Leading Brands Quick Validation 24/7 Support
General SSL Knowledge Questions
When a client (internet user) attempts to access a website that is equipped with a working SSL Certificate, the client's browser initiates the following steps:
Hide
There are three main types of SSL Certificates:
Wildcard SSL & Multi-Domain SSL are extra features offered by Certificate Authorities to manage multiple functions with a single certificate.
An SSL certificate file contains a digitally signed cryptographic key. This cryptographic key contains the following information:
Root Certificate: In public key infrastructure, a root certificate is an unsigned public key certificate or a self-signed certificate that identifies the root Certificate authority.
Intermediate Certificate: Intermediate certificates are used to keep root certificates secured behind various security layers to ensure that the keys are not accessible. They act as a bridge between root certificates and SSL certificates.
An encryption key is a digital file used to control the encryption (and sometimes decryption) of data. The use of an encryption key and an encryption protocol (like SSL/TLS) turns plain text into cipher text, allowing for secure transmission of data. The strength of encryption keys are measured in bits (2048-bit, 4096-bit, etc).
SHA stands for Secure Hash Algorithm.
SHA-1 Algorithm: SHA-1 is a cryptographic hash function that delivers security with its 160-Bit hash value. Is carries a 40 digit-long hexadecimal number (SHA-1 is now obsolete).
SHA-2 Algorithm: SHA-2 is a cryptographic hash function that carries hash values of 224, 256, 384 and 512-Bits. This is the new industry standard and highly recommended.
Multi-year SSL Certificates offer significant advantages of over Single-year SSL Certificates—you save money as certificates with longer lifespans are typically sold at a lower cost per year than their single-year counterparts. Plus, you won’t need to go through the purchasing process as frequently, saving you time.
The SSL protocol uses "asymmetric encryption" which relies on two different encryption keys. One key handles encryption (the public key) and the other key handles decryption (the private key). This encryption method allows two devices to securely communicate without any prior interaction.
Public Key: This key is part of your SSL certificate and is available to every client that connects to your server. The client encrypts their data with the public key, and then transmits it across the internet.
Private Key: This key is generated by you (the owner of the certificate/server) and should be kept securely. When data encrypted by your public key reaches your server, the private key is used to decrypt that data so it can be read. Never share your private key with anyone or transmit it over an insecure format (like email). If someone else gets a copy of your private key, they can decrypt all the information sent to your server. If this happens, please reissue your certificate with a new CSR to pair it to a new key.
Wildcard SSL certificates are a type of certificate which allow you to secure an unlimited number of Sub-Domains at a specific level (i.e. Domain Validation or Organization Validation, Wildcard SSL Certificates are not available at the Extended Validation level).
Using wildcard SSL a user can secure
Multi-Domain SSL Certificates are a special type of certificate that allow you to secure your main domain and additional fully qualified domain names on a single certificate.
Using Multi-Domain SSL a user can secure
With Multi-Domain SSL Certificates, you can generally secure up to 250 domains depending on the issuing Certificate Authority (CA).
Extended Validation or EV SSL Certificates provide the highest level of trust and are known for providing legitimacy to the business or organization behind the websites they protect. To receive an EV SSL Certificate, the applicant needs to complete a stringent authentication process that's set forth by the issuing Certificate Authority (CA); additional legal business registration documents may be required for completion. However, don't let this scare you. For any business with its registration information up to date, this process is a breeze.
Domain Validated (DV) SSL Certificates are entry level certificates that mainly focus on providing encryption, but offer very little authentication. To receive a DV certificate, the applicant only needs to demonstrate domain ownership.
Organization Validated (OV) SSL Certificates are standard SSL certificate which validate the identity of the business or organization behind the website via government registration directories or documents. This type of SSL certificate creates a higher level of online trust & confidence compared to DV SSL certificates since the legitimacy of the business is verified by the issuing Certificate Authority and the company's information is displayed within the certificate subject details.
E-commerce businesses need a complex, trusted security environment since their website(s) have to deal with exchanging confidential user information and settling financial transactions. An Extended Validated (EV) SSL certificate is a perfect solution for creating a trusted security environment in an E-commerce business since online trust and confidence are established through verified organization details.
Almost all web servers, mobile servers, mobile OS, and Desktop base OS support SSL Certificates.
A web user's server, database and network devices are vulnerable to cyber attackers. A vulnerability assessment will help users find critical weaknesses in their website, database, network devices, and servers.
SSL Certificates encrypt & secure any data transmitted between a client's web browser and web servers once properly installed/configured.
Site Seals are an online trust symbol that allows websites to display real-time data updates verifying their business' legitimacy and website details which increases online reputation, confidence, and conversion rates.
To secure multiple domains with a single SSL certificate, you must purchase a Multi-Domain (SAN) SSL certificate. This certificate type will allow you to manage and secure multiple domains under one certificate, which not only saves you time and money, but the headache of repeating the SSL process multiple times.
In actuality, the warranty is insurance that protects the CA should they make a mistake. DigiCert takes it a step further, for an additional cost, by providing insurance to protect a compromise of a private key or loss of a certificate. The warranty level specifies the financial protection awarded to end user customers against the CA miss-issuing an SSL Certificate. If a customer suffers financial loss as a direct result of relying on information within a miss-issued SSL Certificate, that loss is protected by insurance held by the CA to cover related claims.
Certificate prices can vary dramatically between CAs–some may cost as much as 40 times more than others! The most important factors are typically the specific application and the source, meaning the need for a known brand certificate that has been issued from a highly trusted and credible CA. SSL certificates are designed for specific environments–some are ideal for development while others are for government or large enterprises. Still others are perfect for sites handling low-volume, low-value transactions. These are all things to consider before making your choice.
SSL Certificates Restricted to One Year on September 1, 2020, the industry stopped issuing 2-year public SSL/TLS certificates. The new maximum validity for public DV, OV, and EV SSL/TLS certificates is 398 days (approximately 13 months). All Certificate Authorities must comply with this new limit and are no longer offering certificates for more than 1 year.
The Comodo HackerGuardian PCI Scanning tool makes it easy and affordable. It automatically scans your external-facing IPs and creates a report showing vulnerabilities as well as how to fix them. The Comodo website scanner also delivers all the required documentation you need to satisfy the banks for reporting quarterly PCI compliance. Doing everything you can to give your customers confidence that you're taking the necessary steps to keep their data safe is crucial to your online success. Thanks to automated reports that point out vulnerabilities and detail how to fix them, custom mitigation advice, and all the documents your bank requires, you can do it quickly and efficiently.
Order Processing Questions
If your login credentials are not working, you can reset your password or email us at [email protected] and reference your issue.
You can use the password reset option if you have the email you created the account with initially. Otherwise, please send an email from the account's administrative email address to [email protected] that includes the original domain name purchased for or the order number and include the date of purchase, the last four digits of the card used, and the amount (USD)
To change your order confirmation email address, please send an email from the account's administrative email address to [email protected] or create a support ticket once you are logged in. Include the order ID and new email details required. We can assist you from here.
We accept American Express, Visa, MasterCard, and PayPal.
CheapSSLSecurity.com will only accept refund requests within 15 days of the original purchase date.
To apply for a refund, please click here and select your order for cancellation. Once the request is on file, our Support Team will promptly process your request and determine if you qualify for a refund.
https://cheapsslsecurity.com/support/refundpolicy.html
To apply for a refund, please go to your order page and select the order in question. Once you open up the order, you will see a Cancel button toward the bottom of the page. Once submitted, our Support Team will review your cancelation request.
Validation/Authentication Questions
With Organizational or Extended Validation SSL Certificates, Certificate Authorities (CAs) will verify applicants' business details using online government business registration databases (i.e. Secretary of State, Companies House, KvK, etc.). If the CAs cannot verify the necessary details, additional business registration documents may be required.
If CAs are authenticating a Domain Validated (DV) SSL Certificate, business details will not be required and applicants will only need to demonstrate domain ownership. To complete this simple requirement, applicants can either prove ownership via Email-Based Authentication or File-Based Authentication.
Please note that the vendor directly cannot use WHOIS email addresses. As a solution to this, set up the email address you chose for the Doman Control Validation email (please note: this is different from the contact information provided during the generation process). If you need to change your DCV email, you can contact your hosting provider or domain registrant to select one of the below five pre-approved alias email addresses:
Also, make sure to check your email provider's spam or junk mail folder. Please note again that due to the CA/Forum updates, sending domain validation emails to a WHOIS email address is no longer possible, even if the WHOIS record is public.
This will depend on what type of validation your SSL certificate requires with the vendor directly. If you need an SSL certificate right away, Domain Validation (DV) SSL, RapidSSL certificates here for instance are issued on the same day. Please note that Organization Validation and Extended Validation certificates can take 3-5 days to issue as they validate your business name. The issuance time can be found in the certificate details and please review our validation information in our knowledgebase here regarding the different types offered.
EV SSL certificates usually take 1-5 business days to be fully reviewed and issued by the vendor. This is done on a case by case basis and can be rushed by our team when contacted by the customer. It can also be expedited by how quickly the customer can accomplish what is requested by the vendor. More information on this process can be found here.
CSR Generation Questions
Try first contacting your server admin or hosting provider to generate a CSR as this is the most secure way to apply for the SSL certificate and ensure it installs properly. If this cannot be done you can alternatively use our online free CSR Generation Tool.
While generating you CSR, please select 2048-bit as your key root length. This is the recommended key-size unless your server specifies otherwise.
Using our free CSR Generator Tool, enter the appropriate certificate details and click the "Generate CSR" button. Our tool will quickly provide you with a valid CSR and private key.
Please save your CSR and Private Key on your server since they are essential during the installation process.
If you have created your CSR on the server or through your hosting provider, please check there to pull the private key file.
If the Private Key cannot be found, no worries, there is a simple solution for this: Please create a new CSR using the same method as before and make sure to save the Private Key on a simple .txt file on your desktop. Your server will automatically make a new Private Key which will correlate with the new certificate as well. From here just go to our site and reissue the certificate with the new CSR and install when issued.
You can save your private key file on your PC, server directory, or hard drive.
To check the information encoded in your CSR, please visit our CSR Decoder Tool and simply paste the CSR into the blank box, then click Check.
If the CSR and private key do not match, please create a new CSR & private key. Unfortunately, there is no quick and easy way to fix a mismatch.
It is either missing one or more required fields or the CSR contains non-alphanumeric characters in the required fields.
Certificate Management Questions
No. The SHA-1 algorithm is no longer considered secure or trusted by most popular web browsers such as Mozilla, Chrome, Microsoft Edge, Safari, etc. We recommend updating your SSL certificate to SHA-2 since this is the new industry standard hashing algorithm.
If your website isn't displaying the 'site lock' properly or providing the correct information, contact the issuing Certificate Authority and inquire about your issue.
Some servers require an SSL certificate to be in a particular format. To change the SSL certificate extension, use the free SSL Converter Tool on CheapSSLSecurity.com.
The easiest way is to create a new CSR on the new machine and have the certificate re-issued.
Certificate Installation Questions
Before installing an SSL Certificate on your server, make sure you complete the following steps:
Most SSL certificates are issued by Certificate Authorities (CAs) who own and use their own Trusted Root CA certificates. GeoTrust and RapidSSL are well known to browser vendors as a trusted issuing authority so their Trusted Root CA certificates have already been added to all popular browsers establishing immediate trust. These are "single root" SSL certificates. RapidSSL is a subsidiary of GeoTrust and owns the Equifax roots used to issue its certificates.
Some CAs don't have a Trusted Root CA certificate present in browsers or don't use the root they own. Instead they gain trust for their SSL certificates by using a "chained root." A "chained root" SSL certificate is issued by a CA with a Trusted Root CA certificate and basically "inherits" the browser recognition of the Trusted Root CA. It's more complicated to install chained root certificates and not all web servers are compatible with them.
CAs who have and use their own Trusted Root CA certificate already present in browsers are known to be stable, credible companies with direct and long-established relationships with all the popular browsers like Microsoft and Netscape.
The installation process for an SSL certificate will be different for various web servers and devices. Here's a list of SSL certificate installation guides; select your server name, perform the recommended steps and complete the installation process in minutes - SSL Certification Installation Guides.
To check installation of the SSL Certificate, use our free SSL Checker Tool and click here.
The certificate authority provides some form of support. We advise first sending a ticket to us or requesting a live chat so we can better direct and expedite your request first. This can get you specific and prompt support for any of the important issues that can arise.
Renewal Questions
SSL certificates are valid for 1-3 years (bundle certificates). Please note that Free SSL certificates are only valid for 30 days, so if you need SSL coverage for the long term, we strongly recommend using a paid SSL certificate.
Renewing an SSL Certificate is very similar to the original SSL process. With renewals, users will have to purchase, generate, validate, and install the renewal SSL certificate. The benefits potential benefits with renewing an SSL certificate are discounts, additional time added, less validation requirements, and confidence that your SSL is properly configured before your website goes down.
The certificate authority will validate this on a case-by-case basis. Previously validated documents can be used to complete or expedite the renewal process. However, additional documents may be required if any certificate details change, or information becomes outdated. If anything is needed, the vendor will send it to the user for completion. Please send to our support anything that needs to be expedited or if you have questions regarding the process.
Yes, you can use the old CSR when generating the renewal SSL Certificate, however, the older private key that will be used to install the renewal certificate is considered less secure, so this is not ideal for security reasons. We recommend creating a new CSR and Private Key when completing the renewal process.
Along with the shortened time period allowed on SSL certificates, the early renewal period has also changed. Previously, you could renew your SSL up to 90 days prior to expiration. The new early renewal period starts within 30 days (one month) of the certificate’s expiration. You may renew your SSL up to 30 days early to benefit from the renewal time rollover provided by the CA.
Code Signing, Email Signing, and Document Signing certificates are not impacted by this change and can still be issued for up to 3 years per certificate. Only SSL certificates have been limited to 1 year.
Code Signing Certificate Questions
Code Signing Certificates are like digital "shrink-wrap" for software/application/files, which allows publishers to distribute their work safely & securely over the internet. These certificates provide confidence to the end-user since no code or content can be maliciously altered or tampered with for fraudulent use.
A Code Signing Certificate can secure the following Desktop/web and mobile based platforms.
Desktop/web Based Platform:
Mobile Based Platform
Certificate Authorities typically take 1-5 business days to complete the authentication process for Code Signing Certificates. Customers must cooperate with all industry requirements and submit all required legal documents if required.
Wildcard SSL Certificate Questions
A Wildcard SSL certificate secures the Root domain and an unlimited number of accompanying subdomains. To secure subdomains, a user needs to buy a Wildcard SSL certificate and then use an asterisk instead of the domain level the subdomains reside at when filling out the CSR—for example, *. domain.com for first-level subdomains. This will secure an unlimited number of sub-domains at the specified domain level.
Here's an example of different kinds of first-level sub-domains a user can secure using wildcard SSL:
Wildcard SSL's main feature is used to secure unlimited first level sub-domains. But a Wildcard can also be used to secure second level sub-domains as well.
Let's look at an example:
To secure user-unlimited.blog.domain.com using a Wildcard SSL Certificate, purchase the Wildcard SSL for *.blog.domain.com.
This will secure the following formats of second level sub-domains.
No, it is not possible.
The main function of a wildcard SSL certificate is to secure unlimited sub-domains. A SAN could be a fully qualified domain (website2.net) or a sub-domain of another base domain (blog.website2.net).
So, it is simply not possible in the case of a Wildcard SSL certificate to add a SAN domain, but you can use a wildcard domain as SAN. You could also invest in a Multi-Domain Wildcard, which gives you both Wildcard and SAN functionality.
To generate a CSR for your wildcard domain, visit our CSR Generator Tool.
Now suppose a user wishes to secure his 5 sub-domains, let's say
The user only needs to generate the CSR for: *.example-domain.com.
To secure multiple domains and their sub-domains using a single SSL Certificate, CheapSSLsecurity.com is offering several products known as Multi-domain Wildcard SSL certificates.
Features of Multi Domain Wildcard SSL Certificate:
Certificate Authorities like Sectigo and DigiCert are offering Multi-Domain Wildcard SSL Certificates, which come available at either the Domain Validation (DV) or Organization Validation (OV) levels.
1.Comodo Multi Domain Wildcard certificates
If a customer's buys a wildcard SSL certificate for *.example-domain.com, it is securing first-level sub-domains. But if a customer buys wildcard SSL for *.blog.example-domain.com, then the wildcard will be securing second-level sub-domains.
Just like with first-level sub-domains, the wildcard SSL will also work for second-level sub-domains.
By purchasing a wildcard SSL certificate for *.blog.example-domain.com, the user can secure second-level sub-domains as we explained in Questions 2.
Either works; it comes down to cost and how much administrative work is necessary. If you're only securing two sub-domains, it may be cheaper to purchase single-domain certificates in some cases. Remember, this will mean installing three certificates and keeping track of three renewal dates. In most other cases, though, it may still be less expensive (and involve less administrative burden) if you opt for the Wildcard SSL. At any point during the lifespan of your wildcard, if more sub-domains are needed, you'd simply need to re-issue, and you would have encryption for the new sub-domains as well.
Yes, a user can use the same wildcard SSL Certificate with the same CSR and Private Key on different IP addresses and physical servers.
The limits on the number of physical servers and IP addresses you may use your certificate on depends on the Certificate Authority.
Certificate Authorities like Sectigo and DigiCert offer wildcard SSL certificates with an unlimited server license policy. So, the customer does not need to face any hassle when installing a wildcard SSL certificate on multiple IP addresses and physical servers.
Multi Domain SSL Certificate FAQs
A Multi-domain SSL Certificate comes with a SAN (Subject Name Alternative) feature, which allows a user to secure up to 250 domains.
Note: The numbers of SAN domain are depending on the Certificate Authority.
So, if you wish to secure 10 fully qualified domains under a single Multi-Domain SSL certificate, you need to buy a Multi-Domain SSL Certificate and 9 SAN domains. Most Multi-Domain certificates come with 2-4 SANs packaged along with them, but you will have to purchase additional SANs as needed.
Using a SAN certificate the user can secure following types of domains:
With a Multi Domain SSL Certificate, you can secure up to 250 multiple domains. (Note: you can also add a wildcard certificate as SAN domain).
Yes, a customer can add a wildcard domain as a SAN. In answer 1 we discussed all of the various formats of domains a customer can secure with a Multi-Domain Certificate.
Originally, in order to enable maximum security for Office Communication and Exchange Server users, Microsoft partnered up with a few public X.509 SSL Certificate authorities (CAs) to create UCCs (Unified Communications Certificates).
Nowadays, as SSL technology has advanced Microsoft Servers can use just about any Multi-Domain certificate—not just UCCs. Still, we sell a selection of Microsoft-suggested certificates to help you secure MS Exchange and Office Communications servers.
UCC SSL Certificates that CheapSSLsecurity.com offers:
The following Microsoft Article will help users to learn more about UCC SSL and Microsoft Office communication & Exchange server security - https://support.microsoft.com/en-in/help/929395/unified-communications-certificate-partners.
Certificate Authorities (CAs) like Sectigo and DigiCert offer SSL certificates with unlimited server license policy. That means if you have purchased an SSL Certificate, you can add it to any number of servers and IP addresses.
Yes, Certificate Authorities offers Site Seals for all your SAN domains. So, you can activate site seals on all your SAN domains.
0
