SSL FAQs - SSL/TLS Certificate Questions and Answers

Whenever a user (client) tries opening a website that has an SSL certificate installed, the client's (user's) browser will go through the below steps:

The client's browser will request the website's web server for identification verification.
The server will reply by sending a copy of the SSL certificate.
The client's browser will verify the copy of the SSL certificate and analyze whether the installed SSL certificate is trustworthy. Then, it'll send a message to the server regarding the same.
If the server trusts the installed SSL certificate, then it'll send the digital acknowledgment to the client's browser telling to begin an encrypted session.
Once the acknowledgment of digital signing comes, an encrypted session between the browser and server will start.
Lastly, HTTPS protocol will get visible.

There are 3 types of SSL certificates:

DV (Domain Validated) SSL certificate.
OV (Organization Validated) SSL certificate.
EV (Extended Validated) SSL certificate.

Furthermore, there are two more SSL certificates, Wildcard and Multi Domain SSL certificates, which are provided with extra features for managing multiple sub-domains and multiple domains, respectively.

An SSL certificate file consists of the digitally signed key. Likewise, the cryptographic key contains the below-mentioned information:

Website URL
Information regarding organization
Information of an SSL certificate issuer
The validity period of the SSL certificate
Public Key
A version of an installed SSL certificate

It depends upon your requirements. Anyone can install the free SSL certificate, as they're accepted by all the known web browsers such as Google Chrome. But, the free SSL certificate isn't an alternative to show complete trust, as it comes with certain disadvantages like:

The trust factor is quite low and displays a basic security indicator.
Only offered in DV (Domain Validation) type. So, it's not valuable to secure an e-commerce or company website.
Lifetime is quite short. For instance, it's offered with the validity of only one to two months.
Usually used for testing purposes.

Site seals are small images provided by Certificate Authority like Sectigo and Comodo once your purchased SSL certificate gets issued. Similarly, it's offered in two different types: static and dynamic. For instance, a static site seal is offered with DV (Domain Validated) SSL certificate. And dynamic site seal that contains company information and present time & date is provided with OV (Organization Validated) and EV (Extended Validated) SSL certificate.

Intermediate Certificates:

In PKI (Public Key Infrastructure), intermediate certificates keep root certificates secure behind different security layers to ensure that the keys aren't accessible. Likewise, it works as a bridge between root certificates and SSL certificates.

Root Certificates:

Root certificates are unsigned public key certificates or self-signed certificates used to identify the root CA (Certificate Authority).

An encryption key is a digital file used to control the encryption and sometimes decryption of information or data. It uses an encryption key and an encryption protocol like an SSL certificate to turn plain readable text into encrypted ciphertext, which lets you secure all the information and data you're transmitting over the internet.

SHA - 2 (Secure Hash Algorithm 2) is a set of different cryptographic hash functions with different hash values like 224, 256, 384 & 512 bits designed by the USA NSA (National Security Agency) was first published in earlier 2001.

The SSL protocol uses "asymmetric encryption," which relies on two types of encryption keys: the public key and another private key. The public key handles encryption, and another private key handles decryption.

The public key is publicly available, and it's part of the SSL certificate. It works in combination with a private key for making sure data transmitted over the internet is in an encrypted format, verified, and not tampered with at the time of transportation. And the private key is kept private, which is used to digitally sign your CSR and later confirm that connection with the server is safe and secure.

Wildcard SSL certificate is one type of SSL certificate offered by the certificate authority that helps secure one main domain and unlimited sub-domains without purchasing a separate SSL certificate for each sub-domain. For instance, you can secure:

maidomain.com
example1.maindomain.com
example2.maindomain.com
example3.maindomain.com

The multi Domain SSL certificate is an SSL certificate that lets you secure multiple domains using one single SSL certificate. Likewise, you can secure up to 250 different domains using a Multi Domain SSL certificate.

For instance, using a Multi Domain SSL certificate, you can secure:

exampledomain.com
exampledomain1.com
exampledomain2.com
exampledomain3.com

EV (Extended Validated) SSL certificate is the premium SSL certificate that offers the highest level of trust indication to the user. Similarly, to purchase an EV SSL certificate, you're required to have a website that deals with the user's sensitive financial information, like a credit card. In addition, your business should be running for three or more than three years consecutively.

Likewise, to get an EV SSL certificate, you're required to go through the stringent vetting process where CA (Certificate Authority) requires you to provide various business-related information and documents. However, an EV SSL certificate is like an investment, and it provides many trust indicators that help users feel confident about sharing their information with the site.

The DV (Domain Validated) SSL certificate is an entry-level SSL certificate that focuses on providing basic encryption needs and not authentication of the company or an individual. For getting a DV SSL certificate, users don't have to go through any stringent vetting process to prove business presence. Instead, users can get it issued within minutes by proving domain ownership.

On the other hand, OV (Organization Validated) SSL certificate is the one that validates your business/organization identity by verifying various documents like Government-issued registration documents, publicly available telephone numbers matching with a recognized Telephone directory, and more. Similarly, it's recommended for a business website that deals with sensitive data. It helps create a higher level of trust and confidence, as the business legitimacy is verified by the CA (Certificate Authority). In addition, company information is also displayed within-subject details of the installed SSL certificate.

E-commerce business deals with users' sensitive financial information like credit card or bank account details. Therefore, it requires a higher level of strong security standards, which helps keep such information secure. And to fulfill such requirements, an EV (Extended Validated) SSL certificate is the right option.

It helps create a perfect solution for making a trusted security environment within an E-commerce business as it helps establish trust and confidence with the user. Likewise, it also provides visible trust indications such as company name within the padlock and company details within the certificate subject details.

Mostly, all types of web servers, mobile and Desktop OS, support SSL certificates issued by certificate authorities like Sectigo and Comodo.

Site seals are tiny images like a trust badge provided by CAs (Certificate Authorities) once the SSL certificate is issued. Likewise, it comes in two formats, static with a domain validated SSL certificate and dynamic site seal, which shows company information and current date and time with OV & EV SSL certificate.

Furthermore, site seals offered by CAs (Certificate Authorities) help boost user trust and confidence as it conveys the message that the CA verifies the site and is trustworthy.

The SAN/Multi Domain SSL certificate allows you to secure multiple domains using one SSL certificate. Likewise, it helps save your time and money as you don't require to purchase an SSL certificate for each website or go through the repeating process of remembering the renewal date or vetting process and more.

Firstly, whether you want a warranty or not, it comes free of cost with the SSL certificate you purchase. Likewise, it's important because it conveys the message that if you choose to get your SSL certificate issued by the CA (Certificate Authority) and if anything goes wrong from their end during the installation process. For example, your website gets hacked, a data breach occurs and damages your site users and you. Likewise, if you prove it, then you can reclaim the warranty amount as compensation for the damage caused to you and your site users.

Every known and trusted CA (Certificate Authority) has passed certification, ensuring they're using required policies and procedures to make an SSL miss-issuance negligible. Henceforth, it's very rare if any SSL miss-issuance occurs, and if it does, then CA may go through a hard time, which can even mean losing the right to issue an SSL certificate and being distrusted by browsers.

The price of an SSL certificate differs from one brand to another, like the type of SSL certificate you want to purchase and the validity period. For instance, the EV SSL certificate is the most expensive, and the domain validated SSL certificate is cheaper.

Likewise, if you go for a domain validated Wildcard SSL certificate, it may get a little more expensive than a single domain validated SSL certificate. Lastly, the same SSL certificate with the same features and benefits can be offered in different price ranges depending upon the chosen Certificate Authority.

SSL certificates are offered in two encryption key strength sizes, 2048 bits and 4096 bits, which help make a strong and secure SSL connection between the web browser and web server.

Those who purchase OV (Organizational Validated) and EV (Extended Validated) SSL certificate, certificate authority (CA) like Sectigo and Comodo verifies business details of an applicant through an online government business registration database. Likewise, if, due to any reason, the important information is not verified through an online database, then CA may ask for some additional business registration documents.

On the other hand, business details aren't required for DV (Domain Validated) SSL certificate. Instead, the applicant has to verify domain ownership, which is done in a few minutes by simply clicking on an email received by the Certificate Authority.

Yes, it'll. Usually, the certificate authority needs your domain registration information to be publicly available. But, if you've kept the privacy setting enabled on your sites like Who.IS record, then applicant can go for an alternate method of showing their domain ownership using one of the pre-approved email aliases:

Likewise, once the CA receives the domain confirmation email, the applicant must click the links to verify domain ownership to satisfy the requirement, which takes a few minutes.

If you've purchased a DV SSL certificate, your DV SSL certificate gets issued within minutes once your domain ownership is verified. On the other hand, if you've purchased an OV SSL certificate, then you'll need to wait for 1 to 3 days to get your domain verified and get SSL issued. It's because EV SSL certificate applicants take around 1 to 5 working days to complete the verification process and get the SSL certificate issued.

Our CSR (Certificate Signing Request) guide is already available. If you face trouble and cannot generate it for any reason, you also have an option to generate it using the free CSR Generation Tool.

There's an option of 2048-bit and 4096-bit key root length. You can choose whichever you want at the time of CSR generation.

With the help of the CSR Generator Tool, enter required certificate details and click on the button "Generate CSR." Likewise, our tool will provide you with valid CSR along with the private key.

Likewise, make sure you're keeping your CSR, and Private Key on your website sever as both are required at the time of the SSL installation process.

The Private Key that you get with an SSL certificate is important, and it should remain secure. Henceforth, if you've lost Private Key, it's recommended that you reissue your SSL certificate by generating a new CSR so that you can get the new Private Key.

You can safely save your private key file on your server directory, hard drive, or PC.

You can decrypt your CSR information using the free online tool CSR Decoder. Likewise, it would be best to simply paste the CSR into the blank box given in that tool and click on the Check button.

If the private key doesn't match the CSR, you're requested to create a new CSR & private key. And, sadly, there's no quick solution for this mismatch.

If your CSR is missing one or more than one required field or contains any non-alphanumeric character within the required fields, it can fail CSR decoding.

No SHA – 1 algorithm is no longer used as it's not secure. Similarly, it's not even trusted by any popular web browser like Google Chrome, Internet Explorer, Mozilla Firefox, Safari, etc. And, it's recommended that you always choose to go with an SSL certificate with SHA - 2 as it has a new hash algorithm that complies with industry standards.

Users may come across a Firefox error message like a 'Secure Connection Failed' if there's a failure to establish a secure connection.

Suppose your website fails to display site lock correctly or does not provide correct information. In that case, it's recommended to contact Certificate Authority from whom you purchased the SSL certificate and inquire about it.

Sometimes, servers require another format of SSL certificate. Likewise, to change the format of the SSL certificate extension, you can go for the freely available SSL Converter Tool of our website.

It's recommended and easier to create new CSR on the new machine and have your SSL certificate reissued.

Before SSL installation begins on your web server, it's recommended you go through the below-mentioned steps:

Buy an SSL certificate through a trusted CA (Certificate Authority) like Sectigo or Comodo.
Generate the CSR and complete the validation process.
Save your generated CSR and Private Key on your computer system or external hard drive.
Store all your SSL certificate files like Sever, Intermediate & Root Certificate that you got issued by the CA (Certificate Authority)
If required, download the Intermediate certificate bundle from the CAs website.

Usually, SSL certificates are issued by the CA (Certificate Authority). But, in addition, they have their own Trusted Root CA certificates, such as Sectigo and Comodo, which are known vendors for web browsers as trusted CA (Certificate Authority). Henceforth, their Trusted Root Certificates are mostly pre-installed in browsers, which helps establish immediate trust.

On the other hand, some CAs (Certificate Authorities) don't have their Trusted Root CA certificate within the browsers or don't have their own. Therefore, to gain the trust of such CA's SSL certificates, it's essential to use a "chained root." Here, a "chained root" are those SSL certificates that a CA issues along with the Trusted Root CA certificate, which helps the browser recognize Trusted Root CA. Likewise, it's not easy to install chained root certificates, and some of the webservers are not even compatible with them.

The installation of an SSL certificate differs from one server and device to another. Likewise, we've got a list of guides on installing an SSL certificate based on your server. So, if you don't want an SSL installation as a service, you can go through these guides to install it yourself.

You can go through an online SSL checker tool and know whether your SSL certificate is installed correctly or not.

Yes, we offer 24x7 technical support through email, phone, and chat if you've any queries or issues regarding the SSL certificate purchase or vetting process. Similarly, we also provide an SSL installation service if you want us to install an SSL certificate for your website.

SSL certificate offered by respected certificate authority like Comodo and Sectigo comes with a maximum validity period of 1 year. However, you can purchase a bundle for multiple years at a lower price if you want.

Renewing an SSL certificate is quite similar to purchasing a new SSL certificate. For instance, users must purchase, generate CSR, validate, and install the renewed SSL certificate. However, suppose you renew your SSL certificate before it expires. In that case, you may get an advantage of some discount, or you may be allowed to skip some validation process, which makes it easier to get an SSL certificate issued.

It depends upon the certificate authority you choose for your SSL certificate. For instance, certificate authority considers previous documents for completing the renewal process of SSL certificate if the details haven't been changed. Likewise, you'll need to provide additional documents to fulfill the requirement if it's outdated.

For instance, you can reuse your previously provided documents with the EV and OV SSL certificate if the original validation process completes within 13 months. And if you renew your SSL certificate after 13 months, you'll need to follow the entire process of submitting documents to complete the vetting process from the beginning.

Yes, there's no restriction on using the same CSR for renewing your SSL certificate. But, it's less secure, and due to that, it's recommended you create a new CSR and Private Key for renewing your SSL certificate.

A Wildcard SSL certificate helps secure one main domain with an unlimited number of its associated sub-domains. Furthermore, the Wildcard SSL certificate provides the same strong 256-bits encryption standard for the primary domain and all sub-domains. Therefore, it's among the recommended choices for securing websites with multiple sub-domains.

To secure sub-domains, the user must purchase a Wildcard SSL certificate, and then at the time of generating CSR, an asterisk is used. For instance, *.domain-example.com secures the first level sub-domain.

Some examples of securing different types of first-level sub-domains with the wildcard SSL certificate are:

egdomain-name.com
www.egdomain-name.com
blogging.egdomain-name.com
user101.egdomain-name.com
newschan.egdomain-name.com
loginpg.egdomain-name.com
anotherexample.egdomain-name.com

Users are generally aware that the Wildcard SSL certificate secures an unlimited number of first-level sub-domains. However, many times question arises whether it's possible to secure second-level sub-domains like another-example.blogeg.egdomain.com. The answer is yes, it's possible to secure a second-level sub-domain, but you'll require to purchase another Wildcard SSL certificate.

Henceforth, by purchasing another Wildcard SSL certificate, you'll be able to secure second-level sub-domains like:

Usr1.blog.domain-example.com
Usr2.blog.domain-example.com
Usr3.blog.domain-example.com
Usr4.blog.domain-example.com

No, you can't secure SAN (multiple) domains using a Wildcard SSL certificate because the primary function of a wildcard SSL certificate is to secure an unlimited number of sub-domains, not multiple domains. Henceforth, it's impossible to secure a SAN domain using a Wildcard SSL certificate.

Please go through our CSR Generation Tool to generate CSR for your sub-domains (wildcard domains). And, if you're looking to secure 5 sub-domains like:

blog.eg-domain.com
news.eg-domain.com
login.eg-domain.com
usr1.eg-domain.com
usr2.eg-domain.com

Likewise, the user will only need to generate the CSR for *.eg-domain.com.

To secure sub-domains of multiple domains, you'll need to purchase Multi Domain Wildcard SSL certificate offered by certificate authorities like Sectigo or Comodo. It secures multiple websites with unlimited sub-domains of multiple websites that you secure.

Suppose the user has purchased Wildcard SSL certificate *.eg-domain.com that wildcard SSL will only secure first-level sub-domains. However, if the user purchases a wildcard for *.eg1.eg-domain.com, then the wildcard SSL will help secure second-level sub-domains.

In other words, to secure second-level sub-domains, users will be required to purchase a wildcard SSL certificate to secure second-level sub-domains.

Yes, you can secure one domain with unlimited associated sub-domains using one wildcard SSL certificate. Likewise, you can even secure using a separate SSL certificate if you want. However, the Wildcard SSL certificate option isn't available as an EV SSL certificate, and you'll need to purchase a separate EV SSL certificate to secure your sub-domains.

You can use the same Wildcard SSL certificate to secure different physical servers and IP addresses.

All Multi Domain SSL certificate comes with a SAN feature that permits you to secure up to 250 domains.

Note: All SAN domain entirely depends upon the CA (Certificate Authority).

For instance, if you're looking to secure up to 10 FQDN, you can secure one domain and 9 SAN domains through one Multi Domain SSL certificate. Likewise, most Multi-Domain SSL certificate offers 2 to 4 free SANs in the package. Likewise, you'll need to purchase other additional SANs according to your requirement.

With the help of a SAN certificate, you'll be able to secure multiple domains such as:

www.eg-domain.com
eg-domain.com
eg-domain2.net
blog.eg3.org
otherdomain-name.com

You can secure up to 250 domains using a multi-domain SSL certificate.

Yes, you can add wildcard domains using a SAN SSL certificate.

In the beginning, Microsoft partnered with some of the Certificate Authorities for creating Unified Communications Certificates (UUCs). However, due to advanced SSL technology, Microsoft Servers can be secured using a Multi-Domain SSL certificate besides UCCs.

CAs (Certificate Authorities) such as Comodo and Sectigo offer an SSL certificate with an unlimited server licensing policy. So, if you buy an SSL certificate from such CA, you'll be allowed to add as many IP addresses and servers as you want.

Yes, the issuing CA (Certificate Authority) like Sectigo and Comodo provides a site seal for all your SAN domains.

A code signing certificate is an X.509 digital security certificate, which works as a wax seal of a letter but in a digital format for your software, applications, and scripts. It allows software developers and publishers to safely distribute their developed software or application over the internet.

Furthermore, a code signing certificate helps boost the trust and confidence of users as it conveys the message that software or an application user is downloading or installing is coming from a trusted source and hasn't been altered for forgery purposes. Lastly, it helps secure software or application build using different platforms such as:

Mozilla Object Files
Microsoft Authenticode user and kernel mode files
MS office Macro files & Visual Basic for Applications
Microsoft Windows 7, 8 & 10
Microsoft Office
Adobe Air applications
Java applications and java applets

No, you can't sign and secure E-Documents like Microsoft Word documents. Likewise, you'll need a Document Signing certificate for securing such E-Document files.

There are two types of code signing certificate Standard (OV) Code Signing certificate and EV (Extended Validated) Code Signing certificate.

Code Signing certificate offered by respected Certificate Authority like Sectigo and Comodo takes up to three days for Standard OV Code Signing certificate and up to five days for EV Code Signing certificate. Likewise, an OV Code Signing certificate is offered for both organizations and individual software developers.

If your login credential fails to work, you always have an option to reset your password. Likewise, if it fails, you can always reach us through an email [email protected] and let us know about your issue. And, we'll provide you with the solution.

For changing your order confirmation email address, you'll need to change your email address in your profile details, or else you'll require to send us an email at [email protected].

CheapSSLWeb.com provides a refund only if your refund request has been processed within the first 30 days of the original date of purchase. Likewise, once you process the request for the refund, our Support Team will process your request as early as possible and provide you the refund according to your choice, such as a store credit or refund to your account.

No, there's no limitation. You can purchase as many SSL certificates as you want. However, you'll need to fulfill the verification process according to your purchased SSL certificate.

At CheapSSLWeb.com, all major credit cards like American Express, MasterCard & Visa, and PayPal is accepted.

FAQs

SSL Certificate and Code Signing Certificate FAQs

Our Trusted Clients

FAQs

SSL Certificate and Code Signing Certificate FAQs

How Does an SSL Certificate Offered by a Respected Certificate Authority Work?

What Are the Types of SSL Certificates?

What Are the Types of Data an SSL Certificate Contains?

Is It Recommended to Use Free SSL Certificate?

What Does Site Seal Means?

What Are Intermediate & Root Certificate in SSL?

What Does Encryption Key Mean?

What Is an SHA – 2 Algorithm?

What Are Private & Public Keys in SSL?

What's a Wildcard SSL Certificate?

What's a Multi-Domain SSL Certificate?

What's an EV SSL Certificate?

What's the Difference Between Domain Validated and Organization Validated SSL Certificate?

How to Secure an E-commerce Business Website Using an SSL Certificate?

Which Web Servers Are Compatible With SSL Certificates?

What's the Difference Between Site Seal and SSL Certificates?

Is It Possible to Secure Multiple Websites Using a Single SSL Certificate?

Do I Require Warranty?

Does SSL Miss Issuance Occur?

What Should Be My Budget for Purchasing an SSL Certificate?

What's the SSL Certificate Encryption Strength?

How Does CA (Certificate Authority) Validate My Business?

Domain Registration Information of My Website Is Kept Private Will the CA Issue an SSL Certificate?

How Long Does It Take CA to Issue My SSL Certificate?

How to Generate a CSR?

Which Root Certificate Length Should I Go for?

How to Get the Private Key?

What to Do if I Unknowingly Delete or Lose the Private Key?

Where Should I Save the Private Key of My SSL Certificate?

How to Check CSR Information?

My Private Key and CSR Information Are Not Matching With Each Other, So What I Suppose to Do?

Why I'm Not Able to Decode My CSR?

Is SHA – 1 Algorithm Still Used?

How to Resolve a 'Secure Connection Failed' Error Message in Mozilla Firefox?

What Should I Do My Website Is Not Displaying the Site Lock Correctly?

How to Convert the Format of My SSL Certificate?

How to Move My SSL Certificate if I Change My Server or Move to a Different Provider?

Is There Any Checklist I Need to Follow Before Installing an SSL Certificate on My Webserver?

Do I Need an Intermediate or a Root SSL Certificate?

How to Install an SSL Certificate?

How Can I Know if My SSL Certificate Is Installed Correctly?

Do I Get Technical Support After Purchasing an SSL Certificate?

What's the Maximum Validity Period of an SSL Certificate?

How to Renew an SSL Certificate?

During the Renewal of My SSL Certificate, Will the Certificate Authority Ask for Documents Again?

Is It Possible to Use the Same CSR When Renewing My SSL Certificate?

What Types of Formats Can I Secure Using a Wildcard SSL Certificate?

Can I Secure *.*.domain.com Using Wildcard SSL Certificate?

Can I Secure a SAN Domain Using a Wildcard SSL Certificate?

How to Generate CSR for Sub-domains & Which Domain Name to Use for Generating the CSR?

If Wildcard SSL Can't Secure Sub-domains of Multiple Domains, Which Type of SSL Certificate Shall I Look for?

How Does a Wildcard SSL Certificate Help Secure a Second-Level Domain?

Can I Secure My Domain and Other Two Sub-domains Using a Wildcard SSL Certificate, or I'll Need to Purchase Three SSL Certificates?

Is It Possible to Use the Same Wildcard SSL Certificate for Different Physical Servers and IP Addresses?

How to Use Multi-Domain SSL Certificate?

How Many Multiple Domains Can I Secure Using a Multi Domain SSL Certificate?

Is It Possible to Secure Wildcard Domains As SAN Domains?

Is It Mandatory to Use a Multi-Domain SSL Certificate for Securing Exchange Server and Microsoft Office Communication?

Is It Possible to Secure Multiple IP Addresses & Physical Servers?

Does the Issuing CA (Certificate Authority) Provide a Site Seal for All Your SAN Domains?

What Does a Code Signing Certificate Mean?

Can I Digitally Sign and Secure E-documents Using a Code Signing Certificate?

What Are the Types of Code Signing Certificates?

How Much Time Is Taken for a Code Signing Certificate to Get Issued?

What Should I Do My Login Credentials Aren't Working?

How Can I Change My Email Address for Order Confirmation?

How Long Is the Time Period of Your Refund Policy?

Is There Any Specific Limit to the Number of SSL Certificates I Can Purchase?

Which Payment Methods Are Accepted by CheapSSLWeb.com?

Our Trusted Clients