason why a website may show as insecure although you installed an SSL Certificate on it, is that you and other visitors continue to open your website through an unsecured HTTP link. You should put a redirect in the server configuration file or in the site’s htaccess file, so that whoever enters your website by typing “www.mywebiste.com” should be automatically redirected to https://www.mywebsite.com. With other words, you should put a redirect that sends all users to your secured site. Here are some articles on how to do this.
- You also might be missing the CA-bundle/Intermediate/Root SSL Certificates.
- Another problem might be the incorrect SSL installation.
All 5 reasons and any other can be revealed by checking how well was your SSL installed using these tools: SSL Server Test and Why No Padlock?
They will offer you a free report on your SSL Certificate installation along with detailed information on how to fix any vulnerabilities.
Also, we recommend you to read our article called: How to move your website from HTTP to HTTPS easily and with no pain. The article goes even further and comes with many more recommendations on what to check and do to have your website open from an HTTPS link correctly.
Copy Link
I have the CSR. What’s next?
Once you got your CSR code and Private Key, you can enter your CSR when ordering an SSL Certificate. Here is where you need to enter your CSR code:
- Sign in to “My Account” on our SSL Dragon website.
- Once you are logged in, go to the main menu, select “SSL Certificates” -> “My SSL Certificates“.
- You will see the list of SSL Certificates which you bought on our website. Click on the SSL Certificate which you have just ordered, to enter its details page.
- When you are on the details page of the SSL certificate which you bought, go towards the bottom of the page, and click on the green button which says “Configure Now”.
- Fill in the 2 or 3 steps form, by entering your personal and your company information. The second thing that you will be asked about on this form is the CSR. Copy and paste your CSR code in the text area which asks you for your CSR.
- Once the 2 or 3 steps form is completed in full, your SSL Certificate order will be submitted to the Certificate Authority.
- A message will come on the email address which you selected on Step 2. You need to go to your email address, and confirm that you are the owner of the domain name which you asked for an SSL Certificate for.
- Once these are done successfully, you will receive your SSL Certificate in anything between 5 minutes (for a Domain Validation SSL Certificate) and 7-10 days (for an Extended Validation SSL Certificate).
Copy Link
What happens if I don’t renew my SSL Certificate?
Your current SSL Certificate will expire as soon as the “Expires” date for your SSL Certificate passes. If you keep your old and expired SSL Certificate on your website, then all the web and mobile browsers will show your website as insecure and will prompt users that your website has a major security problem, and will not let visitors enter your website unless visitors explicitly accept to enter your website on their own risk. You can see an example of these security alerts that visitors will see on your website if you keep an expired SSL Certificate.
The solution to prevent that is to renew your SSL Certificate, and install the newly renewed SSL Certificate on your website. In that case your website will continue to show as secure.
Keep in mind, certificate validity isn’t what it used to be. You’re now dealing with a 200-day limit, moving to 100 days in 2027 and 47 days in 2029. More renewals present more chances to miss one. ACME certificates remove that risk by handling issuance and renewal automatically, so your site stays secure without interruption.
Copy Link
I don’t know my webserver type. What should I choose?
When configuring your SSL Certificate, you are asked to choose your webserver type.
If you don’t know which server type you have, simply choose “Other” and your SSL Certificate will work on any server type for sure. For certificate authorities, the webserver type question is more a statistics question than an attribute which your SSL Certificate will be configured by. Certificate authorities needs to know what are the most used server types in order to build their certificates compatible with all these server types.
Copy Link
How many subdomains can I secure with a Wildcard certificate?
A Wildcard certificate will secure an unlimited number of subdomains.
Copy Link