Toll Free: 800-892-7095
Code Signing Certs!
Frequently Asked Questions
Questions About the CSR
What is an SSL certificate?An SSL certificate (also known as a Web Server Certificate, Secure Server Certificate, and Digital Certificate) works with the SSL protocol to secure online communications and transactions, and identifies a remote computer, using cryptography. SSL certificates are issued by Certification Authorities (CA's), such as GeoTrust, which vouch for the information contained within the SSL certificate. Embedded within an SSL certificate is the fully-qualified domain name of your web site (server), such as www.yourdomain.com. It may also contain information about your business or organization, such as its legal name and the geographic location where your business is legally registered to conduct business. What will an SSL certificate do for my web site?An SSL certificate will assure your online visitors that confidential information and transactions cannot be viewed, intercepted, or altered by an unauthorized third party when transmitted over the Web or mobile devices. Examples include:
How do I know which SSL certificate is right for me?Give our SSL Selection Wizard a try. Do you have test or trial SSL certificates?Yes! Try QuickSSL free for 30-days. How long does it take to get a Web server certificate?The GeoTrust QuickSSL and QuickSSL Premium SSL certificates can be applied for and received in about 10 minutes. The processing time for GeoTrust True BusinessID SSL and Wildcard SSL certificates is, on average, about 2 days. There are instances when GeoTrust flags QuickSSL and QuickSSL Premium orders for a manual review and security audit. If this happens it could take longer while GeoTrust completes its review. Does it really take just 10 minutes?The 10 minute delivery time applies to GeoTrust QuickSSL and QuickSSL Premium SSL certificates only. The processing time for GeoTrust True BusinessID SSL and Wildcard SSL certificate is, on average, about 2 days. There are instances when GeoTrust flags QuickSSL and QuickSSL Premium orders for a manual review and security audit. If this happens it could take longer while GeoTrust completes its review. How do I place an order for an SSL certificate?Once you've decided which SSL certificate you want to purchase, and have your Certificate Signing Request (CSR) generated, you can place an online order. Can I get an SSL certificate if I live outside the United States?Sure you can. GeoTrust SSL certificates are issued all over the world. There are, however, a handful of countries that, legally, GeoTrust cannot issue to, these are: Angola, Ascension, Cuba, Czechoslovakia, Libya, Iran, Iraq, Afghanistan, North Korea, Syria, and Yugoslavia. For QuickSSL and QuickSSL Premium certificates you won't need to send in any supporting business documents. For True BusinessID and Wildcard SSL you may need to fax in proof-of-organization documents issued by your local or state government showing that your business or organization is authorized to do business in your country. Do I have to have an SSL certificate for each web page I want to secure?No. One SSL certificate covers every page within your domain. If your SSL certificate is issued for www.mydomain.com, then your SSL certificate will work for https://www.mydomain.com/index.htm, https://www.mydomain.com/support/about_us.html, https://www.mydomain.com/books/mysteries/authors.html, and so on. Once I have an SSL certificate, how and when do I use it?This is an important topic, so we made tutorial about How To Use Your GeoTrust SSL Certificate. What's the difference between QuickSSL, QuickSSL Premium, True BusinessID, and Wildcard SSL?QuickSSL and QuickSSL Premium are authenticated at the domain level only, whereas True BusinessID and Wildcard SSL are authenticated at the domain level and at the company/organization level. What forms of payment are accepted?Currently we accept payments using American Express, Visa, MasterCard, and PayPal. Companies and Organizations that have made advance arrangements with us may also place an order using a purchase order. What information must be submitted to GeoTrust as part of the verification process?For QuickSSL and QuickSSL Premium certificates you won't need to send in any supporting business documents for verification. For True BusinessID and Wildcard SSL you may need to fax in proof-of-organization documents issued by your local or state government showing that your business or organization is authorized to do business in your location. Do I have to have a Dun and Bradstreet (DUNS) number to apply?No, you don't. Sometimes having a DUNS number will help GeoTrust to authenticate your business or organization faster, but it's not required. Can I get a refund once my certificate has been issued?Yes. GeoTrust will replace, revoke, or refund SSL certificates that have been issued within thirty (30) days of the SSL certificate issue date for the same domain. If you order an SSL certificate and decide you no longer want it within thirty days of the issue date, your money will be refunded. Learn more about cancellations and refunds. What web browsers are supported?GeoTrust enjoys 99% browser support, also know as ubiquity, but that's only part of the story. GeoTrust SSL certificates are also supported in many micro browsers, such as mobile phones and PDA's. See our list of supported browsers. Will the gold padlock icon illuminate in the browser with GeoTrust SSL certificates?The gold padlock icon How do I know this site is for real and not just trying to yank my chain?We invite you to contact GeoTrust and inquire as to our relationship. We've been marketing, selling, and supporting their great products for years. You may reach GeoTrust by calling 1-866-GeoTrust (866-436-8787) or 678-366-8399 for International callers. Some of our SSL customers include IBM, General Motors (GM), UCLA, Morgan Stanley, Columbia University, The WD-40 Company, The Circuit Court of Baltimore, The Seattle Seahawks and more. We've built a solid business by providing a great product at a fair price followed up by outstanding customer support. We'd like the opportunity to do the same for you. Will I be getting exactly the same SSL certificate that GeoTrust offers on their site?Yes, only for much cheaper. As you place an online order on this site, our system communicates with GeoTrust's system in real time. GeoTrust generates the new SSL certificate and then we send it on to you. How can you sell SSL certificates for less than GeoTrust sells them?There's really no magic to it. With our direct relationship with GeoTrust we're able to buy large blocks of SSL certificates at deep discounts. We use our buying power to save you money. GeoTrust is happy, we're happy, and you'll be happy for saving money on a name brand SSL certificate at a fair price. How much is the renewal price?Currently our renewal prices are the same as our new SSL certificate prices. So, if the new price of, say ,QuickSSL is $99 today, so is the renewal price for QuickSSL today. Our renewal prices will NEVER be higher than our regular new certificate prices for the same type of SSL certificate. If I decide to change ISP's, can I move my certificate with me?Yes. Every GeoTrust SSL certificate issued comes with free re-issues and replacements for the life of your SSL certificate for the exact same fully-qualified-domain name. So, if you need move your SSL certificate you may export the keys to your new server, or you may generate a new CSR request on the new server and have your certificate re-issued. Will my site need to have a unique IP address for the certificate to work?Yes. You need to have a unique IP address for each domain you want to secure. This is not a GeoTrust thing, but rather an SSL protocol thing and has to do with the Secure Sockets Layer working below the application layer. Any site that wants to use an SSL certificate must have its own unique IP address that is not shared by another site. The IP can be real (routable) or internal (RFC 1918 non-routable address) but, it must be unique on the server. Please also note that it doesn't matter if the IP address you assign to the site changes later. If you decide to change the IP address later you won't need to get a new SSL certificate. The SSL certificate must be bound to an IP, but not a specific IP. Your hosting company should be able to set you up with a unique IP address if you don't already have one. An ISP hosts my site. Can I still purchase and use a GeoTrust SSL certificate on my site?In most cases, yes. Your hosting company should be able to help you generate your CSR and upload your SSL certificate. Check with your hosting provider to make sure. Can I renew my GeoTrust SSL certificate here even though I bought it somewhere else?Sure, all you need is a Certificate Signing Request (CSR) to get started. Sometimes you can use the CSR from last year, other times you must generate a new CSR. It just depends what type of server environment you're site is hosted on. If you didn't originally purchase from this site you should start the order off as a NEW order. As you progress through the online order process, and your CSR is decoded, GeoTrust's system will let our system know that this is a renewal order and we'll automatically change your order type from New to Renewal during the ordering process. I'm running Microsoft IIS. How do I renew my SSL certificate?Please see our tutorial: Renewing an IIS SSL Certificate. What does an SSL certificate look like anyway?The SSL certificate delivered to you will look very much like the CSR you submitted. Here is sample of a completed SSL certificate.
What is a dynamic Site Seal? Do I need one?A dynamic site seal is a security icon graphic for you to display on your site. This prominently displayed smart site seal guarantees online visitors they will receive the highest level of encryption possible. Clicking the seal reveals the authenticity of your site. Get a site seal if you want to assure your online visitors your site
is verified by a trusted third party like GeoTrust. Both GeoTrust QuickSSL
Premium, GeoTrust True BusinessID, and Wildcard SSL come with dynamic
site seals. The QuickSSL Premium Site Seal
The True BusinessID Site Seal
How do I get my Site Seal on my web pages?To install your site seal, simply add a few lines of JavaScript code to each web page on which you want the site seal to appear. Learn more about how site seals work and how to install them. I have several domain names, will one SSL certificate work for all of them?You can secure more than one fully-qualified-domain (FQDN) with one SSL certificate but you have to choose the right SSL product.
Can I install the same SSL certificate on multiple servers?Yes. Go crazy! Install your SSL certificate on as many servers as you like with our unlimted server licensing policy. Do you support Server Gated Cryptography (SGC)?Years ago it was illegal in the US to export 128-bit high-encryption due to national security concerns. So, browser developers like Microsoft and Netscape had to offer two versions of their browsers: a high-encryption version for US customers and a low-encryption export version for customers outside the US. The export versions could only support up to 56-bit encryption. Server Gated Cryptography (SGC) was a way to legally “bump up” a session to a 128-bit connection even on the low-encryption export browsers. In early 2000 the US government relaxed its ban on exporting high-encryption, making it available for export outside the US, and, as a result, the need for SGC began to fade away. For this reason GeoTrust made a decision not to offer SGC. I need an X.509 SSL certificate, do you have that?X.509 is a standard for public key infrastructure. All GeoTrust SSL certificates are X.509 compliant. Are the GeoTrust root CA certificates pre-installed in popular web browsers?Yes, you will see the GeoTrust roots listed as GeoTrust or Equifax. In Internet Explorer, from the top menu, go to Tools > Internet Options then select the Content tab. In the Certificates section click the Certificate button and then select the Trusted Root Certification Authorities tab.
How are GeoTrust and Equifax related?GeoTrust was founded years ago by a few key people from Equifax Secure. In 2001 GeoTrust acquired Equifax Secure, which included the Equifax root certificates. Now, GeoTrust has become the world's second largest SSL provider. If I install a GeoTrust SSL certificate, will users of my site have to install anything on their end?GeoTrust's root certificates come pre-installed on 99% of all web browsers in use today. So, unless the user is using a very, very old browser, he or she won't have to do or install anything when they visit your site. The user experience will be seamless. What is the encryption strength of GeoTrust certificates?All GeoTrust SSL certificates now support up to 256-bit encryption. That means that if the user's browser supports 256 and your web server supports 256, the SSL session will be 256. If 256 is not supported by both the browser and the server, the SSL session steps down to 128. Mozilla's Firefox web browser now supports 256 and others, such as Microsoft, are likely to follow. Going forward the shift will be from 128 to 256. Will GeoTrust certs work in smartphones and other PDA devices?Yes. Please see a complete list of supported web browsers and micro-browsers. My domain is registered to me as an individual, can I still get a cert?Yes. If you domain is registered to, say, Jane Doe, then you will need to generate your CSR with "Jane Doe" in the Organization field (where you would normally put your company's name). Then, once you have placed an online order, you will be required to fax in a copy of your valid drivers license or valid passport, issued to "Jane Doe". Keep in mind that this does not apply to QuickSSL nor QuickSSL Premium; which do not require any proof-of-organization documents. Can I get an SSL certificate for an IP address?Currently we do not offer a cert for an IP address (rather than a FQDN). If we change our IP address do we have to get a new SSL certificate?No. The SSL session is bound to an IP address, but not a specific one. If you change your IP you don't need a new SSL certificate. Do you have a reseller program?Yes we do! Check it out What should I do if my company is not the registered owner of the domain?This would only be a concern if you are trying to purchase a True BusinessID or Wildcard SSL certificate. If your company is not the registered owner of the domain, as verified through a WHOIS lookup, you must get the registrant information changed prior to submitting an SSL certificate application. You can usually change the registrant information yourself by logging in where you registered your domain and making the changes. Any changes you make to the WHOIS record may take 24-48 hours to update. How will I know if my application for a GeoTrust Web server certificate has been successful?You will be notified when the verification process is complete. If your application has been accepted, you will receive your SSL certificate via email. What is a Wildcard SSL certificate?A Wildcard SSL certificate is used to secure unlimited sub domains that share a common base domain. For example, if your base domain is ‘books.com', you can secure sales.books.com, www.books.com, secure.books.com, and shop.books.com with one Wildcard SSL certificate. How do I use a Wildcard SSL certificate in IIS?Say you have five sites in IIS where you want to use one Wildcard SSL certificate. You'd pick one of the sites and generate a CSR in IIS for that site using *.yourdomain.com as the Common Name field. When the order is complete and the Wildcard certificate is sent to you by email, you go back to that site in IIS and import the Wildcard certificate. Then, using the Web Server Certificate Wizard in IIS, go to each of the other four sites and assign an existing certificate to each of the remaining four sites. Note that each site using the Wildcard SSL certificate must have its own IP. How many sub domains can I secure with a Wildcard certificate?Unlimited, as long as each sub domain shares the same common base domain. If your base domain is ‘books.com', you can secure sales.books.com, www.books.com, secure.books.com, and shop.books.com with one Wildcard SSL certificate. What is a Certificate Signing Request (CSR)?The Certificate Signing Request (CSR) is a small, encrypted text file. The CSR contains information about your organization and the domain you wish to secure. A CSR is what you give to a Certification Authority, such as GeoTrust, to generate your SSL certificate. It is an essential part of obtaining an SSL certificate. Learn more About the CSR. How do I generate a CSR?If you have access to your web server you can generate your own CSR, otherwise your hosting provider or server administrator will need to help you. Some well known control panels (Ensim, Plesk, cPanel, etc.) will allow you to generate your own CSR if your hosting provider has enabled that feature for you. How you generate your CSR depends on the brand of web server software your domain is hosted on. What does a completed CSR look like?The completed CSR looks like a big block of random text.
Should I include the ---- BEGIN CERTIFICATE REQUEST----Yes. You should include ---- BEGIN CERTIFICATE REQUEST----, Are there any characters I can't use in my CSR?You cannot use any of the following characters in your CSR: Note that the asterisk (*) may be used for Wildcard certificate CSR's only. Also, do not include http:// or https:// in your Common Name. Should I use https:// in my CSR?No. Please do not include http:// or https:// in your CSR's Common Name. Can I sign up without a CSR and just submit one later?No. You must have a CSR for your domain before you can apply for an SSL certificate. What is the Common Name (CN) in the CSR?The Common Name (CN) is the fully-qualified domain name for your web server. This must be an exact match. For example: if you intend to secure the URL https://www.yourdomain.com, then your CSR's Common Name must be www.yourdomain.com. Learn more About the CSR. Should I have a ‘www' in my CSR's Common Name?If you want to secure both the www and non-www version of your site it is recommended that you use 'www.mydomain.comn' in your CSR. Learn more About the CSR. I need a CSR for a Wildcard SSL certificate, what do I use for the Common Name (CN)?Let's say you want to secure all of these domains: Let's say you want to secure all of these domains: The asterisks (*) represents the “wildcard” part of the domain. I need to secure multiple load-balanced servers, do I use the same CSR for each server?If you need to install an SSL certificate and private key on multiple servers you should generate a CSR from the first machine and isntall the issued SSL certificate on that machine. Once installed on the first machine you should make a backup of your private key and SSL certificate and import it to machine #2, and so on. So, you will only be generating one CSR and using the same keys for each machine. If you are working with Windows IIS servers this is an easy task. Please see our tutorial Exporting/Importing SSL Certificates Between Windows Servers. Should I use the host name of my box or my virtual web site in the CSR?You should use the fully-qualified domain name of the site you are trying to secure, not the host name of the box (unless they are the same). |
Multi-domain SSL. It's Here!
Our Customers(see more)
|
will illuminate when you use any GeoTrust SSL
certificate with the HTTPS protocol.
 |
