SSL Certificate FAQs

SSL stands for Secure Sockets Layer. It is an encryption layer that encodes information that is exchanged between a client and a server, protecting the transmission of sensitive and private data.

An SSL certificate allows you to apply SSL encryption technology to your site, so that information traveling from it is encrypted. SSL certificates are expected by consumers for any site that handles sensitive information like identity information, credit card numbers, or confidential records.

An SSL certificate is a file installed on the web server that a web site is running on. This file is composed of two segments. The first is the public key, which encrypts data. The second is the private key, which decrypts data. When a client, such as a web browser, connects to an SSL secured server a unique session is created using these two keys. All data transmitted during this session is protected, and cannot be decrypted by any party other than that specific client and the server.

If your site sends or receives sensitive information, customers expect it to be secured with an SSL certificate. Many will leave your site if they see that it is not secured.

Yes you can. The domain you wish to secure doesn't need to be in your account or even registered with us.

VeriSign certificates secure one host record. To secure both the www and @ records, you can purchase two certificates or redirect one of the records to point to the other.

The GeoTrust True Business ID Wildcard certificate secures all host records except the @ record. To secure the @ record, you can purchase a separate certificate or redirect the @ record to point to the www record.

SBS certificates secure the www and @ records of a domain name. If you have additional host records (like sales.example.com) you can purchase a separate cert for each host record, or redirect the extra host records to a subdirectory (for example, redirect sales.example.com to www.example.com/sales).

Yes, all of our certificates are chained to a CA (certificate authority).

CA stands for certificate authority. A CA is the company issuing the SSL certificate.

Domain Validation certificates authenticate that the purchaser of the cert also owns (or administers) the domain name to which the cert will be applied. This lowest level of authentication also offers the lowest prices and allows you to secure your web site the most rapidly.

Organization Validation certificates receive some scrutiny to confirm the relationship between the domain name, domain owner, and the business for which the certificate will be used.

Extended Validation certificates require the certificate authority (the company issuing the certificate, such as GeoTrust or VeriSign) to perform a more extensive verification of the purchaser's business and their authority to purchase a certificate on behalf of that company. Once installed, EV certificates turn the browser address bar green to give visitors a visual cue that this is a trustworthy site.

Low assurance certificates encrypt the connection. Higher validation certificates perform the same encryption, and add peace of mind for your visitors by showing them that the certificate authority has validated your site as belonging to a legitimate business.

The green address bar gives an intuitive visual cue that your business is legitimate. The green bar is only available with Extended Validation (EV) certificates. In contrast, major web browsers have integrated anti-phishing protection so that known phishing sites will display a red address bar. Studies have shown a strong, positive impact for businesses that use EV certificates.

Functionally, all certificates with the same level of encryption perform similarly. However, for discriminating customers, branding in certificates has the same effect as designer clothing: it gives sophisiticated customers assurance that you're a sophisticated business.

To find out what SSL certificate you use, visitors simply click the lock icon in their browser's address box. A new window pops up with information about your certificate.

SSL Certificates are compatible with 99.9% of all browsers, including all major web browsers.

Yes. On your new web server, generate a new CSR for your certificate. Contact the certificate issuer with the new CSR and they will provide you with a new certificate.

Once you purchase a certificate, we can't upgrade it. However, if you need a more secure certificate immediately, you can purchase it and install it on the same web server as the old certificate. If you don't need the more secure certificate immediately, you can wait until your current certificate expires and install a more secure one at that time.

Server Gated Cryptography (SGC) was developed for legacy computers and browsers that only support 40 or 56-bit SSL encryption to "step up" to 128-bit SSL encryption. Without an SGC certificate, web browsers and operating systems that do not support 128-bit strong encryption will receive only 40- or 56-bit encryption.

Installing a certificate is not difficult, but it does involve a process that's specific to each individual web server. Certification Authorities publish instructions for generating the Certificate Signing Request (CSR) and installing the certificate.

CSR stands Certificate Signing Request. A CSR is a special key generated by a web server using that server's unique private key. The CSR is sent to the certificate issuer, which generates the final certificate.