Why are SSL certificates from SSLPOINT so cheap?
SSLPOINT offers a full range of SSL certificates from leading Certificate Authorities (Comodo, GeoTrust, Thawte and Symantec). Since we order many certificates in bulk we are able to get them at a very low price.
Thus ordering an SSL certificate at SSLPOINT will save you up to 75% compared to the retail price of the Certificate Authorities. You will get the same SSL certificate – just at a very low price.
What is SSL ?
The SSL protocol is the web standard for encrypting communications between users and SSL e-commerce sites. Data sent via a SSL connection is protected by encryption, a mechanism that prevents eavesdropping and tampering with any transmitted data. SSL provides businesses and consumers with the confidence that private data sent to a web site, such as credit card numbers, are kept confidential. SSL Certificates are required to initialize an SSL session.
Customers know when they have an SSL session when their browser displays the little gold padlock and the address bar begins with a https rather than http. SSL Certificates can be used on web servers for internet security and mail servers such as IMAP, POP3 and SMTP for mail collection / sending security.
128 and 256 Bit SSL Certificates are usually used to protect information whilst it is being entered into an online form, securing e-mail, servers and ftp.
What is a Wildcard Certificate ?
Wildcard certificates can be used to secure multiple sub domains on a single domain name. e.g. it secures shop.example.com, ssl.example.com, admin.example.com etc.
Please use *.example.com as common name with your Certificate Signing Request (CSR).
Can I Secure Multiple Domains ?
An SSL Certificate is issued to a fully qualified domain name (FQDN). This means that an SSL Certificate issued to “secure.example.com” cannot be used on different sub domains, such as “www.example.com”.
To get around this restriction we have Wildcard SSL Certificates. Wildcard SSL Certificates allow you to secure multiple sub domains on the same domain name, thereby saving you time and money, and of course you do not need to manage multiple SSL Certificates on the same server.
Most customers secure “ssl.example.com” and use wildcard SSL Certificates if their SSL requirements change.
Can I secure an internal host name (server.local) ?
Internal host names are not longer allowed in certificates that are issued by trusted Certificate Authorities like Comodo, GeoTrust, thawte, Symantec and others. Certificate Authorities made a decision to deprecate the usage of reserved IP addresses and internal names for certificates, effective November 1st 2015. Certificates that have already been issued with an expiry date later than 01/Nov/2015 have to be revoked.
If you have ordered a Multi-Domain (UCC / SAN) SSL certificate that includes an internal domain name you may delete the internal host name(s) from the list of SAN and re-issue the certificate via the client portal.
More info can also be found in our blog: Learn more…
How does the Authentication Process work ?
Domain Validated SSL Certificates
The Certificate Authority will send an email to approve the certificate request, either to the Administrative Contact listed in the WHOIS database for the domain name requested. You can also choose a generic email address during the order process like admin@example.com, administrator@example.com, postmaster@example.com, hostmaster@example.com or webmaster@example.com
After the certificate request has been approved by the domain contact, the certificate will be issued instantly.
Organization Validated SSL Certificates
The Certificate Authority will send an email to approve the certificate request, either to the Administrative Contact listed in the WHOIS database for the domain name requested. You can also choose a generic email address during the order process like admin@example.com, administrator@example.com, postmaster@example.com, hostmaster@example.com or webmaster@example.com
After the certificate request has been approved by the domain contact, you will have to send supporting business documents of the company to the Certificate Authority by postal mail, fax or email (PDF attachments). If the order is for a commercial entity you will need to send the following documents: Certificate of Incorporation, Business License, DUNS number (if applicable). If the Certificate Authority is unable to verify your documents, a Professional Opinion Letter from a lawyer or accountant may be needed.
It may take up to 10 business days until your certificate is issued.
SSL Certificates with Extended Validation (EV)
The Certificate Authority will send an email to approve the certificate request, either to the Administrative Contact listed in the WHOIS database for the domain name requested. You can also choose a generic email address during the order process like admin@example.com, administrator@example.com, postmaster@example.com, hostmaster@example.com or webmaster@example.com
After the certificate request has been approved by the domain contact, you will have to send supporting business documents of the company to the Certificate Authority by mail, fax or email (PDF attachments).
The Certificate Authority must be able to confirm all of the following organizational registration requirements:
Official government agency records must include:
- The organization’s registration number.
- The organization’s date of registration/incorporation.
- The organization’s registered address (or the address of the organization’s registered agent).
A non-government data source (such as Dun & Bradstreet) must include the organization’s place of business address if it is not included in the Government agency records
If the organization has been registered for less than three years, the Certificate Authority must verify operational existence through one of the following means:
- Through a non-government data source (such as Dun & Bradstreet) – or-
- By verifying the organization has an active demand deposit account (such as a checking account) with a regulated financial institution through a Lawyer’s Opinion Letter or directly with the financial institution.
If the Certificate Authority is unable to verify your documents and/or telephone number, a Professional Opinion Letter from a lawyer or accountant may be needed.
It may take up to 10 business days until your certificate is issued.
How Long Does It Take To Issue My SSL Certificate?
Domain Validated certificates are usually issued within a few minutes.
As documentation has to be provided for Business Organization and Extended Validated certificates it may take 5-10 business days until your certificate is issued by the Certificate Authority.
How can I renew my existing certificate ?
A renewal of an existing certificate is similar to a new order:
* Kindly place your order online via our website
* Please submit a CSR for your host name
* After the validation process has been completed, a new certificate will be issued (with the new expiry date)
* Install this new certificate on your device to secure your application and server
The Certificate Authority will add up to 30 days to the expiry date of the new certificate.
You may renew your certificate early without losing any remaining days.
What Browsers Are Supported ?
Our SSL Certificates are compatible with IE 5.01+, Netscape 4.7+, Mozilla 1+, AOL 5+, Firefox, Safari and many newer Windows, Macintosh and Android based browsers. All certificates listed are trusted by over 99% of the popular browsers.
What Is Browser Ubiquity / Recognition ?
Browser ubiquity is the term used in the industry to describe the estimated percentage of internet users that will inherently trust an SSL Certificate. The lower the browser ubiquity, the less people will trust your certificate – clearly, if you are operating a commercial site you require as many people as possible to trust your SSL Certificate. As a general rule, any SSL Certificate with over 95% browser ubiquity is acceptable for a commercial site.
Ubiquity is however not the only consideration in deciding whether one SSL Certificate is better than another. Many companies running high transaction volume web sites need to maximize customer confidence and therefore buy certificates from well known, long time security vendors and mostly use the major players.
How To Generate Your Certificate Signing Request
The following links will take you to the CSR (Certificate Signing Request) instructions for various servers and control panels. The documentation is provided by our partners, click the relevant link below and it will open in a new window.
Generally the process for generating a CSR is the same for all SSL Certificate types, we recommend you review the documentation that came with your hosting control panel or server. Be sure to come back to our site to complete your order:
GlobalSign CSR Instructions
Comodo CSR Instructions
DigiCert CSR Instructions
You can also use our Online CSR Tool to create a new Private Key and a corresponding Certificate Signing Request (CSR).
Please contact us if you need support for an unlisted application.
What is a Certificate Signing Request (CSR) ?
A CSR (Certificate Signing Request) is required to order an SSL Certificate.
The CSR is generated from within your hosting control panel, web server software or server operating system software.
Required Intermediate Certificates (CA Certificates)
To successfully install your SSL Certificate you may be required to install an Intermediate CA Certificate.
Please review the next FAQ paragraph SSL Certificate Installation Instructions carefully to determine if an Intermediate CA Certificate is required, how to obtain it and correctly import it into your system.
You can download an intermediate certificate bundle for your product here:
https://www.sslpoint.com/ca-intermediate-certificates/
SSL Certificate Installation Instructions
The following link will take you to the SSL Certificate installation instructions for various servers and control panels. The documentation is provided by our partners. Click the link below and it will open in a new window.
GlobalSign SSL Certificate Installation Instructions
Comodo SSL Certificate Installation Instructions
DigiCert SSL Certificate Installation Instructions
How To Verify Your SSL Certificate Installation
Please follow this link to check your SSL installation:
Qualys – SSL Server Test
How to convert a certificate from PEM to PFX (PKSC12)
You can convert the certificate using OpenSSL which is available for many platforms.
Download a pre-compiled binary for Windows here: https://wiki.openssl.org/index.php/Binaries
To convert your certificate to PFX, run the following command:
1 | openssl pkcs12 -export -out certificate.pfx -inkey private.key -in certificate.crt -certfile CACert.crt |
openssl pkcs12 -export -out certificate.pfx -inkey private.key -in certificate.crt -certfile CACert.crt
Placeholders:
certificate.pfx: new certificate (in PKCS12/PFX format)
private.key: private key file
certificate.crt: certificate file
CACert.crt: intermediate certificate file
What is a Code Signing Certificate ?
Code Signing Certificates are digital certificates that provide a digital signature to verify the identity of the author or build system, and a checksum to verify that the object has not been altered or modified.
How is a Code Signing Certificate validated ?
A code signing certificate is an identity certificate so you will have to prove your identity to the Certificate Authority.
Registered Organizations (e.g. Inc., Ltd., etc.):
1) Validation of Legal Name (Companies Registry)
2) Validation of Address (Companies Registry or D-U-N-S® number)
3) Validation of Domain Name (WHOIS record)
4) Validation of Telephone Number (public telephone directory)
Individual Developers:
1) Validation of Name (copy of Passport/Driver’s License)
2) Validation of Address (utility bill)
3) Validation of Domain Name (WHOIS record)
4) Validation of Telephone Number (public telephone directory)
Please note that documents for individual’s applications need to be legalized. This can usually be done by a notary public or a local court for a small fee.
It takes approximately 2-5 business days for the validation process to be completed by the Certificate Authority.
Who can apply for a Code Signing Certificate ?
Every registered company and every individual software developer can apply for a Code Signing Certificate.
SSLPOINT provides Code Signing Certificates from the most trusted Certificate Authorities, including Comodo, thawte and Symantec:
Code Signing for Organizations
Comodo Code Signing Certificate
Thawte Code Signing Certificate (Organization)
Symantec Code Signing Certificate
Code Signing for Individual Developers
Comodo Code Signing Certificate
Thawte Code Signing Certificate (Individual)
Symantec Code Signing Certificate
For an overview, please visit:
Code Signing Certificates (Comodo, thawte, Symantec)
Important information for enrollment
Please follow these steps to go through the validation process smoothly:
Use a recent version of the Firefox browser during enrollment
Please use a recent version of the Firefox browser during the enrollment process. This browser supports auto-generation of the private key and certificate signing request. After the certificate has been issued and collected, it can be easily exported for use with other applications.
Use your legal name
When filling out the application form make sure you use your legal name in the Publisher Name field. Your legal name can be your personal name if you’re ordering individually or the exact company name if you enroll in the name of a registered company.
Use an Email address with a domain name owned by you or your company
The Certificate Authority will look at the WHOIS of the domain you use on the enrollment page so please make sure any WhoisGuard or Privacy options have been disabled. You can re-apply any privacy settings once the Certificate Authority has verified domain ownership.
Use a registered telephone number
Please make sure your phone number is listed in a directory like Superpages, BBB or Dun and Bradstreet. Telephone verification is a mandatory step during the validation process.
Where can I download my Code Signing Certificate ?
To pickup your code signing certificate, please follow these instructions:
Certum Code Signing SimplySign
GlobalSign Code Signing via Fortify
How can I renew my existing code signing certificate ?
A renewal of an existing certificate is similar to a new order:
* Kindly place your order online via our website
* Please follow the instructions for validation
* After the validation process has been completed, a new certificate will be issued (with the new expiry date)
* Install this new certificate on your device to sign your software and code
Hint:
We recommend to order the maximum validity period for your certificate to avoid the time-consuming validation and installation process.
How to export a Code Signing Certificate ?
Starting June 1st, 2023 at 00:00 UTC, all private keys for standard code signing certificates must be stored on hardware that is certified as FIPS 140 Level 2, Common Criteria EAL 4+, or equivalent.
Read more: New private key storage requirement for Standard Code Signing certificates
Therefore, codesigning certificates coont be exported from the token.