SSL FAQ

Your most common SSL questions answered

How does an SSL certificate work?

When a client (internet user) attempts to access a website that is equipped with a working SSL Certificate, the client's browser initiates the following steps:

  • First, the client's browser requests the server of the website for identification purposes.
  • The server then responds by sending a copy of the SSL certificate.
  • The client's browser checks the SSL certificate copy and analyzes whether to trust the certificate or not, it then sends a message to the server.
  • If the certificate is trusted the server sends a digitally signed acknowledgement so the client's browser can start an encrypted session.
  • Once the digitally signed acknowledgement is received, encrypted communication starts between server & the client's browser.
  • Finally, after all of this, the HTTPS protocol will be visible.

Hide

What are the types of SSL certificates available?

There are three main types of SSL Certificates:

  • Domain Validation (DV) SSL
  • Organization Validation (OV) SSL
  • Extended Validation (EV) SSL

Wildcard SSL & Multi-Domain SSL are extra features offered by Certificate Authorities to manage multiple functions with a single certificate.

Hide

What kind of data does an SSL certificate contain?

An SSL certificate file contains a digitally signed cryptographic key. This cryptographic key contains the following information:

  • Website URL
  • Organization information
  • Issuer information
  • Certificate validity period
  • Public key
  • The SSL version.

Hide

Is it beneficial to use a Free SSL certificate?

It depends on your needs. Any user can have a free SSL certificate. They are accepted by all browsers. However, free SSL certificates have some limitations such as:

  • They are mainly used for testing
  • Limited lifetime (1-2 months - depending on CA)
  • Domain validated only
  • Low trust factor – minimal security indicators displayed

Hide

What is a Site seal (Secured seal)?

A Site Seal is a symbol of online trust that indicates an organization has taken steps to protect its customer's security & online reputation. It helps offer customers greater assurance while doing transactions.

green address bar

Hide

What are Root & Intermediate Certificates?

Root Certificate: In public key infrastructure, a root certificate is an unsigned public key certificate or a self-signed certificate that identifies the root Certificate authority.

Intermediate Certificate: Intermediate certificates are used to keep root certificates secured behind various security layers to ensure that the keys are not accessible. They act as a bridge between root certificates and SSL certificates.

Hide

What is the Green Address bar?

The Green Address bar is a visual indicator for websites secured with Extended Validation (EV) certificates. The URL of that website will be displayed in green along with the organization's name and country code, which indicates the website's legitimacy and security.

Greenbar Image

Hide

How can I display my organization's name in the URL?

To display your organization's name in the address bar, you will need to secure your website with an Extended Validation (EV) SSL Certificate.

green address bar

Hide

What is an encryption key?

An encryption key is a digital file used to control the encryption (and sometimes decryption) of data. The use of an encryption key and an encryption protocol (like SSL/TLS) turns plain text into cipher text, allowing for secure transmission of data. The strength of encryption keys are measured in bits (2048-bit, 4096-bit, etc).

Hide

What are the SHA-1 and SHA-2 algorithms?

SHA stands for Secure Hash Algorithm.

SHA-1 Algorithm: SHA-1 is a cryptographic hash function that delivers security with its 160-Bit hash value. Is carries a 40 digit-long hexadecimal number (SHA-1 is now obsolete).

SHA-2 Algorithm: SHA-2 is a cryptographic hash function that carries hash values of 224, 256, 384 and 512-Bits. This is the new industry standard and highly recommended.

Hide

How do I get the green address bar?

To get a green address bar, you will need to secure your website with an Extended Validation (EV) SSL certificate. This certificate increases online confidence and customer trust since users can see important details associated with the website's owner (Organization Name and Country Code) right in the address bar.

Hide

Which is better: Multi-year or Single year SSL Certificate?

Multi-year SSL Certificates significant advantages of over Single-year SSL Certificates for several reasons. With a Multi-year SSL Certificate not only do you save time generating, validating and installing certificates on your domain – you do it just once and it's good for two or three years, as opposed to having to do it once per year over that period of time – but you also save money as Certificates with longer lifespans are typically sold at a lower cost per year than their Single-year counterparts.

Hide

What are public keys and private keys?

The SSL protocol uses "asymmetric encryption" which relies on two different encryption keys. One key handles encryption (the public key) and the other key handles decryption (the private key). This encryption method allows two devices to securely communicate without any prior interaction.

Public Key: This key is part of your SSL certificate and is available to every client that connects to your server. The client encrypts their data with the public key, and then transmits it across the internet.

Private Key: This key is generated by you (the owner of the certificate/server) and should be kept securely. When data encrypted by your public key reaches your server, the private key is used to decrypt that data so it can be read. Never share your private key with anyone or transmit it over an insecure format (like email). If someone else gets a copy of your private key, they can decrypt all the information sent to your server. If this happens, please reissue your certificate with a new CSR to pair it to a new key.

Hide

What is a Wildcard SSL certificate?

Wildcard SSL certificates are a type of certificate which allow you to secure an unlimited number of Sub-Domains at a specific level (i.e. Domain Validation or Organization Validation, Wildcard SSL Certificates are not available at the Extended Validation level).

Using wildcard SSL a user can secure

  • yourdomain.com
  • abc.yourdomain.com
  • anything.yourdomain.com
  • etc.yourdomain.com

Hide

What is a Multi-Domain SSL Certificate?

Multi-Domain SSL Certificates are a special type of certificate that allow you to secure your main domain and additional fully qualified domain names on a single certificate.

Using Multi-Domain SSL a user can secure

  • youdomain.com
  • yourdomain1.com
  • yourdomain2.com
  • yourdomain-etc.com

With Multi-Domain SSL Certificates, you can generally secure up to 100 domains depending on the issuing Certificate Authority (CA).

Hide

What is an EV SSL Certificate?

Extended Validation or EV SSL Certificates are considered the #1 facilitators of online trust. Due to the stringent authentication process behind the certificate and the trusted visible security indicator known as the Green Address Bar, which displays the verified organization name and country code, EV SSL Certificates are known for providing an air legitimacy to the business or organization behind the websites they protect.

To receive an EV SSL Certificate, the applicant needs to complete a stringent authentication process that's set forth by the issuing Certificate Authority (CA); additional legal business registration documents may be required for completion. However, don't let this scare you. For any business with its registration information up to date, this process is a breeze.

Hide

What is the difference between Domain Validated and Organization Validated Certificates?

Domain Validated (DV) SSL Certificates are entry level certificates that mainly focus on providing encryption, but offer very little authentication. To receive a DV certificate, the applicant only needs to demonstrate domain ownership.

Organization Validated (OV) SSL Certificates are standard SSL certificate which validate the identity of the business or organization behind the website via government registration directories or documents. This type of SSL certificate creates a higher level of online trust & confidence compared to DV SSL certificates since the legitimacy of the business is verified by the issuing Certificate Authority and the company's information is displayed within the certificate subject details.

Hide

How do I properly secure an E-commerce business with an SSL Certificate?

E-commerce businesses need a complex, trusted security environment since their website(s) have to deal with exchanging confidential user information and settling financial transactions. An Extended Validated (EV) SSL certificate is a perfect solution for creating a trusted security environment in an E-commerce business since online trust and confidence are established when the Green Trust Bar is proudly displayed across the top of the company's website(s).

Hide

Which Servers are compatible with SSL certificates?

Almost all web servers, mobile servers, mobile OS, and Desktop base OS support SSL Certificates.

Hide

What browser recognition is required?

Browser recognition or ubiquity refers to the approximate percentage of Internet users that will inherently trust an SSL certificate. The rule of thumb for a commercial site is an SSL certificate with more than 95% browser ubiquity.

Certificate Authorities who own their own roots have Root CA Certificates that are added into releases of all the major browsers such as Internet Explorer, Netscape, Opera, etc… by the browser vendor (such as Microsoft). Browsers automatically rely on a list of root CA certificates that the browser vendor has deemed trustworthy. SSL certificates issued by a trusted root CA are inherently trusted by the browser and the gold padlock will appear transparently during secure sessions. When a browser 'sees' a website using an SSL certificate issued by a CA root it does not trust, the website visitor will see a warning message. Obviously for maximum reach you want the highest number of online users to trust your SSL certificate.

Hide

What is 'Seal-In-Search'?

Seal-In-Search is a technology that displays the trusted Norton Secured Seal next to the search results in search engines (i.e. Google). This indicates the website is verified and trusted by Symantec–before even clicking the website link. “Seal-in-Search” is a feature exclusive to Symantec products.

Hide

How credible and stable is the Certificate Authority issuing the SSL certificate?

One of the fastest and easiest ways for your visitors and customers to know your SSL certificate is credible is if it's automatically recognized by the popular browsers. That means it was issued by a well-established, credible CA that owns its own trusted root. It's important for both you and your customers to identify the issuing CA and validate their integrity. By simply double-clicking the padlock visible in the browser and choosing the 'Certification Path' once the SSL Certificate appears you can identify which trusted root CA issued the certificate. You can also confirm the issuing CA through your browser toolbar by clicking on 'Tools,' 'Internet Options' and choosing 'Content,' 'Certificates,' then selecting the 'Trusted Root Certification Authorities' tab. Long-term CA stability is particularly important for enterprise solutions. GeoTrust owns the Equifax root (Equifax Digital Certificate services became GeoTrust in 2001). RapidSSL.com's RapidSSL and RapidSSL Wildcard product own their own root. If the CA relies on an intermediate certificate it's important to know the long-term stability of that CA as well as the strength and stability of their relationship with the original CA.

In addition to owning its own trusted root, a CA's financial stability is also important to know. We recommend enterprise class accounts research the business health of each CA.

Hide

Which are the most trusted SSL Certificate Authorities (brands)?

All leading SSL Certificate Authorities (CAs) are trusted and their SSL certificates considered secured. As per W3Tech's recent survey on SSL Certificate Authorities, Comodo is the most popular SSL brand & Symantec is a close second. To view the survey, please click the link below: https://w3techs.com/technologies/overview/ssl_certificate/all.

Hide

What is Vulnerability Assessment?

A web user's server, database and network devices are vulnerable to cyber attackers. A vulnerability assessment will help users find critical weaknesses in their website, database, network devices, and servers.

Symantec offers free daily vulnerability assessments with select products.

Hide

What is the difference between an SSL Certificate and Site Seal?

SSL Certificates encrypt & secure any data transmitted between a client's web browser and web servers once properly installed/configured.

Site Seals are an online trust symbol that allows websites to display real-time data updates verifying their business' legitimacy and website details which increases online reputation, confidence, and conversion rates.

Hide

How do I secure multiple domains using a single SSL certificate?

To secure multiple domains with a single SSL certificate, you must purchase a Multi-Domain (SAN) SSL certificate. This certificate type will allow you to manage and secure multiple domains under one certificate, which not only saves you time and money, but the headache of repeating the SSL process multiple times.

Hide

Are Symantec SSL certificates available for multiple servers?

Yes, Symantec SSL certificates can be installed on multiple servers, but additional server licenses must be purchased in order to do so.

Hide

Do I need a warranty?

In actuality, the warranty is insurance that protects the CA should they make a mistake. Symantec™ takes it a step further, for an additional cost, by providing insurance to protect a compromise of a private key or loss of a certificate. The warranty level specifies the financial protection awarded to end user customers against the CA miss-issuing an SSL Certificate. If a customer suffers financial loss as a direct result of relying on information within a miss-issued SSL Certificate, that loss is protected by insurance held by the CA to cover related claims.

Hide

How likely is a miss-issuance?

Every WebTrust compliant CA has passed certification to make sure proper procedures and policies are in place that make the chances of a miss-issuance highly unlikely. That's why many WebTrust compliant CAs offer no warranty.

Hide

What budget do I have for my certificate?

Certificate prices can vary dramatically between CAs–some may cost as much as 40 times more than others! The most important factors are typically the specific application and the source, meaning the need for a known brand certificate that has been issued from a highly trusted and credible CA. SSL certificates are designed for specific environments–some are ideal for development while others are for government or large enterprises. Still others are perfect for sites handling low-volume, low-value transactions. These are all things to consider before making your choice.

Hide

What certificate strength is required?

There are two primary certificate strengths available–40-bit and 128-bit. Today you can also get 256-bit with the use of specific browsers (currently Firefox) and a specific web server (currently Apache). All RapidSSL.com and GeoTrust certificates support 256-bit encryption.

The bit size indicates the length of the key size used for encryption during a secure SSL session. To see the current encryption strength simply hover the mouse over the gold padlock.

Hide

What if my login credentials are not working?

If your login credentials are not working, you can reset your password or email us at support@cheapsslsecurity.com and reference your issue.

Hide

I cannot remember or have lost my login details?

If you have your original order number, you can use the automated password reminder system. Otherwise an email must be sent from the account's administrative email address to support@cheapsslsecurity.com that includes the original domain name it was purchased for or the original order number.

Hide

How do I change my order confirmation email address?

To change your order confirmation email address, simply email us at support@cheapssslecurity.com and include the new email details.

Hide

What are the available payment methods?

We accept American Express, Visa, MasterCard, and PayPal.

Hide

How long is your refund policy?

CheapSSLSecurity.com will only accept refund requests within 15 days of the original purchase date.

To apply for a refund, please click here and select your order for cancellation. Once the request is on file, our Support Team will promptly process your request and determine if you qualify for a refund.

If you do not qualify for a full refund, we can alternatively apply the amount towards store credit or proceed with a replacement order.

Hide

How do I cancel my order?

To apply for a refund, please click here and select your order for cancellation. Once the request is on file, our Support Team will promptly process your request and determine if you qualify for a refund.

Hide

Is there a limit to the number of certificates I can order?

There's no limit on the quantity of RapidSSL or RapidSSL Wildcard certificates you can order. Get as many as you need! There is a limit of one FreeSSL certificate per domain name. FreeSSL is strictly a test certificate so you can evaluate using RapidSSL.com for your production certificates.

Hide

How does a Certificate Authority validate my business?

With Organizational or Extended Validation SSL Certificates, Certificate Authorities (CAs) will verify applicants' business details using online government business registration databases (i.e. Secretary of State, Companies House, KvK, etc.). If the CAs cannot verify the necessary details, additional business registration documents may be required.

If CAs are authenticating a Domain Validated (DV) SSL Certificate, business details will not be required and applicants will only need to demonstrate domain ownership. To complete this simple requirement, applicants can either prove ownership via Email-Based Authentication or File-Based Authentication.

Hide

My domain registrar information is private; will the Certificate Authority (CA) still be able issue my SSL certificate?

Yes. Ideally, the CA would like your domain registrar information to be publicly viewable. However, if you have a privacy setting enabled on your WHO.IS record, applicants can alternatively demonstrate domain ownership through one of the five pre-approved alias emails:

  • admin@[domain.com]
  • administrator@[domain.com]
  • webmaster@[domain.com]
  • hostmaster@[domain.com]
  • postmaster@[domain.com]

Once the domain confirmation email is on file, the applicant must follow simple instructions or links to verify ownership, which will satisfy this requirement.

Hide

How long does it take to issue my Certificate?

There are several options. If you need an SSL certificate right away, immediate issuance certificates use fast validation methods. RapidSSL and FreeSSL are issued immediately. If you can wait 3-5 days, established vendors use slower traditional validation methods. Be sure to review our validation information to understand what standard methods entail and to help you ask the right questions from our vendors.

Hide

How many days will it take to Issue an Extended Validated (EV) SSL Certificate?

EV SSL certificates usually take 1-5 business days to get issued depending on the Certificate Authority and how cooperative the certificate applicant is.

Hide

How do I Generate a CSR?

If you are unable to generate the CSR directly on your web server and do not have proper server documentation, you can alternatively use our online free CSR Generator Tool.

Hide

Which Root certificate lengths should I select?

While generating your CSR, please select 2048-bit as your key root length.

Hide

How can I get the private key?

Using our free CSR Generator Tool, enter the appropriate certificate details and click the "Generate CSR" button. Our tool will quickly provide you with a valid CSR and private key.

Please save your CSR and Private Key on your server since this is essential during the installation process.

Hide

What if I accidently lose or delete the Private Key?

Since we are all human, we might accidentally lose or delete the important Private Key–it happens. If this happens to you, please create a new CSR directly on your server and reissue your SSL certificate. During the process of making a new CSR, your server will automatically make a new Private Key which will correlate with the new reissued SSL certificate during installation.

Hide

Where should I save the private key?

You can save your private key file on your PC, server directory, or hard drive.

Hide

How can I check the information on my CSR?

To check the information encoded in your CSR, please visit our CSR Decoder Tool and simply paste the CSR into the blank box, then click Check.

Hide

My CSR and private key are not matching, what should I do now?

If the CSR and private key do not match, please create a new CSR & private key. Unfortunately, there is no quick and easy way to fix a mismatch.

Hide

It says my CSR cannot be decoded?

It is either missing one or more required fields or the CSR contains non-alphanumeric characters in the required fields.

Hide

Is SHA-1 algorithm still effective?

No. The SHA-1 algorithm is no longer considered secure or trusted by most popular web browsers such as Mozilla, Chrome, Internet Explorer, Safari, etc. We recommend updating your SSL certificate to SHA-2 since this is the new industry standard hashing algorithm.

Hide

How do I resolve a 'Secure Connection Failed' error in Firefox?

Firefox may trigger a "Secure Connection Failed" error if a secured connection cannot be established. To troubleshoot this warning, reference this link and perform the following steps: http://bit.ly/secure-connection-failed.

Hide

What if my website does not display the site lock properly?

If your website isn't displaying the 'site lock' properly or providing the correct information, contact the issuing Certificate Authority and inquire about your issue.

Hide

How do I convert the SSL certificate format?

Some servers require an SSL certificate to be in a particular format. To change the SSL certificate extension, use the free SSL Converter Tool on CheapSSLSecurity.com.

Hide

I have changed my server, or moved to a different provider; how do I move the certificate?

The easiest way is to create a new CSR on the new machine and have the certificate re-issued.

Hide

Is there a checklist of things to do before installing an SSL certificate on your server?

Before installing an SSL Certificate on your server, make sure you complete the following steps:

  • Purchase an SSL certificate from a trusted Certificate Authority
  • Complete the Generation and Validation Process
  • Save the CSR & Private Key on your PC, server, or hard drive
  • Store All Certificate files (Server Certificate, Intermediate Certificate, and Root Certificate) that you're issued by the Certificate Authority
  • Download the Intermediate bundle from the Certificate Authority (if required)

Hide

Do I require a single root or intermediate SSL certificate?

Most SSL certificates are issued by Certificate Authorities (CAs) who own and use their own Trusted Root CA certificates. GeoTrust and RapidSSL are well known to browser vendors as a trusted issuing authority so their Trusted Root CA certificates have already been added to all popular browsers establishing immediate trust. These are "single root" SSL certificates. RapidSSL is a subsidiary of GeoTrust and owns the Equifax roots used to issue its certificates.

Some CAs don't have a Trusted Root CA certificate present in browsers or don't use the root they own. Instead they gain trust for their SSL certificates by using a "chained root." A "chained root" SSL certificate is issued by a CA with a Trusted Root CA certificate and basically "inherits" the browser recognition of the Trusted Root CA. It's more complicated to install chained root certificates and not all web servers are compatible with them.

CAs who have and use their own Trusted Root CA certificate already present in browsers are known to be stable, credible companies with direct and long-established relationships with all the popular browsers like Microsoft and Netscape.

Hide

How do I install an SSL Certificate?

The installation process for an SSL certificate will be different for various web servers and devices. Here's a list of SSL certificate installation guides; select your server name, perform the recommended steps and complete the installation process in minutes - SSL Certification Installation Guides.

Hide

How do I check to see if my SSL certificate is properly installed?

To check installation of the SSL Certificate, use our free SSL Checker Tool and click here.

Hide

Is technical support available from the CA should I need it?

All CAs provide some form of support but you'll want to know if it includes web-based, email, phone support or some combination. You also want to know if there's an extra fee for phone support as some CAs charge extra. Installing an SSL certificate requires you to first generate a CSR and then install your issued certificate. It's sometimes tricky so it's important that the CA provides prompt support. In most cases you can find the help you need in the extensive online knowledge bases offered by CAs but, if not, you want to be able to access their technical staff quickly and easily.

Hide

How long are your SSL certificates valid for?

FreeSSL certificates are valid for 30 days. RapidSSL certificates are valid for 1 to 3 years. Our Professional Level Certificates from GeoTrust, Thawte, Symantec and Comodo are available for up to 3 years. We will give you instructions on how to renew when your certificate expires.

Hide

How do I renew an SSL Certificate?

Renewing an SSL Certificate is very similar to the original SSL process. With renewals, users will have to purchase, generate, validate, and install the renewal SSL certificate. The benefits potential benefits with renewing an SSL certificate are discounts, additional time added, less validation requirements, and confidence that your SSL is properly configured before your website goes down.

Hide

When renewing an SSL Certificate, will the Certificate Authority ask for documents again to complete the domain verification process?

Depending on the Certificate Authority, previous validated documents can be used to complete or expedite the renewal process. However, if any certificate details change or any information becomes outdated, additional documents may be required.

With Extended Validated (EV) SSL certificates, Certificate Authorities can reuse previously submitted documents if the original validation process was completed within the last 13 months. If the renewal order is generated after 13 months from the original order, new documents will be required.

With Organization Validated (OV) SSL certificates, Certificate Authorities can reuse previously submitted documents if the original validation process was completed within the last 39 months. If the renewal order is generated after 39 months from the original order, new documents will be required.

Hide

Can I use the same CSR when generating my renewal SSL Certificate?

Yes, you can use the old CSR when generating the renewal SSL Certificate, however, the older private key that will be used to install the renewal certificate is considered less secure, so this is not ideal for security reasons. We recommend creating a new CSR and Private Key when completing the renewal process.

Hide

What is a Code signing Certificate?

Code Signing Certificates are like digital "shrink-wrap" for software/application/files, which allows publishers to distribute their work safely & securely over the internet. These certificates provide confidence to the end-user since no code or content can be maliciously altered or tampered with for fraudulent use. Our Code Signing Certificates can secure the following platforms:

Desktop/web Based Platform:

  • Java Applets
  • Microsoft Authenticode (32-Bit & 64-Bit)
  • Microsoft Office Documents files (.doc, .xls, .ppt, etc…), other files (.exe, .dll, .xpi, .ocx, .cab, .msi, etc…)
  • Apple MAC software
  • Microsoft VBA Objects & Software
  • Adobe Air Files

Mobile Based Platform

  • Java Mobile Software/Apps
  • Android Apps
  • iOS Apps
  • Windows Mobile Apps
  • Brew Apps

Hide

Which platforms can a code signing certificate secure?

A Code Signing Certificate can secure the following Desktop/web and mobile based platforms.

Desktop/web Based Platform:

  • Java Applets
  • Microsoft Authenticode (32-Bit & 64-Bit)
  • Microsoft Office Documents files (.doc, .xls, .ppt, etc…), other files (.exe, .dll, .xpi, .ocx, .cab, .msi, etc…)
  • Apple MAC software
  • Microsoft VBA Objects & Software
  • Adobe Air Files

Mobile Based Platform

  • Java Mobile Software/Apps
  • Android Apps
  • iOS Apps
  • Windows Mobile Apps
  • Brew Apps

Hide

It is possible to secure E-Documents/files using Code Signing certificate?

Yes, Code Signing Certificate allows users to secure Microsoft Office documents files such as .doc, .ppt, .xls, etc…, Adobe air files & documents along with other Microsoft files such as .exe, .dll, .cab, .msi, .xpi, .ocx, etc…

Hide

How many days it will take to issue a Code signing Certificate?

Certificate Authorities typically take 1-3 business days to complete the authentication process for Code Signing Certificates. Customers must make sure to cooperate with all industry requirements and submit all required legal documents if required.

Hide

Can a Code Signing Certificate secure Android and Apple devices?

Yes, Code Signing Certificates can secure Android and Apple iOS Applications.

Hide

What are formats of Sub-domains I can secure using a wildcard SSL Certificate?

A Wildcard SSL certificate is used to secure the Root domain and an unlimited number of accompanying sub-domains. It delivers the same 256-bit encryption security across all of your sub-domains. Wildcard SSL Certificates are highly recommended to secure Blogging, CMS (Content Management System), News and Article, and Press Release platforms.

To secure sub-domains, a user needs to buy a Wildcard SSL certificate, and then when filling out the CSR use an asterisk in the place of the domain level the sub-domains reside at—for example, *. domain.com for first-level sub-domains.

This will secure an unlimited number sub-domain at the specified domain level.

Here's an example of different kinds of first-level sub-domains a user can secure using wildcard SSL:

  • www.example-domain.com
  • example-domain.com
  • blog.example-domain.com
  • news.example-domain.com
  • login.example-domain.com
  • user1.example-domain.com
  • anything.example-domain.com

Hide

Is it possible to secure *.*.domain.com with Wildcard Certificate?

Most wildcard SSL users are aware of its main feature, as it is used to secure unlimited first level sub-domains. But a Wildcard can also be used to secure second level sub-domains as well.

Let's look at an example

What if a user wishes to secure user-unlimited.blog.domain.com using a Wildcard SSL Certificate? The answer is, he need to buy the wildcard SSL for *.blog.domain.com.

This will allow the user to secure following formats of second level sub-domains.

  • User1.blog.domain.com
  • User2.blog.domain.com
  • User3.blog.domain.com
  • Usern.blog.domain.com

Hide

Is it possible to add a SAN domain in a Wildcard?

No, it is not possible.

The main function of a wildcard SSL certificate is to secure unlimited sub-domains. A SAN could be a fully qualified domain (website2.net) or a sub-domain of another base domain (blog.website2.net).

So, it is simply not possible in the case of a Wildcard SSL certificate to add a SAN domain, but you can use a wildcard domain as SAN. You could also invest in a Multi-Domain Wildcard, which gives you both Wildcard and SAN functionality.

Hide

How can I generate CSR for my wildcard domain? What domain name I should use to generate the CSR?

To generate a CSR for your wildcard domain, visit our CSR Generator Tool.

Now suppose a user wishes to secure his 5 sub-domains, let's say

  • blog.example-domain.com
  • news.example-domain.com
  • login.example-domain.com
  • user1.example-domain.com
  • anything.example-domain.com

The user only needs to generate the CSR for: *.example-domain.com.

Hide

How can I secure multiple domains and sub-domains with a single certificate?

To secure multiple domains and their sub-domains using a single SSL Certificate, CheapSSLsecurity.com is offering several products known as Multi-domain Wildcard SSL certificates.

Features of Multi Domain Wildcard SSL Certificate:

  • Protect Base Domain (Root Domain)
  • Protect 25, 100 or 250 SANs (depending on CA)
  • Protect unlimited sub-domains that accompany registered SAN domains.

Certificate Authorities like Comodo, Symantec, GeoTrust and Thawte are offering Multi-Domain Wildcard SSL Certificates, which come available at either the Domain Validation (DV) or Organization Validation (OV) levels.

1.Comodo Multi Domain Wildcard certificates

  • Comodo Positive Multi Domain Wildcard SSL (DV SSL)
  • Comodo Multi-Domain Wildcard SSL (OV SSL)
  • Comodo Unified Communication (UCC) Wildcard SSL (OV SSL)

2.Symantec Secure Site Multi Domain Wildcard SSL

3.Symantec Secure Site Pro Multi Domain Wildcard (ECC Encryption Enabled)

4.GeoTrust True BusinessID Multi-Domain Wildcard

5.Thawte SSL Web Server Multi-Domain Wildcard

Hide

How Does Wildcard SSL work for second-level sub-domains?

If a customer's buys a wildcard SSL certificate for *.example-domain.com, it is securing first-level sub-domains. But if a customer buys wildcard SSL for *.blog.example-domain.com, then the wildcard will be securing second-level sub-domains.

Just like with first-level sub-domains, the wildcard SSL will also work for second-level sub-domains.

By purchasing a wildcard SSL certificate for *.blog.example-domain.com, the user can secure second-level sub-domains as we explained in Questions 2.

Hide

I want to secure my domain and two sub-domains; do I need a wildcard SSL or should I just purchase three domain validated SSL certificate?

Either one works, it frankly comes down to cost and what validation level you're looking for. If you're only going to be securing two sub-domains it may actually be cheaper in some cases to purchase single domain certificates. Keep in mind, this will mean installing three certificates and keeping track of three renewal dates though. Likewise, if you're looking to purchase Extended Validation SSL, then you will need to purchase single domain certificates as Wildcards are not available at the EV level. In most other cases though, it may still be less expensive (and involve less administrative burden) if you opt for the wildcard. Not to mention that if at any point during the lifespan of your wildcard certificate you should choose to add more sub-domains, you'd simply need to re-issue and you would have encryption for the new sub-domains as well. It all depends on your specific situation.

Hide

Can I use the same wildcard SSL certificate for different IP address and physical servers?

Yes, a user can use the same wildcard SSL Certificate with the same CSR and Private Key on different IP addresses and physical servers.

The limits on the number of physical servers and IP addresses you may use your certificate on depends on the Certificate Authority.

Certificate Authorities like Comodo, GeoTrust, RapidSSL, and Thawte offer wildcard SSL certificates with an unlimited server license policy. So, the customer does not need to face any hassle when installing a wildcard SSL certificate on multiple IP addresses and physical servers.

If you go with a Symantec Wildcard SSL Certificate, you are limited to a single server license. That means if you wish to use the certificate on another server or IP address, you need to purchase one more server license from Symantec.

Hide

How can I use a Multi-domain SSL Certificate?

A Multi-domain SSL Certificate comes with a SAN (Subject Name Alternative) feature, which allows a user to secure up to 25, 100 or 250 different domains.

Note: The numbers of SAN domain are depending on the Certificate Authority.

So, if you wish to secure 10 fully qualified domains under a single Multi-Domain SSL certificate, you need to buy a Multi-Domain SSL Certificate and 9 SAN domains. Most Multi-Domain certificates come with 2-4 SANs packaged along with them, but you will have to purchase additional SANs as needed.

Using a SAN certificate the user can secure following types of domains:

  • www.example-domain.com
  • example-domain.com
  • example-domain2.net
  • blog.example3.org
  • anydomain-name.com

Hide

What is the number of multiple domains I can secure with a Multi-Domain/SAN/UCC certificate?

The number of domains that a Multi-Domain Certificate can secure varies by Certificate Authority:

  • Comodo recently announced that it had raised its SAN limit to 250.
  • GeoTrust Multi-Domain SSL Certificates allow for 100 different domains to be encrypted.
  • Symantec and Thawte only allow 25 SANs per certificate.

Hide

Can I add a wildcard domain as SAN domains?

Yes, a customer can add a wildcard domain as a SAN. In answer 1 we discussed all of the various formats of domains a customer can secure with a Multi-Domain Certificate.

Hide

Is a Multi-Domain SSL certificate mandatory to secure Microsoft Office Communication and Exchange server?

Originally, in order to enable maximum security for Office Communication and Exchange Server users, Microsoft partnered up with a few public X.509 SSL Certificate authorities (CAs) to create UCCs (Unified Communications Certificates).

Nowadays, as SSL technology has advanced Microsoft Servers can use just about any Multi-Domain certificate—not just UCCs. Still, we sell a selection of Microsoft-suggested certificates to help you secure MS Exchange and Office Communications servers.

UCC SSL Certificates that CheapSSLsecurity.com offers:

  • Comodo Domain validated UCC SSL
  • Comodo Unified Communication SSL
  • Comodo UCC wildcard SSL
  • Thawte Web Server SSL
  • GeoTrust True BusinessID Multi Domain
  • Symantec Secure Site SSL
  • Symantec Secure Site Pro SSL

The following Microsoft Article will help users to learn more about UCC SSL and Microsoft Office communication & Exchange server security - https://support.microsoft.com/en-in/kb/929395.

Hide

Can I use a Multi-Domain (SAN) SSL certificate on multiple IP addresses and physical server?

Certificate Authorities (CAs) like Comodo, GeoTrust and Thawte offer SSL certificates with unlimited server license policy. That means if you have purchased an SSL Certificate from Comodo, GeoTrust or Thawte, you can add it to any number of servers and IP addresses.

However, in the case of Symantec, there is no multiple server license policy, so you can only install your certificate on a single server. If you want to install your SSL Certificate on another server then you need to purchase a new server license.

Hide

Will the issuing Certificate Authority provide site seals for all my SAN domains?

Yes, Certificate Authorities offers Site Seals for all your SAN domains. So, you can activate site seals on all your SAN domains.

Hide

Next

Site Reviews

Janusz CzeropskiMay. 2017

Rating

"Cheapsslsecurity is really flexible product for company starters including long term companies. Cheapsslsecurity offers affordable SSL Certificates. Which are really great product. Myself, I use Wildcard SSL by Comodo over a year with zero issues which is really surprise for so cheap Wildcard SSL. I would recommend this product to anyone."

Rating

Raed NeshiewatMay. 2017

Rating

"Very fast delivery. Installation was easy with no problems. If you are installing a wildcard SSL certificate on cPanel, you need to specify the actual domain name, don't try to install it on *.domain.com , you have to install it on each subdomain such as admin.domain.com, shop.domain.com,..etc. Use the same certificate for each subdomain you install. Good luck!"

Rating

Connect with us:

99.9% Browser Support:

Browsers

We Accept:

Payment

Create more trust with the most globally recognized SSL brand.

from $229.16/yr

Get the cheapest prices on a flexible SSL solution from a world leader.

from $4.99/yr

Get SSL security solutions from a leading & trusted worldwide brand.

from $37.46/yr

SSL & code signing solutions at the lowest & best price.

from $29.00/yr