Blue Ribbon Toll Free: (800) 892-7095

GeoTrust SSL Certificates

at Wholesale Prices in about 10 Minutes*

Customer Login
Home > GeoTrust SSL Certificates > FAQ

Frequently Asked Questions

Questions About the CSR

What is an SSL certificate?

An SSL certificate (also known as a Web Server Certificate, Secure Server Certificate, and Digital Certificate) works with the SSL protocol to secure online communications and transactions, and identifies a remote computer, using cryptography.

SSL certificates are issued by Certification Authorities (CA’s), such as GeoTrust, which vouch for the information contained within the SSL certificate. Embedded within an SSL certificate is the fully-qualified domain name of your web site (server), such as www.yourdomain.com. It may also contain information about your business or organization, such as its legal name and the geographic location where your business is legally registered to conduct business.

back to top

What will an SSL certificate do for my web site?

An SSL certificate will assure your online visitors that confidential information and transactions cannot be viewed, intercepted, or altered by an unauthorized third party when transmitted over the Web or mobile devices.

Examples include:

  • Online banking applications and web services where financial information is exchanged.
  • E-commerce sites where credit card transactions and other payment transactions occur.
  • Customer/User login pages where personal and confidential information is exchanged.
  • Sign-up pages such as newsletters, alerts, mailing lists and other online applications that require users to provide and submit personal information.
  • Webmail, such as Outlook Web Access (OWA), where users can login and view their email securely.
  • Any web page or application that needs to securely submit data to a server.

back to top

How do I know which SSL certificate is right for me?

Choosing the right SSL certificate product can seem confusing at first, until you understand the basics. Please see How To Choose the Right SSL Certificate.

back to top

What do you recommend for Exchange Server Outlook Web Access (OWA)?

Any of the GeoTrust SSL certificates we carry will work with Exchange Server Outlook Web Access (OWA). Please see How To Choose the Right SSL Certificate.

back to top

Do you have test or trial SSL certificates?

At this time GeoTrust does not offer trial certificates. If you purchase a new SSL certificate and decide it’s not right for you, just let us know within the seven-day cancellation window.

back to top

How long does it take to get a Web server certificate?

The GeoTrust QuickSSL and QuickSSL Premium SSL certificates can be applied for and received in about 10 minutes. The processing time for GeoTrust True BusinessID SSL and Wildcard SSL certificates is, on average, about 2 days. There are instances when GeoTrust flags QuickSSL and QuickSSL Premium orders for a manual review and security audit. If this happens it could take longer while GeoTrust completes its review.

back to top

Does it really take just 10 minutes?

The 10 minute delivery time applies to GeoTrust QuickSSL and QuickSSL Premium SSL certificates only. The processing time for GeoTrust True BusinessID SSL and Wildcard SSL certificate is, on average, about 2 days. There are instances when GeoTrust flags QuickSSL and QuickSSL Premium orders for a manual review and security audit. If this happens it could take longer while GeoTrust completes its review.

back to top

How do I place an order for an SSL certificate?

Once you’ve decided which SSL certificate you want to purchase, and have your Certificate Signing Request (CSR) generated, you can place an online order.

back to top

Can I get an SSL certificate if I live outside the United States?

Sure you can. GeoTrust SSL certificates are issued all over the world. There are, however, a handful of countries that, legally, GeoTrust cannot issue to, these are: Angola, Ascension, Cuba, Czechoslovakia, Libya, Iran, Iraq, Afghanistan, North Korea, Syria, and Yugoslavia.

For QuickSSL and QuickSSL Premium certificates you won’t need to send in any supporting business documents. For True BusinessID and Wildcard SSL you will need to fax in proof-of-organization documents issued by your local or state government showing that your business or organization is authorized to do business in your country.

back to top

Do I have to have an SSL certificate for each web page I want to secure?

No. One SSL certificate covers every page within your domain. If your SSL certificate is issued for www.mydomain.com, then your SSL certificate will work for https://www.mydomain.com/index.htm, https://www.mydomain.com/support/about_us.html, https://www.mydomain.com/books/mysteries/authors.html, and so on.

back to top

Once I have an SSL certificate, how and when do I use it?

This is an important topic, so we made tutorial about How To Use Your GeoTrust SSL Certificate.

back to top

What the difference between QuickSSL, QuickSSL Premium, True BusinessID, and Wildcard SSL?

QuickSSL and QuickSSL Premium are authenticated at the domain level only, whereas True BusinessID and Wildcard SSL are authenticated at the domain level and at the company/organization level. Please see How To Choose the Right SSL Certificate.

back to top

What forms of payment are accepted?

Currently we accept payments using American Express, Visa, MasterCard, and PayPal. Companies and Organizations that have made advance arrangements with us may also place an order using a purchase order.

back to top

What information must be submitted to GeoTrust as part of the verification process?

For QuickSSL and QuickSSL Premium certificates you won’t need to send in any supporting business documents for verification. For True BusinessID and Wildcard SSL you will need to fax in proof-of-organization documents issued by your local or state government showing that your business or organization is authorized to do business in your location.

back to top

Do I have to have a Dun and Bradstreet (DUNS) number to apply?

No, you don’t. Sometimes having a DUNS number will help GeoTrust to authenticate your business or organization faster, but it’s not required.

back to top

Can I get a refund once my certificate has been issued?

Yes. GeoTrust will replace, revoke, or refund SSL certificates that have been issued within seven (7) days of the SSL certificate issue date for the same domain. If you order an SSL certificate and decide you no longer want it within seven days of the issue date, your money will be refunded. Learn more about cancellations and refunds.

Are GeoTrust SSL certificates “chained” or “single-root”?

GeoTrust owns all of its roots, and as a result, all of their certificates offer the highest level of stability. Unlike other companies which issue certificates off chained roots or license roots from third parties, GeoTrust is able to offer customers an assurance of root stability throughout the lifetime of every certificate. Some SSL providers may claim they have their own root, but is it fully supported in 99% of all web browsers in use today?

See our list of supported browsers.

back to top

Where can I find more information about GeoAuthorize Merchant Accounts?

Besides the GeoAuthorize main page, there is a separate merchant account FAQ.

back to top

What web browsers are supported?

GeoTrust enjoys 99% browser support, also know as ubiquity, but that’s only part of the story. GeoTrust SSL certificates are also supported in many micro browsers, such as mobile phones and PDA’s.

See our list of supported browsers.

back to top

Will the gold padlock icon illuminate in the browser with GeoTrust SSL certificates?

The gold padlock icon Browser Gold Padlock will illuminate when you use any GeoTrust SSL certificate with the HTTPS protocol.

back to top

How do I know this site is for real and not just trying to yank my chain?

We invite you to contact GeoTrust and inquire as to our relationship. We’ve been marketing, selling, and supporting their great products for years. You may reach GeoTrust by calling 1-866-GeoTrust (866-436-8787) or 678-366-8399 for International callers.

Some of our SSL customers include IBM, General Motors (GM), UCLA, Morgan Stanley, Columbia University, The WD-40 Company, The Circuit Court of Baltimore, The Seattle Seahawks and more. We’ve built a solid business by providing a great product at a fair price followed up by outstanding customer support. We’d like the opportunity to do the same for you.

We’re also a member of our local Better Business Bureau and the Better Business Bureau’s Online Reliability program.

BBB Click To Verify

back to top

Will I be getting exactly the same SSL certificate that GeoTrust offers on their site?

Yes, only for much cheaper. As you place an online order on this site, our system is “talking to” GeoTrust’s system in real time. GeoTrust generates the new SSL certificate and then we send it on to you.

back to top

How can you sell SSL certificates for less than GeoTrust sells them?

There’s really no magic to it. With our direct relationship with GeoTrust we're able to buy large blocks of SSL certificates at deep discounts. We use our buying power to save you money. GeoTrust is happy, we're happy, and you'll be happy for saving money on a name brand SSL certificate at a fair price.

back to top

How much is the renewal price?

Currently our renewal prices are the same as our new SSL certificate prices. So, if the new price of, say ,QuickSSL is $99 today, so is the renewal price for QuickSSL today. Our renewal prices will NEVER be higher than our regular new certificate prices for the same type of SSL certificate.

back to top

If I decide to change ISP’s, can I move my certificate with me?

Yes. Every GeoTrust SSL certificate issued comes with free re-issues and replacements for the life of your SSL certificate for the exact same fully-qualified-domain name. So, if you need move your SSL certificate you may export the keys to your new server, or you may generate a new CSR request on the new server and have your certificate re-issued.

back to top

Will my site need to have a unique IP address for the certificate to work?

Yes. You need to have a unique IP address for each domain you want to secure. This is not a GeoTrust thing, but rather an SSL protocol thing and has to do with the Secure Sockets Layer working below the application layer. Any site that wants to use an SSL certificate must have its own unique IP address that is not shared by another site. The IP can be real (routable) or internal (RFC 1918 non-routable address) but, it must be unique on the server. Please also note that it doesn’t matter if the IP address you assign to the site changes later. If you decide to change the IP address later you won’t need to get a new SSL certificate. The SSL certificate must be bound to an IP, but not a specific IP. Your hosting company should be able to set you up with a unique IP address if you don’t already have one.

back to top

An ISP hosts my site. Can I still purchase and use a GeoTrust SSL certificate on my site?

In most cases, yes. Your hosting company should be able to help you generate your CSR and upload your SSL certificate. Check with your hosting provider to make sure.

back to top

I don’t see a “Domain Approver Email” that will work… how do I change it?

One option is to update the admin/tech contact information on file for your domain at the registrar where your domain is registered. Another option is to setup one of the generic email addresses for the domain, such as admin, administrator, root, hostmaster, webmaster, ssladmin, and sysadmin @yourdomain.com.

back to top

Can I renew my GeoTrust SSL certificate here even though I bought it somewhere else?

Sure, all you need is a Certificate Signing Request (CSR) to get started. Sometimes you can use the CSR from last year, other times you must generate a new CSR. It just depends what type of server environment you’re site is hosted on. If you didn’t originally purchase from this site you should start the order off as a NEW order. As you progress through the online order process, and your CSR is decoded, GeoTrust’s system will let our system know that this is a renewal order and we’ll automatically change your order type from New to Renewal during the ordering process.

back to top

I'm running Microsoft IIS. How do I renew my SSL certificate?

Please see our tutorial: Renewing an IIS 5 or IIS 6 SSL Certificate.

back to top

What does an SSL certificate look like anyway?

The SSL certificate delivered to you will look very much like the CSR you submitted. Here is sample of a completed SSL certificate.

-----BEGIN CERTIFICATE-----
MIIDejCCAuOgAwIBAgIDBAXCMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVB MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZ aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDMwNzMwMDAxNjQ2WhcNMDQwNzMwM WjCB+zELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF3d3dy53YXZlcGF0aGhvc Y29tMVMwUQYDVQQLE0pCdXNpbmVzcyBSZWdpc3RyYXRpb246IGh0dHBzO s+IMCe041a4pV2aCyzaUj7hAhWcUpS7e5zpXMLe6lfZYmIjTUqNQAq1C0 xhNwSBAxCiv8qyg+9rwee5boLFuhi7YAHeteLTkKdvGxxA0K75nMZ0IjO
-----END CERTIFICATE-----

back to top

What is a dynamic Site Seal? Do I need one?

A dynamic site seal is a security icon graphic for you to display on your site. This prominently displayed smart site seal guarantees online visitors they will receive the highest level of encryption possible. Clicking the seal reveals the authenticity of your site.

Get a site seal if you want to assure your online visitors your site is verified by a trusted third party like GeoTrust. Both GeoTrust QuickSSL Premium, GeoTrust True BusinessID, and Wildcard SSL come with dynamic site seals.

The QuickSSL Premium Site Seal

Site Seal SAMPLE ONLY This is an sample QuickSSL Premium site seal. The actual seal will features a live date/time stamp and right-click copy is disabled to prevent spoofing.

The True BusinessID Site Seal

True BusinessID Site Seal This is a sample True Business ID True Site Smart Seal. The actual seal will disable right-click copy-and-save features to prevent spoofing. Your company's name is embedded in the graphic along with a live date/time stamp. Online visitors learn more about your organization by clicking on the "click" icon.

back to top

How do I get my Site Seal on my web pages?

To install your site seal, simply add a few lines of JavaScript code to each web page on which you want the site seal to appear. Learn more about how site seals work and how to install them.

back to top

I have several domain names, will one SSL certificate work for all of them?

One SSL certificate will work for one fully-qualified domain name (FQDN) only. This is because your domain name is embedded into the SSL certificate and is valid only for that domain. If you need to secure different domain names you’ll need a separate SSL certificate for each one. The one exception is a Wildcard SSL certificate, which will secure unlimited sub domains using the same base domain.

back to top

Can I install the same SSL certificate on multiple servers?

Yes, but you’d need a license for each server that you want to install it on. All GeoTrust SSL certificates are licensed on a per physical server basis. As you place an SSL online order you will be given an opportunity to select how many licenses you need.

back to top

How many SSL certificates will I need if I have load-balanced servers?

You’ll need a license for each load-balanced server that you want to install it on. All GeoTrust SSL certificates are licensed on a per physical server basis. So if you have two load-balanced servers you’d need either one SSL certificate licensed for two servers OR two separate SSL certificates licensed for one server each.

back to top

How do I purchase multiple licenses of a single SSL certificate?

When you place an SSL online order you will be given an opportunity to select how many licenses you need.

back to top

I need to secure multiple load-balanced servers, do I use the same CSR for each server?

You have a couple of options here. Let’s say you need to secure three servers that have the same fully-qualified domain name. One way is to generate a private key and CSR for the first server. Then place an online order using that one CSR and select ‘3’ as the number of server licenses you need. We’ll email you a new SSL certificate and you install it on the first server. Then, you export the private key and SSL certificate from the first server to the other two. If you're running Microsoft IIS web servers see Moving SSL Certificates Between Windows IIS Servers

The second option is to generate a separate private key and CSR from each of the three servers and place three separate online orders using each unique CSR for each order. As the orders complete you install each SSL server certificate on its corresponding server.

back to top

Do you support Server Gated Cryptography (SGC)?

Years ago it was illegal in the US to export 128-bit high-encryption due to national security concerns. So, browser developers like Microsoft and Netscape had to offer two versions of their browsers: a high-encryption version for US customers and a low-encryption export version for customers outside the US. The export versions could only support up to 56-bit encryption. Server Gated Cryptography (SGC) was a way to legally “bump up” a session to a 128-bit connection even on the low-encryption export browsers. In early 2000 the US government relaxed its ban on exporting high-encryption, making it available for export outside the US, and, as a result, the need for SGC began to fade away. For this reason GeoTrust made a decision not to offer SGC.

back to top

I need an X.509 SSL certificate, do you have that?

X.509 is a standard for public key infrastructure. All GeoTrust SSL certificates are X.509 compliant.

back to top

Are the GeoTrust root CA certificates pre-installed in popular web browsers?

Yes, you will see the GeoTrust roots listed as Equifax. GeoTrust owns the Equifax roots. In Internet Explorer, from the top menu, go to Tools > Internet Options then select the Content tab. In the Certificates section click the Certificate button and then select the Trusted Root Certification Authorities tab. Scroll down in the list to see the Equifax root certificates pre-installed.

GeoTrust Equifax Roots Pre-installed in IE

back to top

How are GeoTrust and Equifax related?

GeoTrust was founded years ago by a few key people from Equifax Secure. In 2001 GeoTrust acquired Equifax Secure, which included the Equifax root certificates. Now, GeoTrust has become the world’s second largest SSL provider.

back to top

If I install a GeoTrust SSL certificate, will users of my site have to install anything on their end?

GeoTrust’s root certificates come pre-installed on 99% of all web browsers in use today. So, unless the user is using a very, very old browser, he or she won’t have to do or install anything when they visit your site. The user experience will be seamless.

back to top

What is the encryption strength of GeoTrust certificates?

All GeoTrust SSL certificates now support up to 256-bit encryption. That means that if the user’s browser supports 256 and your web server supports 256, the SSL session will be 256. If 256 is not supported by both the browser and the server, the SSL session steps down to 128. Mozilla’s Firefox web browser now supports 256 and others, such as Microsoft, are likely to follow. Going forward the shift will be from 128 to 256.

back to top

Will GeoTrust certs work in smartphones and other PDA devices?

Yes. Please see a complete list of supported web browsers and micro-browsers.

back to top

My domain is registered to me as an individual, can I still get a cert?

Yes. If you domain is registered to, say, Jane Doe, then you will need to generate your CSR with "Jane Doe" in the Organization field (where you would normally put your company's name). Then, once you have placed an online order, you will be required to fax in a copy of your valid drivers license or valid passport, issued to "Jane Doe". Keep in mind that this does not apply to QuickSSL nor QuickSSL Premium; which do not require any proof-of-organization documents.

back to top

Can I get an SSL certificate for an IP address?

Yes, but it’s difficult. First, you’d have to choose the True BusinessID SSL certificate and not QuickSSL. This is because QuickSSL is authenticated at the domain level, and, since there’s no domain to authenticate, that type of certificate cannot be used. Additionally, you’d have to prove that your organization has the rights to use the IP you’re trying to secure. This would require the organization listed in the ARIN WHOIS database for the IP to write a letter stating that your organization has permission to use the IP for a specific period of time.

back to top

If we change our IP address do we have to get a new SSL certificate?

No. The SSL session is bound to an IP address, but not a specific one. If you change your IP you don’t need a new SSL certificate.

back to top

Do you have a reseller or affiliate program?

Right now you can join GeoCerts' reseller program to offer Authorize.Net Merchant Accounts to your clients. Learn more about the GeoAuthorize Value Added Reseller program. A VAR program for SSL certificates is in works and will be offered soon.

back to top

What should I do if my company is not the registered owner of the domain?

This would only be a concern if you are trying to purchase a True BusinessID or Wildcard SSL certificate. If your company is not the registered owner of the domain, as verified through a WHOIS lookup, you must get the registrant information changed prior to submitting an SSL certificate application. You can usually change the registrant information yourself by logging in where you registered your domain and making the changes. Any changes you make to the WHOIS record may take 24-48 hours to update.

back to top

How will I know if my application for a GeoTrust Web server certificate has been successful?

You will be notified when the verification process is complete. If your application has been accepted, you will receive your SSL certificate via email.

back to top

What can I do if my application is not successful?

If your SSL certificate application is rejected, you can work with the Support Team to determine the best way to submit a new application.

back to top

What is a Wildcard SSL certificate?

A Wildcard SSL certificate is used to secure unlimited sub domains that share a common base domain. For example, if your base domain is ‘books.com’, you can secure sales.books.com, www.books.com, secure.books.com, and shop.books.com with one Wildcard SSL certificate.

back to top

How do I use a Wildcard SSL certificate in IIS?

Say you have five sites in IIS where you want to use one Wildcard SSL certificate. You’d pick one of the sites and generate a CSR in IIS for that site using *.yourdomain.com as the Common Name field. When the order is complete and the Wildcard certificate is sent to you by email, you go back to that site in IIS and import the Wildcard certificate. Then, using the Web Server Certificate Wizard in IIS, go to each of the other four sites and assign an existing certificate to each of the remaining four sites. Note that each site using the Wildcard SSL certificate must have its own IP.

back to top

How many sub domains can I secure with a Wildcard certificate?

Unlimited, as long as each sub domain shares the same common base domain. If your base domain is ‘books.com’, you can secure sales.books.com, www.books.com, secure.books.com, and shop.books.com with one Wildcard SSL certificate.

back to top

What is a Certificate Signing Request (CSR)?

The Certificate Signing Request (CSR) is a small, encrypted text file. The CSR contains information about your organization and the domain you wish to secure. A CSR is what you give to a Certification Authority, such as GeoTrust, to generate your SSL certificate. It is an essential part of obtaining an SSL certificate.

Learn more About the CSR.

back to top

How do I generate a CSR?

If you have access to your web server you can generate your own CSR, otherwise your hosting provider or server administrator will need to help you. Some well known control panels (Ensim, Plesk, cPanel, etc.) will allow you to generate your own CSR if your hosting provider has enabled that feature for you. How you generate your CSR depends on the brand of web server software your domain is hosted on.

back to top

What does a completed CSR look like?

The completed CSR looks like a big block of random text.

-----BEGIN NEW CERTIFICATE REQUEST-----
MIIDejCCAuOgAwIBAgIDBAXCMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVB MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZ aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDMwNzMwMDAxNjQ2WhcNMDQwNzMwM WjCB+zELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF3d3dy53YXZlcGF0aGhvc Y29tMVMwUQYDVQQLE0pCdXNpbmVzcyBSZWdpc3RyYXRpb246IGh0dHBzO s+IMCe041a4pV2aCyzaUj7hAhWcUpS7e5zpXMLe6lfZYmIjTUqNQAq1C0
3/TGKztiJVBqALB3VdYPiXDDsprZ7LfQ5Do43qej
-----END NEW CERTIFICATE REQUEST-----

back to top

Should I include the ---- BEGIN CERTIFICATE REQUEST----

Yes. You should include ---- BEGIN CERTIFICATE REQUEST----,
---- END CERTIFICATE REQUEST----, and everything in-between.

back to top

Are there any characters I can’t use in my CSR?

You cannot use any of the following characters in your CSR:
< > ~ ! @ # $ % ^ * / \ ( ) ? & ,

Note that the asterisk (*) may be used for Wildcard certificate CSR's only. Also, do not include http:// or https:// in your Common Name.

back to top

Should I use https:// in my CSR?

No. Please do not include http:// or https:// in your CSR's Common Name.

back to top

Can I sign up without a CSR and just submit one later?

No. You must have a CSR for your domain before you can apply for an SSL certificate.

back to top

What is the Common Name (CN) in the CSR?

The Common Name (CN) is the fully-qualified domain name for your web server. This must be an exact match. For example: if you intend to secure the URL https://www.yourdomain.com, then your CSR's Common Name must be www.yourdomain.com.

Learn more About the CSR.

back to top

Should I have a ‘www’ in my CSR’s Common Name?

This depends on what your users will see in their browser’s address bar. If your users will see https://www.domain.com then you should use a www.domain.com in your CSR.

Learn more About the CSR.

back to top

I need a CSR for a Wildcard SSL certificate, what do I use for the Common Name (CN)?

Let’s say you want to secure all of these domains:
maui.hawaii.com
oahu.hawaii.com
kaui.hawaii.com
www.hawaii.com
Then you should use *.hawaii.com for your CSR’s Common Name.

Let’s say you want to secure all of these domains:
alpha.dns.site.com
bravo.dns.site.com
charlie.dns.site.com
delta.dns.site.com
Then you should use *.dns.site.com for your CSR’s Common Name.

The asterisks (*) represents the “wildcard” part of the domain.

back to top

I need to secure multiple load-balanced servers, do I use the same CSR for each server?

You have a couple of options here. Let’s say you need to secure three servers that have the same fully-qualified domain name. One way is to generate a private key and CSR for the first server. Then place an online order using that one CSR and select ‘3’ as the number of server licenses you need. When the SSL order is complete you install the SSL server certificate we send you on the first server. Then, you export the private key and SSL certificate from the first server to the other two.

The second option is to generate a separate private key and CSR from each of the three servers and place three separate online orders using each unique CSR for each order. As the orders complete you install each SSL server certificate on its corresponding server.

back to top

Should I use the host name of my box or my virtual web site in the CSR?

You should use the fully-qualified domain name of the site you are trying to secure, not the host name of the box (unless they are the same).

back to top