|
|
|
SSL Frequently Asked Questions |
What Is SSL |
|
The SSL protocol is the web standard for encrypting communications between users and SSL e-commerce sites. Data sent via a SSL connection is protected by encryption, a mechanism that prevents eavesdropping and tampering with any transmitted data. SSL provides businesses and consumers with the confidence that private data sent to a web site, such as credit card numbers, are kept confidential. SSL Certificates are required to initialise an SSL session. |
|
Customers know when they have an SSL session when their browser displays the little gold padlock and the address bar begins with a https rather than http. SSL Certificates can be used on web servers for internet security and mail servers such as IMAP, POP3 and SMTP for mail collection / sending security. |
|
128/256 Bit SSL Certificates are usually used to protect information whilst it is being entered into an online form, securing e-mail, servers and ftp. |
| |
 |
| |
What Is A Wildcard Certificate |
|
Our wildcard certificates are can be used to secure multiple sub domains on a single domain name. Wildcard allows web sites to conduct secure e-commerce with an encrypted SSL connection, at a fraction of the cost of other wildcard providers. |
|
Find out about RapidSSL Wildcard and True BusinessID Wildcard. |
What Is A Single Root SSL Certificate |
|
When connecting to a web server over SSL, the visitor's browser decides whether or not to trust the web site's SSL certificate based on which Certification Authority has issued the actual SSL certificate. To determine this, the browser looks at its list of trusted issuing authorities - represented by a collection of Trusted Root CA certificates added into the browser by the browser vendor (such as Microsoft and Netscape). |
|
Most SSL Certificates are issued by CA's who own and use their own Trusted Root CA certificates, such as those issued by GeoTrust. As GeoTrust is known to browser vendors as a trusted issuing authority, its Trusted Root CA certificate has already been added to all popular browsers, and hence is already trusted. |
|
Some Certification Authorities do not have a Trusted Root CA certificate present in browsers, therefore they need a chained root in order for their certificates to be trusted - essentially a CA with a Trusted Root CA certificate issues a chained certificate which inherits the browser recognition of the Trusted Root CA. These SSL certificates are known as chained root SSL certificates. |
|
Installation of Chained Root certificates are more complex and some web servers are not compatible with Chained Root certificates. |
|
For a Certification Authority to have its own Trusted Root CA certificate already present in browsers is a clear sign that they are long-time, stable and credible establishment who have long term relationships with the browser vendors (such as Microsoft and Netscape) for the inclusion of their Trusted Root CA certificates. For this reason, such CA's are seen as being considerably more credible and stable than Chained Root certificate providers who do not have a direct relationship with the browser vendors. |
|
You can view the Certification Authorities who have their own root certificates by viewing the list in your browser. |
| |
|
| |
Why Is Stability Important |
|
All of our SSL Certificates issued are issued from a trusted CA root certificate that is owned by GeoTrust. This means that all our certificates are stable. |
|
Some SSL Certificate providers cannot offer this stability. For example, Comodo InstantSSL do not own their own trusted root, which means that they can only offer Chained Root certificates chained to a trusted root certificate that they do not own. They rely on the trusted root certificate owner to allow them to issue certificates and have no control over what the owner of the certificate does with the certificate - as has recently been shown when Baltimore has decided to sell its root certificate. |
What Is A FreeSSL 30 Day Trial Certificate |
|
FreeSSL is a fully functional single root test certificate valid for 30 days. It is the only fully trusted single root trial certificate available. If you need to test your server, or would like to test our support and issuance speed then FreeSSL is an ideal solution. |
|
You can order as many FreeSSL certificates as required for testing purposes. |
What Browser Versions Are Compatible |
|
Our certificates are compatible with IE 5.01+, Netscape 4.7+, Mozilla 1+, AOL 5+, Firefox, Safari and many newer Windows and Macintosh based browsers and are single root install certificates (they do not use chaining technology), meaning that they are compatible with SSLv2 and SSLv3. Single root certificates are also more widely accepted by web servers with some web servers not accepting chained root technology. |
|
We recommend using our single root certificates before considering a chained root solution from another provider. |
How Long Does It Take To Issue |
|
If you need an SSL certificate right away online ordering system ensures that you will receive it within a matter of minutes. Some products require documentation to be provided, however these products clearly display the requirements within the product description pages. |
How Many Can Be Ordered |
|
We do not limit the amount of certificates that can be ordered. Go ahead and get as many as you need! |
|
We limit one FreeSSL certificate to a domain name - FreeSSL is only a test certificate designed to help you test your system, however it is fully functional and valid for 30 days. |
| |
|
| |
What Is Browser Ubiquity / Recognition |
|
Browser ubiquity is the term used in the industry to describe the estimated percentage of internet users that will inherently trust an SSL Certificate. The lower the browser ubiquity, the less people will trust your certificate - clearly, if you are operating a commercial site you require as many people as possible to trust your SSL Certificate. As a general rule, any SSL Certificate with over 95% browser ubiquity is acceptable for a commercial site. |
|
Ubiquity is however not the only consideration in deciding whether one SSL Certificate is better than another. Many companies running high transaction volume web sites need to maximize customer confidence and therefore buy certificates from well known, long time security vendors and mostly use the major players e.g. GeoTrust who is WebTrust compliant. |
Can I Secure Multiple Domains |
|
An SSL Certificate is issued to a fully qualified domain name (FQDN). This means that an SSL Certificate issued to "secure.domain.com" cannot be used on different sub domains, such as "www.domain.com". To get around this restriction we have wildcard certificates. Wildcard certificates allow you to secure multiple sub domains on the same domain name, thereby saving you time and money, and of course you do not need to manage multiple certificates on the same server. Most customers secure "www.domain.com" and utilise wildcard certificates if their SSL requirements change. |
What Is The Warranty |
|
We believe it is important to protect the end user. If GeoTrust were to mis-issue a certificate to a fraudulent site, and that fraudulent site has an SSL link with an end user and as a result of this the end user loses money - the warranty to the end user. The end user had what they thought was a "trusted session". GeoTrust should never have provided the fraudster with the ability to engineer this situation. |
|
It is worth noting that some other providers use warranty as a means of adding perceived value to their offerings, as such will offer the same certificate with higher warranties and then charge more for the certificate! It also appears to be common practice that some certificate providers offer a higher warranty in order to lure people into buying chained root certificates. |
|
|
 |
