General

All Business Validation Certificate Authorities Changes Code Signing Configuration CPAC CSR Code CSR Decoder CSR Generation Tutorials CSR Generator DigiCert Domain Validation Extended Validation General Install SSL Certificates Installation IP Address LEI Multi Domain Payments Private Key Renewal S/MIME Types Updates Wildcard
What is an SSL Certificate?

The “SSL Certificate” stands for “Security Socket Layers Certificate”. This protocol was created to protect data travelling between two machines through data encryption.

All the information from the Internet is basically transferred from one location to another in the form of HTTP language (Hyper Text Transfer Protocol). But HTTP by itself is unprotected and susceptible to Internet tricksters and thieves. That’s why SSL Certificates were developed to protect the information traveling on the Internet.

You may know about the SSL Certificates by some common things you see in your browser: the padlock, the “HTTPS” on the browser tab (when HTTP is being protected by SSL it inherits the letter “S”).

These are all indications that the website you are using has SSL encryption and its information is secure against cyber attacks.

Copy Link

What is an SSL certificate warranty?

An SSL certificate warranty is insurance which covers any damage that you may incur as a result of a data breach or hack that was caused due to a flaw in the certificate. The SSL warranties range in value from $5,000 to $1,500,000. This means that the higher value certificates come with more extensive warranties.

Copy Link

Brand Validation Reasons

 

In some cases, the CAs may require manual verification if your order fails any internal rules of Brand Validation. It takes around 24-48 hours to pass this manual check, and the CA will either issue or reject an order in such cases.

Here are the most common reasons why certificate authorities decide to do the brand validation for some orders:

  1. Orders from some countries are reviewed manually more often than others, for example:  South Korea, North Korea, Japan;
  2. Restricted countriesRussia (RU), Belarus (BY) (since 2022), Afghanistan (AF), Crimea (Russia), Cote d’Ivoire (CI), Cuba (CU), Eritrea (ER), Guinea (GN), Iraq (IQ), Iran (IR), Democratic People’s Republic of Korea (KP), Liberia (LR), Myanmar (MM), Rwanda (RW), Sudan (SD), Sierra Leone (SL), South Sudan (SS), Syrian Arab Republic (SY), Venezuela (VE), Zimbabwe (ZW) – SSL are NOT issued for these countries: https://sectigo.com/knowledge-base/detail/Banned-Country-List-1527076085907/kA01N000000zFKI and https://knowledge.digicert.com/solution/Embargoed-Countries-and-Regions.html
  3. The domain name includes a brand name, such as: facebook-app.com, sony-shop.net, dellshop.com, etc;
  4. The domain name may have a hidden brand name. For example, your domain is “sibmama.com”, but the automated validation system may read it as “sIBMama” and flag the “IBM” brand. The certificate authority wants to check such orders manually;
  5. The domain name has “stop words”, such as: pay, online, secure, booking, shop, bank, transfer, money, e-payment, payment, protection, violence, terrorists, and others. These words and many others are set as triggering words inside the validation system, and make the certificate authority review such orders manually;
  6. Domain name is blacklisted OR has a bad reputation.
    partner-order-id

What you can do to speed up the process?

Please contact Sectigo and Thawte, RapidSSL, GeoTrust, DigiCert directly via live chat and discuss the situation with the CA’s representative.

Please mention your “Partner Order ID” in your message.  You can find your “Partner Order ID” on the details page of your SSL Certificate inside your SSL Dragon account. See the screenshot on the right.

Copy Link

How to buy an SSL Certificate?
  1. Choose the SSL Certificate, then select the period (1, 2, or 3 years) and number of domains (only for Multi-Domain SSL Certificates), and click “Buy Now”;
  2. You’ll be redirected to your Shopping Cart, where you need to confirm the period and, for Multi-Domain SSL Certificates, the number of additional domains. Review your Order Summary then click “Continue”;
  3. On the Review & Checkout page, you’ll find the “New Customer” fillable form which you need to complete to create your SSL Dragon account. Afterward, insert your Promotional Code (if you have it), any Additional Information (if necessary), select the desired Payment Method,  confirm that you’ve read and accepted our Terms of Service, and click on “Checkout”;
  4. You’ll be redirected to your Invoice which you need to pay using your selected Payment Method. Once the payment is done, you will see your order number and additional details on your Order Confirmation page. You will find your SSL Certificate in “My Account” at “SSL Certificates” -> “My SSL Certificates

Copy Link

Can I secure an IP address with an SSL Certificate?

Yes, you can secure an IP address with an SSL Certificate. However, only some specific SSL Certificates will allow you to do that. Here are those SSL Certificates:

– Sectigo InstantSSL Premium
– GoGetSSL Public IP SAN

Please note that the Sectigo InstantSSL Premium is a Business Validation SSL Certificate, which means that you need to have a registered company in order to be issued this SSL certificate.

GeGetSSL Public IP SAN is a Domain Validation SSL Certificate which secures 2 IP addresses by default.

Copy Link

Do I need an SSL certificate for my website?

You have to purchase an SSL certificate if your website contains logins or web forms that require personal or credit card information from your customers. The SSL certificate will secure the personal data shared on your website and will make your clients feel safer while performing transactions, knowing that any information shared is within a secure environment and authenticated by a trusted Certificate Authority.

If you have an informative website, we still recommend you to purchase an SSL certificate. By having an HTTPS link, your website will be more trustworthy.

Copy Link

How does the SSL Certificate work?

An SSL Certificate takes the information that your users provide and encrypts it, so that only a web server can decrypt it and understand it. So as the information on the web is transmitted via HTTP language, your data is not protected, as HTTP itself is not secure. The SSL Certificate takes your information, encrypts it, and passes it securely to the server where the website is hosted, or directly to the payment processor. On the merchant’s server, or on the payment processor’s side, the SSL certificate receives the encrypted HTTP information, decodes it, and safely performs the action you requested (logging you in, processing a payment, etc).

In this way, the SSL Certificate turns your “HTTP” connection into an “HTTPS” (secured HTTP) connection and protects your data. With an SSL Certificate, your information is protected and safe.

Copy Link

SSL Banned Countries List

Currently, SSL certificates of any type CAN NOT be issued to individuals or business entities in the following countries, websites, or the following country-code-top-level domains (TLDs). The following jurisdictions are restricted by US Export restriction laws:

  • AF – AF – Afghanistan
  • BY – BLR – The Republic of Belarus
  • CU – CUB – Cuba
  • ER – ERI – Eritrea
  • GN – GIN – Guinea
  • IR – IRN – Iran, Islamic Republic of
  • KP – PRK – Korea, Democratic People’s Republic of
  • LR – LBR – Liberia
  • RU – RUS – The Russian Federation – as of March 2022
  • SS – SSD – South Sudan
  • SY – SYR – Syrian Arab Republic
  • ZW – ZWE – Zimbabwe.

Source: Sectigo’s Knowledge Base

Copy Link

SSL Certificate Extensions Explained

When dealing with SSL certificates, you’ll come across different certificate extensions. A file extension is a designation at the end of a file. For example, a certificate named “yourdomain.crt” has a certificate extension of “.crt” The”*” we put in front means that the name before the period could be anything. It’s only what is after the period that matters for identification of extension type. 

Below is a list of certificate extensions:

*.CSR – Certificate Signing Request – a block of encoded text with your contact data you must generate and submit to the CA during the SSL ordering process.

*CER or *CRT – Base64-encoded X.509 Certificate – stores a single certificate. This format does not support the storage of private keys.

*.PFX or *.P12 – Personal Information Exchange Format – stores private and public keys and all certificates in the path. Used to export a certificate and retain full private key functionality.

*.DER – DER-encoded binary X.509 Certificate – stores a single certificate. This format does not support the storage of private keys.

*.P7B or *.P7R or *.SPCCryptographic Message Syntax Standard – storage of all certificates in the path and does not store private keys.

*PEM – Privacy-Enhanced Mail – concatenated (combined) certificate containers frequently used in certificate installations when multiple certificates that form a complete chain are being imported as a single file.

*.CRL – Certificate Revocation List – designates a certificate that has been revoked.

Learn more about certificate formats and conversion tools with our detailed guide.

Copy Link

What are Multi-Year SSLs?

What are Multi-Year SSL Subscription Plans?

Starting with August 19th, 2020, the maximum duration of publicly-trusted SSL/TLS certificates issued by all Certificate Authorities (CAs) has been set to a maximum of 13 months.

However, in order to make your SSL Management process time-saving and cost-effective, the CAs and SSL Dragon are offering you the 2 Year and 3 Year SSL Subscription Plans.

This means that you can still buy a 2 or 3 year SSL Certificate and continue to benefit from multi-year discounting, while still remaining compliant with the CAB Forum SSL requirements.

How the Multi-Year SSL works?

Due to security reasons, your SSL certificate is initially issued with a maximum 1-year validity.

30 days before the expiration of your certificate, SSL Dragon, on behalf of the CA, will notify you and ask you to reissue your SSL, in order to get the additional (replacement) 1-year certificate, according to your Subscription Plan.

This FAQ explains to you how to reissue your SSL Certificate, step by step.

You will need to validate & install the replacement SSL:

a. If you have a Domain Validation SSL Certificate, a short verification of your domain name will be required via Email, HTTP, or DNS in order to issue the 1-yr replacement SSL.

b. If you have a Business or Extended SSL Certificate – an additional Business Validation/Extended Validation recheck and callback process will also be required.

You can still reissue your certificate at any time and as many times as you like during your Multi-Year SSL Subscription Plan.

On your SSL Certificate’s page within the SSL Dragon account, you will find all the details regarding your Subscription Plan:

  • Valid From – Shows the date when your SSL was issued and became active
  • Expires – Shows the date when your SSL expires and needs to be reissued (not Renewed).
  • Subscription Starts – The date when the first SSL was issued and the subscription period activated
  • Subscription Ends – The date when the subscription ends and SSL needs to be Renewed (not Reissued)
  • Next Reissue – shows the number of days left of your SSL. The Certificate should be reissued 30-days prior to this date.

Copy Link