Symantec
GeoTrust
Thawte
Digicert
Entrust
Malware FAQ
Symantec's Frequently Asked Questions
Q: What is Secure Sockets Layer (SSL)?
A: The Secure Sockets Layer protects data transferred over http using encryption enabled by a server's SSL Certificate. An SSL Certificate contains a public key and a private key. A public key is used to encrypt information and a private key is used to decipher it. When a browser points to a secured domain, an SSL handshake authenticates the server and the client and establishes an encryption method and a unique session key. They can begin a secure session that protects message privacy and message integrity. For a detailed description of what Secure Socket Layer is, please visit our "What is SSL" page.
Q: What encryption strength do I need for my Web site?
A: Best security practices are to install a unique certificate on each server and choose a True 128-bit Certificate by purchasing a Server Gated Cryptography (SGC)-enabled SSL Certificate. A unique certificate keeps your private keys protected, and an SGC-enabled certificate ensures that every site visitor, no matter what browser or operating system they use, connects at the highest level of encryption their system is capable of. You need 128-bit or better encryption if you process payments, share confidential data, or collect personally identifiable information such as social security or tax ID number, mailing address, or date of birth. You need 128-bit or better encryption if your customers are concerned about the privacy of the data they send to you.
Q: What is Server Gated Cryptography (SGC)?
A: Prior to January 2000, U.S. government restrictions on U.S. vendors prevented the export of "strong" cryptography. As a result, many people purchased computers with operating systems and/or used export version browsers that supported only 40- or 56-bit SSL encryption. "Server Gated Cryptography" ("SGC") was developed to enable those restricted computers and export version browsers to "step up" to 128-bit SSL encryption. Without an SGC certificate on the Web server, Web browsers and operating systems that do not support 128-bit strong encryption will receive only 40- or 56-bit encryption. Users with the following browser versions and operating systems will temporarily step-up to 128-bit SSL encryption if they visit a Web site with an SGC-enabled SSL Certificate
Q: Is 128-bit SSL encryption really stronger than 40-bit SSL encryption?
A: Absolutely. When an SSL handshake occurs between a client and server, a level of encryption is determined by the browser, the client computer operating system, and in certain situations the SSL Certificate. Low-level encryption, 40- or 56-bits, is acceptable for sites with low-value information. However, a hacker with the time, tools, and motivation can crack the code in a matter of minutes. High-level encryption, at 128-bits, can calculate 288 times as many combinations as 40-bit encryption. That’s over a trillion times a trillion times stronger. That same hacker with the same tools would require a trillion years to break into a session protected by an SGC-enabled certificate.
Q: Do Symantec SSL Certificates work with all browsers?
A: Symantec® SSL Certificates work with virtually every Web browser that ever shipped and all popular Web browsers used since 1996. Symantec SSL Certificates offer the highest browser compatibility achieved by any SSL Certificate.
Q: Why is it important for Symantec to verify my business identity during enrollment?
A: To protect against fraud and phishing sites, Web visitors look for evidence of encryption and third-party authentication of the Web site’s business identity. When you request an SSL Certificate or a Managed PKI for SSL account or pre-approve your organization from within your Symantec Certificate Center Enterprise Account, Symantec verifies the existence of your business, the ownership of your domain name, and your employment status. We may require official government documentation proving your right to do business. We use the verified information to display in the address bar of high security browsers protected by Extended Validation SSL and in our Symantec Secured Seal pop-up window.
Our authentication and verification procedures are based on years of practice authenticating commercial businesses. These procedures are audited annually by KPMG using Statement of Auditing Standard 70 Type II, established by the American Institute of Certified Public Accountants. Symantec is a leading Certificate Authority, securing more than one million Web servers.
Q: What will I need to provide in order for Symantec to verify my business identity?
A: Symantec must verify the existence of your business, the ownership of your domain name, and your employment status or authority to request the SSL Certificate. We may require official government documentation proving your right to do business. These may include:
- Articles of Incorporation
- Certificate of Formation
- Charter Documents
- Business License
- Doing Business As
- Registration of Trade Name
- Partnership Papers
- Fictitious Name Statement
- Vendor/Reseller/Merchant License
- Merchant certificate
If we cannot automatically authenticate your company's management responsibility for the domain name that is associated with the SSL Certificate, we will require an authorization letter from that domain's owner. This step prevents applicants from fraudulently or accidentally obtaining SSL Certificates for inappropriate domains.
Q: What type of documentation does Symantec require for Extended Validation SSL Certificates?
A:If we cannot automatically authenticate your company's management responsibility for the domain name that is associated with the SSL Certificate, we will require an authorization letter from that domain's owner. This step prevents applicants from fraudulently or accidentally obtaining SSL Certificates for inappropriate domains. In addition to the requirements described above, a legal opinion letter may be required to confirm that the requestor has the authority to obtain SSL Certificate(s) on behalf of the company. The legal opinion letter also may be used to confirm the organization registration, organization address, telephone number, domain ownership, and the organization’s business status. The physical address may, alternatively, be confirmed by a physical site visit. Once confirmed, the requestor may be able to purchase additional SSL Certificates based on the original letter. If a legal opinion letter cannot be obtained, our Certification Practice Statement outlines alternate authentication and verification processes.
Q: How long does verification take?
A:Authentication for new certificates could take as little as 1 hour or up to several days, depending on the verification information you provide and whether or not your certificates are pre-approved. Symantec can authenticate your organizational and contact information and store the information’s pre-approved status for future certificate requests when you purchase units using a Symantec Certificate Center Enterprise Account. When you submit a certificate request that contains the authenticated information, Symantec needs only to verify the domain. If your organization is the legal holder of the domain, you can expect to receive your certificate within 1 hour of your request. Processing times for Extended Validation SSL Certificates may take longer due to additional verification requirements mandated by the Extended Validation (EV) SSL Guidelines.
Q: What is Extended Validation (EV) SSL?
A:In 2006, the CA Browser Forum, a group of leading SSL Certificate Authorities (CAs) and browser vendors, approved standard practices for certificate validation and visibility called the Extended Validation (EV) SSL Guidelines. To issue an SSL Certificate that complies with the standard, a CA must adopt the extended certificate validation practices and pass an audit. When shoppers visit a Web site secured with an EV SSL Certificate, high-security browsers will trigger the address bar to turn green and display the name of the organization listed in the certificate as well as the Certificate Authority. The browser and the Certificate Authority control the display, making it difficult for phishers and counterfeiters to hijack your brand and your customers.
Q: What is a high-security browser?
A:Web browsers that emerged after the development of the Extended Validation (EV) standard established by the CA/Browser forum and that were developed to recognize EV SSL Certificates are considered high-security browsers. They are designed to trigger unique visual cues to indicate the presence of an EV SSL Certificate. For instance, Internet Explorer 7 shows a green address bar and displays the name of the organization listed in the certificate as well as the certificate’s security vendor. These displays make it easier for Web site visitors to quickly establish trust with the Web sites they visit. Microsoft® Internet Explorer 7 and Firefox 3 are examples of high-security browsers.
Q: What is a Certification Authority (CA)?
A:When Symantec issues an SSL Certificate, we act as a Certificate Authority (CA). Symantec digitally signs each certificate we issue. Each browser contains a list of CAs to be trusted. When the SSL handshake occurs, the browser verifies that the server certificate was issued by a trusted CA. If the CA is not trusted, a warning will appear. When high-security browsers recognize an Extended Validation SSL Certificate, they sometimes display the name of the CA as well as the name of the Certificate owner. Because Symantec is the most trusted and recognized CA on the Internet (see Symantec Secured Seal Research Review (PDF)), the presence of the Symantec name can lend an additional level of trust for site visitors. The Symantec Trial Root CA is for testing purposes only and is not registered in any browser’s trust list.
Q: What is a Certificate Signing Request (CSR)?
A:The CSR is a string of text generated by your server software. You provide this string of text to Symantec during the enrollment process. To generate a CSR, you will need to know what kind of server software is running on your Web server.
Q: Can I secure multiple servers with a single certificate?
A:The Symantec certificate subscriber agreement prohibits customers from using a certificate on more than one physical server or device at a time, unless the customer has purchased the Licensed Certificate Option. When private keys are moved among servers—by disk or by network—accountability and control decrease, and auditing becomes more complex. By sharing certificates on multiple servers, enterprises increase the risk of exposure and complicate tracing access to a private key in the event of a compromise. Symantec’s licensing policy allows licensed certificates to be shared in the following configurations: redundant server backups, server load balancing, and SSL accelerators. See Licensing Symantec Certificates: Securing Multiple Web Server and Domain Configurations (PDF) for more information.
GeoTrust's Frequently Asked Questions
Geotrust Answers
Q: Who is Secure128 and why choose us to buy GeoTrust SSL certificates?
A: Secure128 is a Certified Authorized GeoTrust Platinum Partner and one of the fastest growing SSL partners today. We are a Business member of the Georgia Chamber of Commerce and soon we will become a BBB Online Reliability Participant/Better Business Bureau member under our parent company RSoft Consulting, Inc. We are a Verified Authorized.Net Merchant.
Q:What is a GeoTrust Server Certificate?
A: A GeoTrust certificate is a way to ensure safe transmission of sensitive information (such as personal data or credit card numbers) between client and server by providing identity authentication and data encryption. GeoTrust SSL Web server Certificates are compatible with Microsoft Internet Explorer® 5.01 and higher, AOL 5.0 and higher, Netscape Communicator 4.7 and higher, Mozilla Firefox 1.0 and higher, Opera 7 and higher, and Apple Safari 1.0 and higher, comprising an estimated 99% or more of all Web browsers in use on the Internet.
Q: What Web servers are compatible with GeoTrust SSL Certificates?
A: GeoTrust SSL Certificates are compatible with all major Web servers. Click here to see
Q: What is a Certificate Authority (CA)?
A: The Certificate Authority (CA) is the organization that creates and regulates the policy and procedure for authenticating, issuing, renewing, and suspending digital certificates. Working with the Registration Authority (RA), the CA authorizes certificates and ensures the legitimacy of participating parties.
Q: How do I create a certificate signing request?
A: View our certificate-signing request generation instructions (CSR) instructions.
Q: How do I install my GeoTrust SSL Certificate?
A: View the GeoTrust SSL Certificate Installation instructions.
Q: Does Secure128 offer any kind of trial period for any SSL certificates?
A: Secure128 does offer trial on all GeoTrust SSL certificates. If you purchase a new SSL certificate from us and decide it’s not the correct one or it doesn't work as intended, you have a 30 day cancellation window.
Q: Does Secure128 accept Purchase Orders?
A: We accept Purchase Orders with a minimum purchase of $250 USD. Please contact us directly to set up with this option.
Q: Do you support customers outside the USA?
A: We accept customers from most countries outside the USA with a major credit card like Visa, MasterCard or Discover. According to GeoTrust Repository, certificates cannot be issued to the following countries: Angola, Ascension, Cuba, Czechoslovakia, Libya, Iran, Iraq, Afghanistan, North Korea and Syria.
Q: Do you offer any kind of refund once my GeoTrust SSL certificate has been issued?
A: If the certificate does not work as intended and you need to cancel or refund, We will cancel or refund fees following issuance or renewal of a True BusinessID, QuickSSL, QuickSSL Premium, or EV Certificate upon request by the Subscriber within thirty (30) days of issue date.
Q: What is a "single-root" SSL certificate and are GeoTrust SSL certificates chained?
A: All GeoTrust certificates are single root certificates. GeoTrust is a spinoff of Equifax Secure. In 2001, GeoTrust acquired Equifax Secure, which included the Equifax root certificates. Unlike other companies which issue certificates off chained roots or license roots from third parties like GoDaddy, Comodo or Network Solutions, GeoTrust owns the root and is not dependent on another root provider. Chained certificates tend to be seen on the low end of the SSL market and require more installation assistance than a single root cert. Plus not all browsers today support chained SSL certificates so the ubquity is lower.
Q: What is the QuickSSL Premium"Domain Validated issuance" process?
A: The QuickSSL and QuickSSL Premium certificates are vetted by the WHOIS info on the actual domain. Once you place an order by selecting an email address of the WHOIS, GeoTrust will send an approver email acknowledgment for the order. All that person needs to do is simply click on the link and approve the order. The certificate will be emailed by GeoTrust to the technical contact on the order, usually in 10 minutes.
Q: What is the True BusinessID "Organization Vetted" issuance process?
A: You will need to provide proof of organization documents like business license, articles of incorporation, DUNS, or any legal document issued by state, local or federal government. Once you submit the order, please fax your information directly to GeoTrust. If its a GeoTrust renewal order, this is not necessary if all information on the company is current.
Q: Are your SSL certificates the same as if I went directly to the GeoTrust site?
A: Our certificates are 100% the exact same certificates you would buy if you went directly to GeoTrust. The only difference will be the cost you pay. We are tied into the GeoTrust API ordering portal so the minute you place an order with us, it is received by GeoTrust. The ordering experience will be the exact same process too. Plus all order correspondence comes directly from GeoTrust, meaning the approver email with the Quick SSL and Premium certificates comes from GeoTrust. The actual GeoTrust SSL certificate will be emailed to you directly from GeoTrust client services.
Q: How much will my Secure128 renewal cost me for my GeoTrust SSL?
A: Our renewal prices are the same as our new SSL certificate prices. So if the new price of a QuickSSL is $99 today, the renewal price for QuickSSL will be the same.
Q: Does GeoTrust offer any kind of Reissue Policy on any of their SSL certificates?
A: Every GeoTrust SSL certificate issued comes with free lifetime reissues for the life of your SSL certificate for the exact same fully-qualified-domain name. To qualify for reissuance, all existing core certificate details must remain the same (including fully qualified domain name). Generate a new Certificate Signing Request (CSR) on your web server and go here
Q: What if the WHOIS info for my domain is not right?
A: You can always update the WHOIS admin/tech contact information on file for your domain at the registrar where your domain is registered. Regristrars do this at least 1-2 times a day. Simply contact them to have them update this information. Another option is to setup one of the generic email addresses for the domain, such as admin, administrator, root, hostmaster, webmaster, ssladmin, sysadmin and postmaster @yourdomain.com.
Q: Can I renew my GeoTrust SSL certificate with Secure128 even though I bought it from the GeoTrust retail site or through another provider?
A: Yes you can. It doesn't matter where you bought your GeoTrust certificate. All you will need is a new CSR to place the order with us. Since we are tied into the GeoTrust API ordering portal, we will add up to 3 months on any existing GeoTrust certificate. So you can renew early and reap the benefits of getting extra months added on to your certificate.
Q: How will I know when to renew my GeoTrust SSL certificate if I buy it from Secure128?
A: Whether you buy from us or GeoTrust directly, you will be notified by GeoTrust as early as 90 days with regards to renewing your certificate. The renewal notices will go out to the technical and admin contact on the orders.
Q: Do GeoTrust SSL Certificates Support OWA (Outlook Web Access)?
A: Yes, all GeoTrust certificates support OWA.
Q: What SSL certificate turns the address bar GREEN in IE7?
A: The True BusinessID with EV can turn the address bar green. We offer it at a discounted rate. GeoTrust retail is $899 yr.
Q: What does a GeoTrust SSL certificate look like?
A: Here is an example of what it would look like: -----BEGIN CERTIFICATE-----
MIIDPjCCAqegAwIBAgIDB31EMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZ
aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDcwNTI5MTg1NjMyWhcNMTAwNTI5MTg1Nj
WjCByDELMAkGA1UEBhMCVVMxGzAZBgNVBAoTEnNpdGVzLm5ldC1ibHVlLm5ldD
MBEGA1UECxMKR1Q5OTQwMDAxMTExMC8GA1UECxMoU2VlIHd3dy5nZW90cnVzd
b20vcmVzb3VyY2VzL2NwcyAoYykwNzE3MDUGA1UECxMuRG9tYWluIENvbnRyb2wg
VmFsaWRhdGVkIC0gUXVpY2tTU0wgUHJlbWl1bShSKTEbMBkGA1UEAxMSc2l0Z
bmV0LWJsdWUubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4Jj
UbF2SilUNowB9wIvFO4Aw7Wux03HJae//CMBhKPDcpcy1L6D45C8ZJPgss95/5Ge
lv7sFHNpHzlZWcW/B0P+MWMsy+oYIPBSasMpv4o/1mVg8ub3GZGJOcL/dT6BDCvX
eUABmSVP20rvTpJqqLNMxNdK50b2lX4riQIDAQABo4GuMIGrMA4GA1UdDwEB/wQE
AwIE8DAdBgNVHQ4EFgQUkLVhe5JldIXulp/NcmJQ7QK5mwQwOgYDVR0fBDMwM
oC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9zZWN1cmVjYS5jcmww
HwYDVR0jBBgwFoAUSOZo+SvSspXXR9gjIBBPM5iQn9QwHQYDVR0lBBYwFAYIKw
BQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4GBAJxjLb7KYs2S39F
kaiduTbZyZdKkbXEqB55QhIa06EKBj8+RJEEUEtjSYqZONoAXj7XdNs0BVzi4seI
0QsszKuPIe17Kmh4cN/ -----END CERTIFICATE-----
Q: What do I buy if I have multiple domain names? Will one SSL certificate work for all of them?
A: Per licensing agreements, one SSL certificate will work for one fully-qualified domain name (FQDN) only. A CSR will generate only one qualified domain name. We recommend that if you needing to secure multiple domain names, we suggest the Power Server ID for up to 4 domains and the True Business ID Wildcard if you have multiple subdomains on 1 server.
Q: What is the QuickSSLPremium with SAN and do you sell it?
A: Yes, we sell the product. QuickSSLPremium with SANs is a global digital certificate that enables up to 256-bit encryption for up to 4 server names with 1 certificate.
Q: Can I purchase multiple licenses of a single SSL certificate and are these token based certificates?
A: All GeoTrust certificates are unlimited servers/licenses, there is no need to worry about it.
Q: What is a X.509 SSL certificate and does GeoTrust offer that?
A: X.509 is a standard for public key infrastructure. All GeoTrust certificates are X.509 compliant. View more information regarding X.509.
Q: How does a digital certificate work and what is the encryption strength of GeoTrust certificates?
A: After authenticating identity, the CA issues digital certificates, which also contain a matched pair of electronic keys, the public key and the private key.When the customer contacts a website, the public key is sent to the customer, and attaches itself and encrypts data that is transmitted back to the website (such as personal information). Upon receipt, the private key recognizes the public key, and then decrypts the information. A similar exchange of public and private keys occurs to confirm the identity of the parties, thus ensuring that only the intended recipient has access to the information, so privacy and security is maintained. All GeoTrust SSL certificates support up to 256-bit encryption. This of course is all dependent on your browser supporting 256 bit encryption from your browser to the webserver.
Q: What GeoTrust SSL certificates work with smartphones and other PDA devices?
A: We recommend the Quick SSL Premium, True Business ID and the EV certificate.
Q: Do all GeoTrust SSL certificates come with any site seal?
A: Yes, all GeoTrust certificates come with a site seal you can display.
Q: How long does it take to issue a GeoTrust True BusinessID certificate?
A: Typically it takes GeoTrust 1-2 business days to issue this certificate. If its a renewal certificate and nothing has changed with your company information like address/phone number, the certificate will be issued normally in a few hours. You will be notified when the verification process is complete. If your order has been accepted, you will receive your SSL certificate via email by GeoTrust client services.
Q: How long does it take to issue a GeoTrust True Business ID with EV certificate?
A: Typically it can take up to 7-10 days. View more information with regards to the requirements.
Q: What GeoTrust SSL certificate supports subdomains? How many sub domains can I secure with a Wildcard certificate?
A: Geotrust offers a wildcard certificate called True Business ID Wildcard. It is used to secure unlimited sub domains that share a common domain name that reside on 1 physical server.
Q: How do I generate a CSR?
A: If you have access to your server, you can generate the CSR. Otherwise, your hosting company will need to help you. We offer specific instructions on how to generate a CSR depending on the type of server you have. View information. If you have any questions, please contact us.
Q: What does a completed CSR look like?
A: Here is an example of what it would look like: -----BEGIN CERTIFICATE-----
MIIDPjCCAqegAwIBAgIDB31EMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTA
MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZS
aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDcwNTI5MTg1NjMyWhcNMTAwNTI5MTg
WjCByDELMAkGA1UEBhMCVVMxGzAZBgNVBAoTEnNpdGVzLm5ldC1ibHVlLm5
MBEGA1UECxMKR1Q5OTQwMDAxMTExMC8GA1UECxMoU2VlIHd3dy5nZW90cn
b20vcmVzb3VyY2VzL2NwcyAoYykwNzE3MDUGA1UECxMuRG9tYWluIENvbnRyb
VmFsaWRhdGVkIC0gUXV
-----END CERTIFICATE-----
Q: What symbols can’t I use in my CSR?
A: The following characters may cause problems: < > ~ ! @ # $ % ^ / \ ( ) ?&. This includes commas. - Generally it would be best to use alphabetic and numeric characters for all your input fields, including the passwords. Characters like "/", "#", and sometimes even the period "." and comma "," may cause problems.
Q: What do I use for the Common Name (CN) when ordering a GeoTrust True Business ID Wildcard certificate?
A: Wildcard certificates can save you time and money in acquiring and managing multiple server certificates. Wildcard certificates can secure multiple fully qualified domains if they share the same base domain name and reside on the same physical server and share the same second level domain name. For example, if you need to secure the following websites: www.yourdomain.com secure.yourdomain.com product.yourdomain.com info.yourdomain.com download.yourdomain.com anything.yourdomain.com and all of these websites are hosted on the same server box, you can purchase and install one wildcard certificate issued to *.yourdomain.com to secure all these sites.
Q: How many years can I purchase a GeoTrust certificate for?
A: It varies by product but you can buy most certificates up to 5 years. By doing so, we offer multi year discounts. Our discounts start at 25% and go up from there.
Q: How can we contact you?
A: You can contact us by email at help@secure128.com or by calling us directly at 877-824-6434, 8am-8pm EST.
Thawte's Frequently Asked Questions
Q: Who is Secure128 and why choose us for thawte SSL certificates?
A: Secure128 is an Authorized thawte Premiere Partner and one of the fastest growing SSL partners today. We are a Business member of the Georgia Chamber of Commerce under our parent company RSoft Consulting, Inc. We are also a Verified Authorized.Net Merchant. We take pride in offering our customers and partners the lowest possible pricing for thawte SSL certificates and excellent customer service.
Q: What is a thawte Server Certificate?
A: A thawte certificate is a way to ensure safe transmission of sensitive information (such as personal data or credit card numbers) between client and server by providing identity authentication and data encryption. thawte SSL Certificates Web server certificates are compatible with Microsoft Internet Explorer® 5.01 and higher and Netscape/AOL Web browsers version 6.x and higher, Netscape Navigator 4.51 and 6.x, and Opera 7 comprising an estimated 99% or more of all Web browsers in use on the Internet.
Q: What Web servers are compatible with thawte SSL Certificates?
A: thawte SSL Certificates are compatible with all major Web servers. To see the full list click here
Q: What is a Certificate Authority (CA)?
A: The Certificate Authority (CA) is the organization that creates and regulates the policy and procedure for authenticating, issuing, renewing, and suspending digital certificates. Working with the Registration Authority (RA), the CA authorizes certificates and ensures the legitimacy of participating parties.
Q: How do I create a certificate signing request?
A: See our certificate-signing request generation instructions (CSR) instructions located here
Q: Does Secure128 accept Purchase Orders?
A: We do with a minimum purchase of $250 USD. Please contact us directly to have you set up with this option.
Q: Do you support customers outside the USA like Australia, Europe and Asia?
A: As long as you don’t live in the countries mentioned, we accept customers outside the USA with a major credit card like Visa, MasterCard and Discover. According to thawte Repository they cannot issue to these countries: Angola, Ascension, Cuba, Czechoslovakia, Libya, Iran, Iraq, Afghanistan, North Korea, Syria, and Yugoslavia.
Q: Do you offer any kind of refund once my thawte SSL certificate has been issued?
A: If the certificate does not work as intended and you need to cancel or refund, Secure128 will cancel or refund fees following issuance or renewal of any thawte Certificate we offer upon request by the Subscriber within seven (7) days of issue date.
Q: What is a "single-root" SSL certificate and are thawte SSL certificates chained?
A: All thawte certificates are single root certificates. Unlike other companies which issue certificates off chained roots or license roots from third parties like Go Daddy, Comodo or Network Solutions, thawte owns the root and is not dependent on another root provider. Chained certificates tend to be seen on the low end of the SSL market and require more installation assistance than a single root cert. Plus not all browsers today support chained SSL certificates so the ubiquity is lower.
Q: What is the thawte SSL 123 "Domain Validated issuance" process?
A: The thawte123 certificates are available in minutes if you are listed with an accredited online registrar. There can be delays in issuance if your domain is not registered with an accredited online registrar
Q: What is the SGC and SSL Web server "Manual Vetted" issuance process?
A: You will need to provide proof of organization documents like business license, articles of incorporation, DUNS, or any legal document issued by state, local or federal govt. Once you submit the order, please fax your information directly to thawte if it’s a thawte renewal order, then you don’t have to if all information on the company is current.
Q: Are your SSL certificates the same if I went directly off the thawte site?
A: Our certificates are 100% the exact same certificates you would buy if you went directly to thawte. The only difference will be the cost you pay. We are tied into the thawte API ordering portal so the minute you place an order with us, it is received by thawte. The ordering experience will be the exact same process too. Plus all order correspondences comes directly from thawte. The actual thawte SSL certificate will be emailed to you directly from thawte.
Q: How much will my Secure128 renewal cost me?
A: Our renewal prices are listed for all thawte certificates on the site.
Q: Does thawte offer any kind of Reissue Policy on any of their SSL certificates?
A: Every thawte SSL certificate issued comes with free lifetime reissues for the life of your SSL certificate for the exact same fully-qualified-domain name. To qualify for reissuance, all existing core certificate details must remain the same (including fully qualified domain name). Generate a new Certificate Signing Request (CSR) on your web server and get a reissue here
Q: What if the WHOIS info for my domain is not right?
A: You can always update the WHOIS admin/tech contact information on file for your domain at the registrar where your domain is registered. Registrars do this at least 1-2 times a day. Simply contact them to have them update this information.
Q: Can I renew my thawte SSL certificate with you directly even though I bought it off the thawte retail site or thru another provider?
A: Yes you can. It doesn’t matter where you bought your thawte certificate. All you will need is a new CSR to place the order with us.
Q: How will I know when to renew my thawte SSL certificate if I buy it from Secure128?
A: You will be notified by us as early as 90 days with regards to renewing your certificate. The renewal notices can be customized within the Secure128 portal.
Q: What does a thawte SSL certificate look like anyway?
A: Here is an example of what it would look like
-----BEGIN CERTIFICATE-----
CDERDPjCCA555sdcvGdIBAgIDB31EMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAY
MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDcwNTI5MTg1NjMyWhcNMTAwNTI5MTg1NjMy
WjCByDELMAkGA1UEBhMCVVMxGzAZBgNVBAoTEnNpdGVzLm5ldC1ibHVlLm5ldDET
MBEGA1UECxMKR1Q5OTQwMDAxMTExMC8GA1UECxMoU2VlIHd3dy5nZW90cnVzdC5j
b20vcmVzb3VyY2VzL2NwcyAoYykwNzE3MDUGA1UECxMuRG9tYWluIENvbnRyb2wg
VmFsaWRhdGVkIC0gUXVpY2tTU0wgUHJlbWl1bShSKTEbMBkGA1UEAxMSc2l0ZXMu
bmV0LWJsdWUubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4JjOAzwIW
UbF2SilUNowB9wIvFO4Aw7Wux03HJae//CMBhKPDcpcy1L6D45C8ZJPgss95/5Ge
lv7sFHNpHzlZWcW/B0P+MWMsy+oYIPBSasMpv4o/1mVg8ub3GZGJOcL/dT6BDCvX
eUABmSVP20rvTpJqqLNMxNdK50b2lX4riQIDAQABo4GuMIGrMA4GA1UdDwEB/wQE
AwIE8DAdBgNVHQ4EFgQUkLVhe5JldIXulp/NcmJQ7QK5mwQwOgYDVR0fBDMwMTAv
oC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9zZWN1cmVjYS5jcmww
HwYDVR0jBBgwFoAUSOZo+SvSspXXR9gjIBBPM5iQn9QwHQYDVR0lBBYwFAYIKwYB
BQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4GBAJxjLb7KYs2S39F8kvqX
kaiduTbZyZdKkbXEqB55QhIa06EKBj8+RJEEUEtjSYqZONoAXj7XdNs0BVzi4seI
0QsszKuPIefr6hhtyrry/ -----END CERTIFICATE-----
Q: Can I purchase multiple licenses of a single SSL certificate and are these token based certificates?
A: When placing an order, you will be given an opportunity to select how many licenses you need. thawte certificates are token based certificates like Symantec. So as an example, if you needed to buy a thawte certificate for 1 year with 2 licenses, you would select 1 yrs as the length and 2 server licenses.
Q: What is a X.509 SSL certificate and does thawte offer that?
A: X.509 is a standard for public key infrastructure. All thawte certificates are X.509 compliant.
Q: How does a digital certificate work and what is the encryption strength of thawte certificates?
A: After authenticating identity, the CA issues digital certificates, which also contain a matched pair of electronic keys, the public key and the private key. When the customer contacts a website, the public key is sent to the customer, and attaches itself and encrypts data that is transmitted back to the website (such as personal information). Upon receipt, the private key recognizes the public key, and then decrypts the information. A similar exchange of public and private keys occurs to confirm the identity of the parties, thus, ensuring that only the intended recipient has access to the information, so privacy and security is maintained. All thawte SSL certificates support up to 256-bit encryption. This of course is all dependent on your browser supporting 256 bit encryption from your browser to the web server.
Q: Do all thawte SSL certificates come with a site seal?
A: Yes, all thawte certificates come with a site seal you can display.
Q: How long does it take to issue a thawte SGC, Wildcard or SSL Web server certificate?
A: Typically it takes thawte 2-4 business days to issue this certificate. If it’s a renewal certificate and nothing has changed with your company information like address/phone number, the certificate will be issued normally in a few hours. You will be notified when the verification process is complete. If your order has been accepted, you will receive your SSL certificate via email by thawte.
Q: What thawte SSL certificate supports sub domains? How many sub domains can I secure with a Wildcard certificate?
A: thawte offers a wildcard certificate. It is used to secure unlimited sub domains that share a common domain name that reside on 1 physical server.
Q: How do I generate a CSR?
A: If you have access to your server, you can generate the CSR otherwise your hosting company will need to help you. We offer specific instructions on how to generate a CSR depending on the type of server you have located here. If you have any questions, please contact us.
Q: What does a CSR look like?
A: -----BEGIN NEW CERTIFICATE REQUEST-----
MIIDPjCCAqegAwIBAgIDB31EMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDcwNTI5MTg1NjMyWhcNMTAwNTI5MTg1NjMy
WjCByDELMAkGA1UEBhMCVVMxGzAZBgNVBAoTEnNpdGVzLm5ldC1ibHVlLm5ldDET
BQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4GBAJxjLb7KYs2S39F8kvqX
kaiduTbZyZdKkbXEqB55QhIa06EKBj8+RJEEUEtjSYqZONoAXj7XdNs0BVzi4seI
0QsszKuPIe17Kmh4cN/ztP0sUWI7EdPEQZkCxFFQL88FlBPJi5UO7Ud55VDxdhL0
h9BbUwObaM3vTCEt+EtGwucU
-----END NEW CERTIFICATE REQUEST-----
Q: What symbols can’t I use in my CSR?
A: If any illegal characters are in one of the dn fields.
The following characters may cause problems: < > ~ ! @ # $ % ^ / \ ( ) ?&. This includes commas. - Generally it would be best to use alphabetic and numeric characters for all your input fields, including the passwords. Characters like "/", "#", and sometimes even the period "." and comma "," may cause problems.
Q: What do I use for the Common Name (CN) when ordering a thawte Wildcard certificate?
A: Wildcard certificates can save you time and money in acquiring and managing multiple server certificates. Wildcard certificates can secure multiple fully qualified domains if they share the same base domain name and reside on the same physical server and share the same second level domain name. For example, if you need to secure the following websites: www.yourdomain.com
secure.yourdomain.com
product.yourdomain.com
info.yourdomain.com
download.yourdomain.com
anything.yourdomain.com
and all of these websites are hosted on the same server box, you can purchase and install one wildcard certificate issued to *.yourdomain.com to secure all these sites.
Digicert's Frequently Asked Questions
Digicert Answers
Q. What does a DigiCert SSL Plus cover?
A. SSL Plus Certificate secures one specific domain name, such as "www.digicert.com" or "mail.digicert.com."
Q. Does DigiCert SSL Plus cover both www and non-www of a domain name?
A. DigiCert's SSL Plus secures "yourname.com" and "www.yourname.com" in every certificate for no extra charge.
Q. What are the features of DigiCert’s Wildcard Plus SSL certificate? Will it support also the base domain name as well?
A. DigiCert's Wildcard Plus Certificate has all the features of a regular Wildcard SSL Certificate such as a certificate for "*.digicert.com" will secure "www.digicert.com" and "mail.digicert.com" and any other subdomain of "digicert.com". The "Plus" in "Wildcard Plus" refers to a feature that DigiCert was the first company to offer: in addition to securing all the subdomains of "digicert.com", our certificate will also secure "digicert.com" itself.
Q. Does DigiCert SSL certificates offer unlimited reissues?
A. Yes
A. Does DigiCert offer unlimited server licenses?
A. Yes
Q. How many fully qualified domains does DigiCert Multi-Domain SSL certificates offer?
A. Up to 25 total domains
Q. Does DigiCert SSL certificates offer EV certificates?
A. Yes
Q. What is an EV SSL Certificate?
A. Extended Validation SSL Certificates is intended to give users more confidence in who you are (the legal entity who has applied for the ssl certificate) and that you control/own your web site.
Q. How exactly does EV SSL Certificates work and what is different about them?
A. Your web browser will display a green address bar when visiting a web site that has been secured by a valid EV SSL Certificate. For example, your web browser will turn the address bar green. Also, on the right hand side of the address bar you will notice a box which alternates between your legal company name and the certificate authority which issued the EV Certificate.
Q. Are DigiCert SSL Certificates compatible with SSL v3/TLS?
A. Yes all DigiCert SSL Certificates comply with this
Q. Are DigiCert SSL Certificates compatible with all major browsers?
A. Yes all DigiCert SSL Certificates are compatible with all major browsers and mobile devices
Q. Do all DigiCert SSL certificates come with any site seal?
A. Yes all offer a site seal you can download when the SSL certificate is issued.
Entrust's Frequently Asked Questions
Entrust Answers
Q. Who is the Authorization Contact on the SSL order form?
A. The Authorization Contact must be a member of the organization that owns the domain and has the authority to request an Entrust SSL Certificate on behalf of the organization. This person will receive notification when the certificate is issued and is contacted if further information is required to process your request.
Q. What is the Billing Contact on the SSL order form?
A. It has to be the company name, address, phone number and email address of the billing contact for the SSL certificate.
Q. What is the Certificate Signing Request (CSR)?
A. The Certificate Signing Request (CSR) is generated with your Web server software, and contains both the public key portion of your Web server’s key pair and the Distinguished Name (DN) of your Web server. Please follow the instructions provided in your Web server’s documentation to generate a CSR for each Entrust SSL Certificate you will require. Secure128 provides CSR instructions in our Support Resources Tab.
** Please Note: If an Internet Service Provider (ISP) hosts your Web server, the ISP can provide you with a Certificate Signing Request (CSR) or submit a request on your behalf.
Q. What is the Common Name (CN) of the CSR?
A. The Common Name (CN) is the fully qualified domain name of the Web server that will receive the certificate (e.g. www.test.com or mail.test.net). Do not include the protocol specifier (i.e., http:// or https://) or any port numbers or pathnames in the common name. Do not use wildcard characters such as ‘*’ or ‘?’, and do not use an IP address.
Please Note: Most Web browsers will display a warning message when connecting to your Web site if the Web server’s fully qualified domain name does not match the common name in the certificate.
Q. What is the Distinguished Name (DN) of the CSR?
A. When you create your Certificate Signing Request (CSR), your Web server application will prompt you for information about your organization and your Web server. This information is used to create your Web server certificate’s Distinguished Name (DN).
Q. What is Domain Ownership?
A. If you are not sure of the ownership of your domain name as listed with the domain name registrar, you should look up the WHOIS information before submitting your certificate request. The domain ownership information held by the domain name registrar must match the information contained within your application. This is one of the primary causes for application delays or rejection.
Q. What are the verification steps to receive an EV or OV SSL certificate?
A. When you purchase any Entrust SSL Certificate, you must provide information that will be used to: 1) verify that the organization is a legitimate organization operating under the name identified in the organization name in the certificate 2) verify the right of the organization to use the domain name included in the Certificate Signing Request (CSR) 3) verify the individual requesting the certificate (the Admin Contact) is in the employment of and is an authorized representative of the organization verified in Step 1.
Q. Does Entrust offer a EV Multi Domain SSL?
A. Yes, EV Multi-Domain SSL Certificates provide all the benefits defined by the CA/Browser Forum. Internet users will see trust indicators in the url like a green address bar.
Q. Do you offer free lifetime reissues on SSL certificates and how many years can I buy for?
A. All Entrust SSL certificates come with free lifetime reissues and you can purchase up to 3 years. EV SSL certificates are valid for 2 years.
Q. Does Secure128 accept Purchase Orders?
A. Yes we do, please contact sales@secure128.com to setup.
Q. What does SSL stand for?
A. Secure Sockets Layer (SSL) technology is a security protocol that is today’s de-facto standard for securing communications and transactions across the Internet. SSL has been implemented in all major browsers and Web servers, and as such, plays a major role in today’s internal and external activities on the Web.
Q. What is a Subject-Alt-Name?
A. The subject alternative names (SubjectAltName) extension allows one SSL certificate to be used to secure one Web server with multiple names (such as a different DNS name, IP address or URI). Alternatively, the SubjectAltName extension can be used to secure up to two virtual Web servers using the same SSL certificate.
Q. What is a Subject-Alt-Name?
A. The subject alternative names (SubjectAltName) extension allows one SSL certificate to be used to secure one Web server with multiple names (such as a different DNS name, IP address or URI). Alternatively, the SubjectAltName extension can be used to secure up to two virtual Web servers using the same SSL certificate.
*Please Note: SubjectAltName extension is a new feature for Entrust SSL Certificates and is available in Advantage SSL Certificates. When submitting the CSR (Certificate Signing Request), you have the option to provide an alternative identity to be bound to the subject of the certificate (i.e. valid domain name, IP address or URI). If you do not need this functionality, please leave the SubjectAltName field blank.
Q. What are UC Multi-Domain SSL Certificates?
A. Unified Communications (UC) Multi-Domain SSL Certificates enable security for the diverse communications protocols in new servers like Microsoft Exchange 2007 and Microsoft Office Communications Server (formerly Live Communications Server). It allows you to add up to 250 unique domains on one SSL certificate at a per domain cost. and is available in Advantage SSL Certificates. When submitting the CSR (Certificate Signing Request), you have the option to provide an alternative identity to be bound to the subject of the certificate (i.e. valid domain name, IP address or URI). If you do not need this functionality, please leave the SubjectAltName field blank.
Malware Scanning FAQ
Malware FAQ
Q. What is malware?
A. Malware is a general term for malicious software and is a growing problem on the Internet.
Q. What are the benefits to my web site?
A. Growing concerns about fake sites, viruses and identity theft have made consumers reluctant to do business with web sites that are not taking steps to protect them.
Q. What does blacklisted mean?
A. Because of the potential damage caused by malware, Google, Yahoo, Bing and other search engines place any site found with malware on a blocked list or blacklist, excluding it from search results. If your site is blacklisted, it may be blocked entirely or flagged with a security alert to discourage click-through.
Q. Is a small web site at risk for malware?
A. Any web site is at risk. Small web sites might be more vulnerable because they are less likely to have resources and expertise to detect and respond quickly to attacks.
Q. How did someone infect my web site?
A. Hackers are constantly developing new ways to exploit weaknesses on servers and attack web sites. Once an exploit is found, they access your web site and add malware without your knowledge or consent.
Q. How do I know if my web site is free of malware?
A. Malware is rarely visible on your web site; it is hidden in your web page code. The GeoTrust Web Site Anti-Malware Scan includes a daily malware scan.
Q. Could web site malware scanning slow down my web site?
A. No. Web site malware scanning is equivalent to having 10 visitors navigate your web site.
Q. What happens if malware is detected on my web site?
A. If malware is discovered, the GeoTrust Web Site Anti-Malware Seal no longer displays. You receive an email alert warning you of the malware infection with instructions to sign in to the End User Portal.
Q. How can I protect my site from malware?
A. Posting the GeoTrust Web Site Anti-Malware Seal on your web site is like posting an alarm security sign in your front window. It shows hackers that your site is scanned daily to detect malware.