SSL Certificates

GalaxyHostPlus SSL Store

What is SSL?

SSL, which stands for Secure Sockets Layer, is a cyber-security protocol that digitally encrypts information sent from a browser to a server. SSL certificates are used to protect sensitive information like credit card numbers, usernames, passwords, email addresses, and more. A website with an SSL certificate is identified using a number of trust indicators, like “https” and the padlock icon in the browser bar, a site seal from a reputable Certificate Authority (CA), and a green bar that wraps around the URL on more premium certificates.

What is an Extended Validation (EV) SSL Certificate?

EV stands for Extended Validation and is the most premium type of SSL certificate available. These certificates are identified on websites mainly by the green address bar, the most universally recognized symbol of trust on the web. EV certificates are becoming more and more commonplace in the industry, especially amongst ecommerce sites, as they are used by some of the most trusted sites in the world like Bank of America, Twitter, Paypal, and more. These certificates require that a company complete a thorough vetting process before being issued.

What is a Wildcard SSL certificate?

Wildcard SSL certificates can cover one main domain name (www.domain.com) and an unlimited amount of subdomains (mail.domain.com, login.domain.com, test.domain.com, etc.).

What is the difference between Wildcard and SAN/Multi-Domain functionality?

Wildcard SSL certificates can cover one main domain (www.domain.com) and an unlimited amount of subdomains (mail.domain.com, login.domain.com, test.domain.com, etc.). Multi-domain (SAN) SSL certificates can cover multiple domains on just one certificate. For example, Symantec and Thawte multi-domain certificates can cover up to 25 domains, whereas Comodo certificates can cover up to 100 domains with just a single SSL certificate. GeoTrust multi-domain certificates can cover anywhere from 25 to 100 domains, depending on the type of certificate you order.

What is the difference between SHA-1 and SHA-2?

SHA stands for Signature Hashing Algorithm. It’s a mathematical hash that proves the authenticity of the certificate. SHA-1 is an older version of the algorithm that is no longer seen as secure by industry experts and major browsers and is not allowed to be used during the generation process any longer by the industry. SHA-2 is the latest version that is widely accepted and viewed as secure by all major browsers and industry experts. The hashing algorithm of your CSR has no relevance to what hashing algorithm is used on the certificate.

Which SSL brands are most trusted & secure?

All of the Certificate Authorities (CAs) that we carry are leaders in the industry and trusted across the world. Symantec is the largest CA in the world, and their Norton Trust Seal is the most recognized symbol of trust across the web. Their name definitely adds the most value of any CA in the industry. Additionally, GeoTrust, Thawte, RapidSSL, Certum, and Comodo are all trusted and secure CAs.

What is browser ubiquity or browser recognition?

Browser ubiquity or browser recognition basically means how many browsers recognize an SSL certificate and properly display the trust indicators. So, the higher the browser ubiquity of an SSL certificate, the more browsers that recognize and accept it.

Where do I get my Intermediate certificate?

An intermediate certificate will be emailed to you along with your SSL certificate. You can also download the intermediate certificate from the vendor’s website, which is something that can be done if you didn’t receive the intermediate via email. This is also sometimes referred to as the “CA Bundle.” It is also important to note that some certificates have multiple intermediate certificates.

What is the difference between 128- and 256-bit security?

That is the difference between the key lengths used once an SSL connection has been established in the browser. 256-bit security is indeed a bigger key however that does not necessarily mean it is more secure. Experts and research agrees that 128-bit is equally secure for the foreseeable future. The only reason 256-bit security is needed is if it’s specifically required by your industry or company policy.

All our certificates have the ability to use either bit-length, which one you use is a matter of server configuration, NOT certificate support.

What is a Domain Validated (DV) SSL Certificate?

A Domain Validated (DV) SSL certificate is a quick and easy way to secure a domain, as the Certificate Authority (CA) issuing the certificate only requires verification that the recipient actually owns the domain they wish to cover. This verification process can typically be completed in a matter of minutes. However, these certificates offer little in the way of SSL recognition, so they are recommended for websites where visitor trust is not of high importance and information like usernames, passwords, or credit card information is not required.

How can I get a Green Address Bar for my website?

The only way to get the green address bar on your website is with an Extended Validation (EV) certificate. These are the only type of SSL certificate that come with the green address bar.

What certificates offer www and non-www coverage?

All major SSL Brands like GeoTrust, RapidSSL, Symantec, Thawte & Comodo offers coverage for www and non-www. As long as the certificate is generated with www as the common name, the non-www version will automatically be covered.

How can I use 256-bit encryption?

256-bit encryption is a server configuration. This has nothing to do with the certificate itself, it is based on your server configuration. To learn this, you should seek information provided by your webhosting platform or operating system. They will inform you how to set this encryption strength up.

I'm a Sole Proprietor, can I still qualify for an OV/EV certificate?

Sole Proprietors outside of the U.K. can qualify for both OV and EV certificates. However, Sole Proprietors located in the United Kingdom or UK Partnerships cannot qualify for EV certificates, but are eligible for OV certificates, with additional documentation required.

Can I see which Certification Authorities have their own Trusted CA root present in browsers?

Yes, the brands that we provide all have their roots included in modern devices and browsers. They all feature 99% or better compatibility, or browser ubiquity.

How long are your SSL certificates valid for?

Our SSL certificates can be valid from anywhere to 1-3 years, depending on the certificate you choose to purchase. Per the Certificate Authority/Browser (CA/B) Forum, the governing body of the SSL industry, EV certificates can only be issued for a maximum of 2 years. DV and OV certificates from Symantec, GeoTrust, Thawte, Comodo, Certum and RapidSSL can be issued for a maximum of 3 years.

Can I use SSL to cover an internal domain?

You can use SSL to cover an internal domain if it is an officially registered domain (a publically available FQDN). If the internal domain is not a delegated and registered domain, the certificate will not be issued.

How many domains can I secure with a Multi-Domain SSL Certificate?

This largely depends on the type of Multi-Domain SSL certificate that you purchase. Comodo Multi-Domain certificates can cover up to 100 additional domains. Symantec and Thawte certificates can cover up to 25 additional domains. GeoTrust Multi-Domain certificates can cover anywhere between 25-100 additional domains, depending on the certificate.

Single Domain SSL

What is an Organization Validated (OV) SSL Certificate?

An Organization Validated (OV) SSL certificate requires that a business complete a light vetting process by the Certificate Authority before being issued. These certificates are a nice middle-ground between DV and EV certificates, as they aren’t as expensive as EV options but still offer more SSL and trust indications than basic between DV and EV certificates. These certificates typically take between 2-3 days to be issued.

Can I qualify for an EV certificate?

The main criteria for qualifier for an EV certificate would be that your business is an official company registered with a government authority. Also, if you’re a Sole Proprietor or a Partnership registered in the U.K., you cannot qualify for any EV SSL certificate.

What is a Multi-domain or SAN certificate?

Multi-domain or SAN (Secure Alternate Name) SSL certificates can cover multiple domain names on just one certificate. For example, Symantec and Thawte multi-domain certificates can cover up to 25 domains, whereas Comodo certificates can cover up to 100 domains with just a single SSL certificate. GeoTrust multi-domain certificates can cover anywhere from 25 to 100 domains, depending on the type of certificate you order.

What is the difference between 1024- and 2048-bit key lengths?

These key lengths refer to the strength of the private key. You can think of it as the size of the cypher being used to encode your messages. Obviously, 2048-bit private keys are exponentially more secure than 1024-bit ones and are the new standard across the industry and are required during the generation process.

What is a Certificate Authority and what is your relationship to them?

A Certificate Authority (CA) is the company that actually issues the SSL certificates. Symantec, Thawte, GeoTrust, RapidSSL, Certum, and Comodo are all CAs, for example. We are a reseller of these CAs, meaning that we are able to offer the exact same certificate that you would get from buying direct, but at much lower prices. We are hooked up to the API of these CAs, which is how we are able to offer the exact same products. Because we buy in bulk, we are able to offer them at the significant discounts that you see. We also offer dedicated SSL support for every certificate we offer and can help walk you through the entire process, from purchasing to generation to issuance to installation and more.

What is the SSL certificate warranty?

An SSL certificate warranty covers any damages that you may incur as a result of a data breach or hack that was caused due to a flaw in the certificate. The warranties range in value, which means that the higher value certificates come with more extensive warranties.

What is an Intermediate certificate?

An intermediate certificate is a file that helps the web browser identify who issued your SSL certificate. It is not required, but it is HIGHLY recommended that you install it along with your server SSL certificate in order to have full compatibility with all browsers and mobile devices.

What if I can only use one certificate file?

If your hosting platform or company tells you that you can only use one certificate file, then you can combine your server certificate with the intermediate file.

What is a UC Certificate (UCC)?

UC stands for Unified Communications and is a newer type of SSL certificate that is designed and primarily used for securing Microsoft Exchange 2007 and Microsoft Office Communications Server 2007 products. The main difference between a UCC SSL and a standard Multi-Domain certificate is that a UCC can secure both internal network names and external domain names as well.

What is Multi Domain Wildcard SSL?

A Multi-Domain Wildcard SSL certificate can secure multiple domains and all of their associated subdomains. Basically, this certificate combines multiple wildcard domains into one certificate.

Comodo PositiveSSL Certificate

  • For a fast website security solution, the Comodo Positive SSL certificate is the answer for you. This domain validated (DV) certificate offers industry standard encryption at an unbelievable price. Plus, this certificate comes backed by the Comodo brand, one of the most trusted names in internet security. As a basic SSL certificate, the Comodo Positive SSL is an excellent solution for internal domains and other domain names where you need fast and simple security without having to worry about injecting much trust into the site. View Full Product Details

10 /Year

RapidSSL Certificate

  • A standard, yet popular Domain Validated (DV) certificate due to its low cost and rapid issuance process. With 99% of browser recognition and its encryption strength of 256-bit, it’s an ideal solution for protecting a single, entry-level site. View Full Product Details

15 /Year

Certum Commercial SSL

  • Provides a quick and simple solution to protect customer’s information from falling into the wrong hands with this Domain Validated certificate. By securing the connection in 256-bit encryption, your customer can rest assured that all transmitted and received information is secured, and you can showcase this security to your clients by having the CERTUM seal present on your site. View Full Product Details

16 /Year

Comodo Essential SSL Certificate

  • This is a quick and cost-effective certificate that will secure your customer transactions. The main feature of the certificate is the speed of issuance, it is ideal for very light ecommerce websites. View Full Product Details

19 /Year

Thawte SSL123 Certificates

  • Thawte is one of the most respected names in the SSL industry. This domain validated certificate offers a combination of trust, security and speed. It can be issued within minutes and offers a dynamic seal that can be viewed on your website. View Full Product Details

39 /Year

Comodo SSL Certificate

  • This domain validated certificate can be issued in minutes. On top of encryption, this certificate will show your customers that your site has been vetted by a leading internet security specialist, so they’ll know it’s safe to do business with you. This certificate comes with dynamic site seal and unlimited server licensing. View Full Product Details

66 /Year

GeoTrust QuickSSL Premium Certificate

  • The most convenient and cost effective solution that covers one fully qualified domain name (www or non www). These certificates are domain validated and can be issued within minutes. This certificate offers a dynamic site seal and unlimited server licensing. View Full Product Details

78 /Year

Multi Domain SSL

thawte SSL Web Server Certificates

  • These organization validated certificates allow your customers to see that your business was verified by one of the most trusted names in internet security. This certificate is recommended to medium sized ecommerce sites and comes with a dynamic site seal. View Full Product Details

89 /Year

Comodo Multi-Domain SSL Certificate

  • With this certificate you can cover up to 100 domains with just one certificate. In addition to SAN support, this certificate offers a dynamic site seal and unlimited server licensing. This multi-domain certificate is an excellent option for small to medium sized companies that want to make managing and provisioning their domains as simple as possible. View Full Product Details

140 /Year

Domain Validated UCC SSL

  • As a Unified Communications certificate, this product has been designed exclusively for Microsoft Exchange 2010 as well as Office Communications Server 2007. This certificate also offers SAN support, a static site seal and unlimited server licensing. View Full Product Details

224 /Year

Comodo Unified Communications Certificate

  • This single SSL certificate can provide secured communications on many different domains, both internal and external, which will reduce the complexity of your server security administration, along with reducing cost. View Full Product Details

140 /Year

Thawte SSLWebserver EV

  • This certificate offers the highest industry standard for authentication as well as an encryption of up to 256-bit. Having the green address bar on your website ensures customers that you are a trustworthy business and have taken the steps to secure transactions on your website. View Full Product Details

209 /Year

GeoTrust True BusinessID with Multi-Domain

  • This certificate comes with five total domains and customers have the ability to add additional domains in packs of five up to 100 domains. Also ideal for shared hosting environment, this Unified Communications Certificate offers full business validation, SAN support, a dynamic site seal and unlimited server licensing. View Full Product Details

285 /Year

Comodo Multi-Domain Wildcard SSL Certificate

  • By far the most flexible certificate in the industry, protect not only multiple domains, but also unlimited subdomains on the domains with this Organization Validated (OV).Other features include 1 year of CI scanning, 1 year of website vulnerability scanning, and a 99.9% browser recognition rate. View Full Product Details

374 /Year

Domain Validated UCC SSL

  • As a Unified Communications certificate, this product has been designed exclusively for Microsoft Exchange 2010 as well as Office Communications Server 2007. This certificate also offers SAN support, a static site seal and unlimited server licensing. View Full Product Details

224 /Year

Geo Trust True Business ID With EV Multi-Domain

  • This EV certificate comes bundled with five total SANs, and you have the option to purchase more SANs, in packs of five, up to 25. Users are quickly learning to associate the green address bar with reputable companies that are safe to do business with. This certificate not only gives you the green address bar, bust also a dynamic site seal and unlimited server licensing. View Full Product Details

447 /Year

Symantec Secure Site Pro

  • Secure your site with the Norton Secured Seal, backed by the world renown Symantec brand. This top-of-the-line Organization Validated (OV) certificate provides peace of mind by securing your site with 256-bit encryption, along with daily malware and vulnerability scans, plus compatibility for 99.9% of browsers. You can also take advantage of ECC encryption, the lightest and fastest encryption technology in the industry. View Full Product Details

1004 /Year

Symantec Secure Site with EV

  • This certificate is a true investment in the security, trust, and overall appeal of your website. You will get tremendous value for your dollar and increase customer conversions with the Norton Secure Seal, green address bar, and additional features like daily malware scanning, vulnerability assessments, and Symantec's Seal-in-Search technology. View Full Product Details

1088 /Year

Symantec Secure Site Pro with EV

  • The most feature-rich Extended Validation (EV) certificate in the whole industry. This premium certificate provides not only security, but also the green address bar in conjunction with the Norton Secure Seal. Also, as a more total web security solutions, this cert comes with extensive daily malware and vulnerability scans, along with ECC encryption – the lightest and fastest encryption technology in the industry, available exclusively with Symantec Pro products. View Full Product Details

1544 /Year

Wildcard Domain SSL

CERTUM Commercial SSL WildCard Certificate

  • Offers a simple and quick solution that will not only encrypt your primarily domain, but all the subdomains associated with this domain on this Domain Validated (DV) certificate. Customers will shop at ease knowing that your site is 256-bit encrypted, especially when they see the CERTUM seal present on the domain. View Full Product Details

92 /Year

Comodo EssentialSSL Wildcard Certificate

  • This certificate will secure an unlimited number of subdomains which makes management and provisioning very easy. This wildcard certificate will provide you with unlimited server licensing, along with a static site seal. View Full Product Details

119 /Year

Comodo PositiveSSL Wildcard Certificate

  • Looking for a way to quickly and easily get the valued "https" displayed on a main domain and all of your subdomains? Then the Comodo Positive SSL Wildcard is the certificate for you. Speed and reliability are two adjectives that come to mind when describing this certificate. That’s because this wildcard certificate is a basic, Domain Validated (DV) certificate and can be issued in mere minutes. Also, with 99.3% browser recognition and solid mobile compatibility, the Comodo Positive SSL Wildcard can be relied on by most light ecommerce websites. View Full Product Details

113 /Year

RapidSSL Wildcard Certificate

  • This is a very popular wildcard certificate, as it offers full 256-bit encryption for one main domain and an unlimited amount of associated subdomains. Plus, being a Domain Validated (DV) certificate, it can be issued in a matter of minutes. View Full Product Details

164 /Year

Comodo PremiumSSL Wildcard Certificate

  • This certificate offers the dynamic Comodo site seal and unlimited server licensing. You will also be able to secure one domain and of your subdomains. This wildcard certificate is an excellent option for medium-sized companies and ecommerce sites that wish to bolster the trust their users will have with them. View Full Product Details

231 /Year

Comodo Wildcard SSL Certificate

  • Are you looking to secure one main domain, along with all of your subdomains? If so, then the Comodo Wildcard SSL certificate is an excellent option. With just one certificate, you can cover your main domain (www.domain.com) and as many subdomains as you need (mail.domain.com, billing.domain.com, etc.domain.com). Also, because this is a Domain Validated (DV) certificate, the Comodo Wildcard SSL can be issued in as little as a few minutes. One of the easiest and most economical Wildcard options, this certificate is perfect for small to medium sized businesses and lower-traffic ecommerce sites. View Full Product Details

239 /Year

CERTUM Trusted SSL Wildcard Certificate

  • With the Certum Trusted SSL Wildcard certificate, you can get a premium and economical security product without breaking your budget. That's because with just one certificate, you can cover your main domain and all of your accompanying subdomains. Additionally, because this is an Organization Validated (OV) cert, it includes a dynamic site seal that will display your validated company information, instantly assuring your online customers that you are who you say you are. This certificate will also activate "https" next to your URL and display the trusted padlock icon. The Certum Trusted SSL Wildcard certificate is perfect for any company looking to secure all of their subdomains and boost the trust of their website. View Full Product Details

164 /Year

GeoTrust QuickSSL Premium Wildcard Certificate

  • This is GeoTrust’s Domain Validated (DV) Wildcard option, which means it can be issued in just a few minutes. And since it’s a Wildcard solution – you can cover one domain and an unlimited number of subdomains. The GeoTrust QuickSSL Premium also comes with a clickable site seal, which will display time-stamped data to further add trust to a site, in addition to activating HTTPS and the padlock icon in a browser bar. View Full Product Details

419 /Year

Thawte SSL123 Wildcard Certificates

  • This Wildcard certificate is Thawte’s Domain Validated (DV) option, meaning it can be issued out in just a few minutes. The Thawte SSL123 Wildcard certificate comes from one of the most respected names in the web security industry. It will cover one domain name, like www.domain.com, and then an unlimited amount of subdomains like xyz.domain.com, mail.domain.com, thawteisgreat.domain.com, etc. This certificate also comes with a clickable Thawte Site Seal, full 128- to 256-bit encryption, and activates both HTTPS and the padlock icon in a browser bar. View Full Product Details

449 /Year

Comodo Multi-Domain Wildcard SSL Certificate

  • By far the most flexible certificate in the industry, protect not only multiple domains, but also unlimited subdomains on the domains with this Organization Validated (OV).Other features include 1 year of CI scanning, 1 year of website vulnerability scanning, and a 99.9% browser recognition rate. View Full Product Details

374 /Year

Thawte Wildcard SSL Certificate

  • This is an easy and affordable solution if you want to secure all of your subdomains that share the same base domain name. This wildcard is perfect for medium to larger-sized companies, or any business that places the highest stock in their customers’ trust and assurance. View Full Product Details

404 /Year

GeoTrust True BusinessID Wildcard Certificate

  • This certificate allows you to secure multiple fully qualified domains that share the same base domain name that is housed on the same server. This certificate is compatible with more than 99% of browsers and offers top-level encryption that's ideally suited for more robust SMB ecommerce sites. View Full Product Details

479 /Year

Symantec Secure Site Wildcard

  • Extend your security over to all of your subdomains with this Organization Validated (OV) certificate. Providing features such as the Norton Secured seal, 256-bit encryption, daily malware and vulnerability scans, and 99.9% compatibility for browsers, every part of your site will be covered and backed by the premier name in the industry - Symantec. View Full Product Details

2580 /Year

Symantec Secure Site Pro Wildcard

  • The Symantec Secure Site Pro Wildcard is the most premium wildcard solution available in the industry today. This certificate will cover one domain name (www.domain.com) along with an unlimited amount of subdomains (etc.domain.com, xyz.domain.com, symantecrules.domain.com). Aside from HTTPS, the padlock icon, full 128- to 256-bit encryption – what really sets this certificate apart from the others are two main features: the Norton Secured Seal and ECC encryption. The Norton Secure Seal is the most recognized and trusted symbol on the web and ECC is the lightest and strongest encryption technology currently available on the market. View Full Product Details

7049 /Year

EV Domains SSL

Comodo EV SSL Certificate

  • In addition to the green address bar, this certificate features a HackerGuardian Vulnerability Scan, a free site seal free PCI scanning, free daily website scanning, a post-install health check, and the "point-to-verify" Comodo trustmark. This EV certificate offers tremendous value for your dollar. View Full Product Details

186 /Year

GeoTrust True BusinessID with EV

  • This certificate comes with the highest level of security and authentication. With this EV certificate, you will get the most trusted symbol on the internet the green address bar, along with a dynamic site seal and unlimited server licensing. View Full Product Details

224 /Year

Thawte SSLWebserver EV

  • This certificate offers the highest industry standard for authentication as well as an encryption of up to 256-bit. Having the green address bar on your website ensures customers that you are a trustworthy business and have taken the steps to secure transactions on your website. View Full Product Details

209 /Year

Comodo EV Multi-Domain SSL Certificate

  • Flexibility is crucial when it comes to managing multiple sites, which is where this Extended Validation (EV) certificate comes in. By offering features such as 256-bit encryption, the green address bar, SAN support (up to 100 additional domains), and the Comodo Secured Seal, all visitors will be aware of and appreciate the level of protection offered. View Full Product Details

638 /Year

Symantec Secure Site with EV

  • This certificate is a true investment in the security, trust, and overall appeal of your website. You will get tremendous value for your dollar and increase customer conversions with the Norton Secure Seal, green address bar, and additional features like daily malware scanning, vulnerability assessments, and Symantec's Seal-in-Search technology. View Full Product Details

1088 /Year

Symantec Secure Site Pro with EV

  • The most feature-rich Extended Validation (EV) certificate in the whole industry. This premium certificate provides not only security, but also the green address bar in conjunction with the Norton Secure Seal. Also, as a more total web security solutions, this cert comes with extensive daily malware and vulnerability scans, along with ECC encryption – the lightest and fastest encryption technology in the industry, available exclusively with Symantec Pro products. View Full Product Details

1544 /Year

What SSL Actually Does for You?

SSL is the acronym for Secure Sockets Layer and is the Internet standard security technology used to establish an encrypted (or safe) link between a web server (website) and your browser (i.e. Internet Explorer, Chrome, Firefox, etc…). This secured link ensures that the data/information that is passed from your web browser to the web server remain private; meaning safe from hackers or anyone trying to spy/steal that info. SSL is the industry standard and is used by millions of websites to protect and secure any sensitive or private data that is sent through their website. One of the most common things SSL is used for is protecting a customer during an online transaction.
To establish a secured SSL connection on a web server it requires an SSL Certificate to be properly installed. When completing the process to activate SSL on your web server you will be asked to complete a number of questions to verify the identity of your domain and your company. Once properly completed, your web server will create 2 types of cryptographic keys – one is called a Private Key and the other is called the Public Key.
The Public Key isn’t a secret and it’s placed into something called a Certificate Signing Request or most commonly referred to as the CSR. The CSR is a file that contains all the data of your details. Once this CSR is generated, you can begin the SSL application process. During this process, the Certification Authority (CA) will go through the validation process to verify your submitted details and then once verified will issue an SSL Certificate with your details and allow you to use SSL. Your web server will automatically match the CA issued SSL Certificate to your Private Key. This means you are now ready to establish an encrypted and secure link between your website and your customer’s web browser.
SSL protocol is complex, but the complexities always remain invisible to your customers. Instead the browser they are using provides them with a key indicator letting them know that their session is currently protected by an SSL encryption – sometimes it is the lock icon in the lower right-hand corner, or the addition of an “s” in https rather than just http, on high-end SSL Certificates, a key indicator is the green bar in the browser. Clicking on the indicators will display all the details about it. All trusted Certification Authorities issue SSL Certificates to either legit companies or legally accountable individuals.
Generally speaking, SSL Certificates include and display (at least one or all) your domain name, your company name, your address, your city, your state and your country. It also always has an expiration date of that particular certificate and of course the details of the Certification Authority responsible for issuing the certificate. Browser connect to a secured site and then retrieves the site’s SSL Certificate and first makes sure that it has not expired, then it checks to see if it was issued by a known Certification Authority that the browser trusts, and then that it is actually being used by the website that is was actually issued to. If any one of these parameters does not check out properly, the browser will display a warning to the user to let them know that this site is not secure by SSL. It says to leave or proceed with extreme caution. That is the last thing you would want to say to your potential customer. That is why SSL is of high importance to any successful company doing business on the web.

Are All SSL Certificates the Same?

The number of businesses that use SSL have increased tremendously over the past few years and the reasons for which SSL is used has also increased, for example:
• Some businesses need SSL to simply provide confidentiality (i.e. encryption)
• Some businesses like to use SSL to add more trust or confidence in security and identity (they want you to know that they are a legitimate company and can prove it)
As the reasons companies use for SSL have become wider, three different types of SSL Certificates have been established:
• Extended Validation (EV) SSL Certificates
• Organization Validation (OV) SSL Certificates
• Domain Validation (DV) SSL Certificates
Extended Validation (EV) SSL Certificates are issued only when a Certification Authority (CA) checks to make sure that the applicant actually has the right to the specific domain name plus the CA conducts a very THOROUGH vetting (investigation) of the organization. The issuance process of EV Certificates is standardized and is strictly outlined in the EV Guidelines, which was created at the CA/Browser Forum in 2007, specifies the required steps that a CA must do before issuing an EV certificate:
1. Must verify the legal, physical & operational existence of the entity
2. Must verify that the identity of the entity matches official records
3. Must verify that the entity has the exclusive right to use the domain specified in the EV Certificate
4. Must verify that the entity has properly authorized the issuance of the EV Certificate

EV Certificates are used for all types of businesses, including government entities and both incorporated & unincorporated businesses. Takes about 10 days to issue.
A second set of guidelines are for the actual CA and it establishes the criteria to which a CA needs to be audited before being allowed to issue an EV Certificate. It is called, the EV Audit Guidelines, and they are always done every year to ensure the integrity of the issuance process.
Organization Validation (OV) SSL Certificates are issued only when a Certification Authority (CA) checks to make sure that the applicant actually has the right to the specific domain name plus the CA does some vetting (investigation) of the said organization. This additional vetted company info is displayed to customers when the Secure Site Seal is clicked on, this gives enhanced visibility to who is behind the site which in turn gives enhanced trust in the site. Takes about 2 days to issue.
Domain Validation (DV) SSL Certificates are issued when the CA checks to make sure that the applicant actually has the right to the specific domain name. No company identity information is vetted and no information is displayed other than encryption information within the Secure Site Seal. DV certs can be issued immediately.

What should I do with my private key?

Your private key should always remain private. The only person that should see your private key is your hosting company, if they ask for it. However, do not delete your private key, as it is required for your certificate to work.

Can I switch my method of Domain Control validation from Email to File, or vice versa?

You can switch your method of Domain Control validation from file-based to email-based for any SSL product that we provide. You can switch from email-based to file-based only for Comodo products.

If I buy an Extended Validation (EV) SSL Certificate, which document(s) do I need to provide?

EV certificates require a more stringent verification process than OV certificates. To understand the basis of this procedure, please refer to the above question about OV certificate verification. Please note that EV certificates require you to complete a few extra steps, including proving both physical and operational existence as well as completing a simple telephone call with the Certificate Authority (CA) directly.

I would like to change some information for my Domain Control Validation email (DCV).

If the common name needs to be changed, the only way to do so is by cancelling and reordering the certificate.

My verified phone number is outdated, what should I do?

Please contact your SSL provider and confirm what source the Certificate Authority (CA) pulled the telephone number from and then seek the proper method of updating that number or creating a new listing. Your provider should be able to advise you on how to create an appropriate listing.

Why is my order showing Failed Security Review? What does that mean?

Certificate Authorities (CA’s) randomly pull certificates aside for additional review from time to time. This does not mean you did anything wrong or that your certificate is invalid. This could also be due to an issue with your domain name. We would advise you to contact your SSL provider, who can contact the CA directly and help get this resolved quickly.

I cannot remember or have lost my login details.

If you still have the order number they can use the automated password reminder system or if not then, an email must be sent from the administrative email address on the account to support@galaxyhostplus.com . Concluding the original domain name it was purchased for, or the original order number.

What is a CSR?

A CSR stands for Certificate Signing Request and is necessary for all SSL certificates in order to complete the generation process. A CSR is generated from your server.

The CSR cannot be decoded. What does that mean and what should I do?

Make sure you have the correct file copied and not your self-signed certificate, your previous SSL, or if it is bundled as a PKCS7 or PKCS12. Or, you could have a pass-phrase that does not have alpha-numeric characters or disallowed characters. If this is the case, you will need to generate a new CSR without the disallowed characters or in the proper form. Please only use the English alphabet and numbers 0-9. For example, if the “&” symbol is included in your Organization Name, please type out “and” instead.

The CSR cannot be decoded?

This is because it is missing one or more required fields or the CSR contains non-alphanumeric characters in the required fields.

How do I add additional domains to a multi-domain/SAN certificate?

You can add additional domains to an active certificate by reissuing it.

How do I download my certificate files?

When the certificate is issued, the Certificate Authority (CA) will send an email to the Technical Contact listed on the order. That email will contain the certificate files.

Do I need a dedicated/static IP address to use an SSL certificate?

Yes, you must have a static IP address for an SSL certificate. If you do not have one, you may be able to assign one via your webserver or you may need to purchase one from your web host if you own/operate your webserver (usually only a few dollars a month).

Why does the website say the name on the security certificate does not match the name of the site?

This means that URL in the browser and the common name in the certificate are not an EXACT match (for instance, the www. is missing). Another common reason for this is the web host’s certificate is incorrectly assigned to your domain name. Or, you purchased a certificate that does not cover the specific subdomain you are looking at.

Do I need to create a new CSR to renew my certificate?

We recommend that you generate a new CSR to renew your certificate; however, if generating a new CSR proves to be challenging, you can use the original CSR and it will work. The drawback of using the original CSR is that it will be the exact same private key, so it’s a little less secure.

I purchased a renewal certificate, but my website still displays the old certificate. What should I do?

Most likely, you did not generate or apply for your renewal certificate. Think of SSL like a passport – when the old one expires you must toss it out and apply for a new one. You should be able to see in your account or via an email how to generate or apply for your new order. If you have generated, make sure that the new certificate was approved and installed in place of the old expiring certificate. If the new certificate is installed, then the issue is with the configuration. Common solutions to this problem are to restart your webserver (http server), also to uninstall/delete the incorrect/old certificate(s).

How do I download my code signing certificate?

After completing the validation process, the CA will release the certificate from their system and send a ‘collection’ or ‘pick-up’ link to the verified email address. Using the same PC which generated the order and Firefox as the browser, follow the link and download the certificate. Firefox will automatically pull the previous stored private key and install the code signing certificate. After downloading is completed, we recommend exporting the code signing certificate and private key from the browser into a PFX (.p12) file.

How do I use my platform's signing tool?

Platforms are used by developers to sign their applications using specific tools. Since each platform is different, please reference official instructions for your particular platform. The most common platforms are Microsoft, JAVA, Adobe, etc…

What should I do to expedite the validation of my order?

If you’re in a pinch and need your certificate fast, feel free to contact your SSL provider with the exact order you need expedited. They have connections with the Certificate Authorities (CAs) directly and can help make sure your urgent order is treated with top priority.

If I buy a Domain Validated (DV) SSL Certificate, which document(s) do I need to provide?

You do not need to provide any documentation in order to purchase a Domain Validated (DV) certificate. All you will need to do is confirm that you own the domain you wish to cover, either through a simple email or file-based authentication

If I buy a Code Signing Certificate, which document(s) do I need to provide?

There are two different types of validation procedures, those types being a certificate for an individual or an organization. If you apply under an organization name, please refer to the OV requirements mentioned above. If you apply as an individual developer, the Certificate Authority (CA) will require you to complete a simple form to verify your identity. This form has to be notarized by a lawyer, CPA, or public notary and you also need to provide a scan of a government issued ID and may be required to provide additional documents depending on the CA.

My File Authentication file has been uploaded to the wrong directory. What should I do?

Please upload your file to the correct directory. To make sure the authorization is successful make sure the file is viewable at both yourdomain.com/file and subdomain.yourdomain.com/file.

How long will validation take?

This largely depends on the type of certificate that you purchased and your response times. No matter which type of certificate that you purchase, the Certificate Authority (CA) will be contacting you directly and will only proceed with next steps upon your response. For Domain Validated (DV) certificates, these can typically be issued in a matter of minutes to one business day. For Organization Validated (OV) certificates, these tend to take around 2-3 business days to be issued. And for Extended Validation (EV) certificates, these usually take between 3-5 business days to be issued.

I completed validation, but never received the certificate. What should I do?

After completing validation, the Certificate Authority (CA) will send the certificate to the email address you provided as your technical contact. If, for whatever reason, the technical contact does not receive the email, please contact your SSL provider after checking your Spam and Junk Mail folders.

I have accidentally deleted my "private key" what can I do now?

First check your backups and see if you can re-install the “private key”. If you don’t know how to re-install the key from your backups, contact your systems administrator. Failing that, contact your web server software vendor for technical support. The only alternative course of action available is a re-issuance of the certificate following the re-submitting of a replacement CSR.

How do I generate a CSR?

Please consult official documentation for your server, operating system, or control panel. Most documentation can be found online through a simple Google search.

What should I do if I receive a 'CSR invalid' error during the certificate activation process?

If this happens, your common name is not appropriately formatted for your type of certificate (wildcard certificates should use *.domain.com, for example) or you could also have disallowed characters in other fields. Please create a new CSR that only use the English alphabet and numbers 0-9. For example, if the “&” symbol is included in your Organization Name, please type out “and” instead.

I entered in the wrong common name, how do I change it?

You will need to reissue your certificate and generate a new CSR.

How can I install my SSL certificate on more than one server?

First, check your certificate license. There are two methods to install your certificate on multiple servers. The first method is to import the certificate, private key, and intermediate files on server #2, #3, etc. Or, create a new CSR and key file on server #2, #3, etc. and reissue the active certificate.

My browser is not showing the green padlock/green bar, why?

There are several reasons why this could be occurring or a combination of several. The four most common reasons are:

  1. Insecure content, which means there are HTML elements on your site being explicitly linked by http. This would need to be updated via your system administrator.
  2. Missing or invalid intermediate chain. Your certificate is issued from an intermediate file. Make sure that you install this alongside your certificate on your server. If you do not have this file please contact your SSL provider.
  3. Your certificate is issued with the SHA-1 hashing algorithm. Browsers no longer trust this algorithm. You will need to reissue with SHA-2.
  4. It is the incorrect certificate. Sometimes your old expired certificate or a certificate provided by your hosting company or a self-signed certificate is installed on your site. You will need to identify the source of the incorrect certificate and contact that party to resolve the issue.

Why does the website say the SSL certificate is 'Untrusted'?

This is more than likely because the intermediate certificates were never installed. Installing them should resolve this error. Below you will find links on where to locate and install your intermediate certificate, depending on the Certificate Authority that issued the cert. Or you can always contact your SSL provider.

Do I need to provide my business verification document again for renewing my OV/EV SSL certificate?

Depending on the certificate details submitted with your renewal, the Certificate Authority (CA) may be able to use some previously validated information/documents. If this is an EV order, certificates validated more than 13 months are required to complete full business validation again, including providing new documentation. For OV orders, the CA can reuse previous validated information up to 39 months from the original order. Please note that if any details of your organization change, you may be required to provide additional documents.

What is a Code Signing Certificate?

A code signing certificate is technically not an SSL certificate. It is a certificate-based digital signature algorithm that verifies a piece of code has not been altered or corrupted since it was signed by the author. You can think of it as “digital shrink-wrap” that verifies code is authentic, increasing customer trust and willingness to download and install it. All major operating systems like Windows, Apple OS X, and Linux support code signing and use it themselves to ensure malicious code can’t be distributed through the patch system.

Why can't I download my code signing certificate?

The issue lies with either one, two or a combination of both things. First, make sure you are using Firefox as your default browser. If this browser is not used properly, you will receive an error message. Second, please make sure you are using the same PC which generated the order. If you are using a different PC, the certificate will not be able to download because the corresponding private key is missing.

What platforms can I sign for?

The platforms that can be signed for are as follows:

  • Windows 8
  • Any Microsoft format (32 and 64 bit), EXE, OCX, MSI, CAB, DLL, and kernel software
  • Adobe AIR applications
  • JAVA applets
  • Mozilla Object files
  • MS Office Macro or VBA (Visual Basic for Applications) files
  • Apple Mac software for MacOS 9 and OSX
  • Microsoft Silverlight applications or XAF files

How do I know what my Control Panel/Server OS is?

If you are unsure what your Control Panel/Server OS is, we recommend that you ask your web hosting provider or your IT department.

If I buy an Organization Validated (OV) SSL Certificate, which document(s) do I need to provide?

Organization Validated (OV) verification requires checking your business registration. If the Certificate Authority (CA) can verify this information using online government databases, no additional documents will be required. However, if the online filings are not available or inaccurate or not up to date, the CA may request additional official government registration documents, which vary on a case-by-case basis. A Dun & Bradstreet listing can usually satisfy most of the requirements for an OV certificate.

I haven't received my Domain Control Validation email (DCV) yet. What should I do?

There are a few reasons why this might be the case. First, verify what email address you have chosen for the Doman Control Validation email (please note: this is different from the contact information provided during the generation process). If you need to change your DCV email, you can use any email on the Whois registration for that domain or one of the five following pre-approved alias email:

 

  • Admin@domain.com
  • Administrator@domain.com
  • Hostmaster@domain.com
  • Postmaster@domain.com
  • Webmaster@domain.com

 

Also, make sure to check the Spam or Junk Mail folder of your email provider.

How can I reschedule the phone verification call?

In order to reschedule this, please contact your SSL provider and provide them with your availability. Please note, not all telephone numbers are suitable. The number must be verified by the Certificate Authority (CA), so please confirm the number that the CA will be calling.

Who do I send a validation document to?

For this, we would recommend contacting your SSL provider directly. They should have a list of email addresses and other contact information for the Certificate Authorities (CAs) directly, depending on your region and what type of certificate you purchased.

Can I use the email address listed in the Whois to complete Domain Control Verification (DCV)?

Yes, you can do this for DV, OV, and EV certificates.

I have changed my server, or moved to a different provider; how do I move the certificate?

The easiest way is to create a new CSR on the new machine and have the certificate re-issued.

I have noticed something incorrect in my CSR. What should I do?

It is impossible to edit any fields once the CSR has been created. You will simply need to generate a new CSR with the correct details.

What is a private key used for?

The private key is used on the server-side exchange for creating the secure connection. It should never be exposed to your SSL provider or outside users, unless specifically requested by your web host for installation. Please note if the private key is lost or deleted, you will have to make a new CSR and private key on your server. Your private key is not provided by the Certificate Authority (CA) or your SSL provider.

Is technical support available from the CA? Should I need it?

For all technical support matters regarding your SSL certificate, you can contact your SSL provider, if needed. The CA does not provide direct support, but we will be able to help you right away, as we are more specialized. However, you can contact the CA directly for questions and support related to the actual validation process of the SSL certificate.

My certificate works in my browser, but my visitors get a Security Alert that says 'The security certificate was issued by a company you have not chosen to trust...' What is the problem?

The issue is that your visitors’ browsers are unable to properly identify who issued your certificate. First, confirm that your visitors are not seeing an incorrect or outdated certificate. Once you have made sure that your visitors are seeing the correct certificate, the issue is most likely solved by installing the intermediate certificates.

Below are the links that you can use to download your intermediate certificate from the vendor website:

When trying to go to the site over https, it displays the message 'The page cannot be displayed.' Why is that?

There are actually many reasons why this could be happening, some of which could be entirely unrelated to your certificate. So, unfortunately, we can’t give specific advice. But, we would recommend clicking on the “Details” button to get more specific information about this error from the browser.

How can I renew my SSL certificate?

A renewal is basically the same as buying a brand new certificate, “renewal” is simply an industry term that is used by all providers. So, you can go through the exact same purchasing process to renew your certificate. However, if you have access to a “renewal” option when purchasing your SSL certificate, be sure and use that so you get the remaining time rolled over from your expiring certificate to your new renewal certificate.

I paid for my renewal, (where is my certificate/why is my site not secure)?

Most likely, you did not generate or apply for your renewal certificate. Think of SSL like a passport – when the old one expires you must toss it out and apply for a new one. You should be able to see in your account or via an email how to generate or apply for your new order. If you have generated, make sure that the new certificate was approved and installed in place of the old expiring certificate.

H

How do I generate a Code Signing certificate? Do I need a CSR?

In order to utilize the in-browser controls provided by the CA, all applicants who are attempting to generate a code signing certificate must use Firefox as their default browser. If this browser is not properly used, the applicant will receive an Error Message. Due to the amazing in-browser controls provided by the CA, applicants who use Firefox as their browser will be able to automatically generate the CSR and store the private key within Firefox’s file system. This unique private key will automatically be pulled by the corresponding certificate during the installation/download process.

How do I export my certificate from my browser?

First, it is important to note that a Code Signing Certificate can only be generated and exported from Firefox. The steps for exporting your code signing certificate and private key in Firefox are as follows:

  1. Click the “Open” menu
  2. Select “Options”
  3. Click on “Advanced” or “Encryption”
  4. Under the certificate tab, select “View Certificates”
  5. Under Your Certificates, click your certificate name
  6. Once highlighted, select “back up all” and enter in your passphrase