Frequently Asked Questions
Questions About the CSR
An SSL certificate (also known as a Web Server Certificate, Secure Server Certificate, and Digital Certificate) works with the SSL protocol to secure online communications and transactions, and identifies a remote computer, using cryptography.
SSL certificates are issued by Certification Authorities (CA's), such as GeoTrust, which vouch for the information contained within the SSL certificate. Embedded within an SSL certificate is the fully-qualified domain name of your web site (server), such as www.yourdomain.com. It may also contain information about your business or organization, such as its legal name and the geographic location where your business is legally registered to conduct business.
An SSL certificate will assure your online visitors that confidential information and transactions cannot be viewed, intercepted, or altered by an unauthorized third party when transmitted over the Web or mobile devices.
Give our SSL Selection Wizard a try.
Yes! Try QuickSSL free for 30-days.
The GeoTrust QuickSSL and QuickSSL Premium SSL certificates can be applied for and received in about 10 minutes. The processing time for GeoTrust True BusinessID SSL and Wildcard SSLcertificates is, on average, about 2 days. There are instances when GeoTrust flags QuickSSL and QuickSSL Premium orders for a manual review and security audit. If this happens it could take longer while GeoTrust completes its review.
The 10 minute delivery time applies to GeoTrust QuickSSL and QuickSSL Premium SSL certificates only. The processing time for GeoTrust True BusinessID SSL and Wildcard SSL certificate is, on average, about 2 days. There are instances when GeoTrust flags QuickSSL and QuickSSL Premium orders for a manual review and security audit. If this happens it could take longer while GeoTrust completes its review.
Sure you can. GeoTrust SSL certificates are issued all over the world. There are, however, a handful of countries that, legally, GeoTrust cannot issue to, these are: Angola, Ascension, Cuba, Czechoslovakia, Libya, Iran, Iraq, Afghanistan, North Korea, Syria, and Yugoslavia.
For QuickSSL and QuickSSL Premium certificates you won't need to send in any supporting business documents. For True BusinessID and Wildcard SSL you may need to fax in proof-of-organization documents issued by your local or state government showing that your business or organization is authorized to do business in your country.
No. One SSL certificate covers every page within your domain. If your SSL certificate is issued for www.mydomain.com, then your SSL certificate will work for https://www.mydomain.com/index.htm, https://www.mydomain.com/support/about_us.html, https://www.mydomain.com/books/mysteries/authors.html, and so on.
This is an important topic, so we made tutorial about How To Use Your GeoTrust SSL Certificate.
QuickSSL and QuickSSL Premium are authenticated at the domain level only, whereas True BusinessID and Wildcard SSL are authenticated at the domain level and at the company/organization level.
Currently we accept payments using American Express, Visa, MasterCard, and PayPal. Companies and Organizations that have made advance arrangements with us may also place an order using a purchase order.
For QuickSSL and QuickSSL Premium certificates you won't need to send in any supporting business documents for verification. For True BusinessID and Wildcard SSL you may need to fax in proof-of-organization documents issued by your local or state government showing that your business or organization is authorized to do business in your location.
No, you don't. Sometimes having a DUNS number will help GeoTrust to authenticate your business or organization faster, but it's not required.
Yes. GeoTrust will replace, revoke, or refund SSL certificates that have been issued within thirty (30) days of the SSL certificate issue date for the same domain. If you order an SSL certificate and decide you no longer want it within thirty days of the issue date, your money will be refunded. Learn more about cancellations and refunds.
GeoTrust enjoys 99% browser support, also know as ubiquity, but that's only part of the story. GeoTrust SSL certificates are also supported in many micro browsers, such as mobile phones and PDA's.
See our list of supported browsers.
The gold padlock icon will illuminate when you use any GeoTrust SSL certificate with the HTTPS protocol.
We invite you to contact GeoTrust and inquire as to our relationship. We've been marketing, selling, and supporting their great products for years. You may reach GeoTrust by calling 1-866-GeoTrust (866-436-8787) or 678-366-8399 for International callers.
Some of our SSL customers include IBM, General Motors (GM), UCLA, Morgan Stanley, Columbia University, The WD-40 Company, The Circuit Court of Baltimore, The Seattle Seahawks and more. We've built a solid business by providing a great product at a fair price followed up by outstanding customer support. We'd like the opportunity to do the same for you.
Yes, only for much cheaper. As you place an online order on this site, our system communicates with GeoTrust's system in real time. GeoTrust generates the new SSL certificate and then we send it on to you.
There's really no magic to it. With our direct relationship with GeoTrust we're able to buy large blocks of SSL certificates at deep discounts. We use our buying power to save you money. GeoTrust is happy, we're happy, and you'll be happy for saving money on a name brand SSL certificate at a fair price.
Currently our renewal prices are the same as our new SSL certificate prices. So, if the new price of, say ,QuickSSL is $99 today, so is the renewal price for QuickSSL today. Our renewal prices will NEVER be higher than our regular new certificate prices for the same type of SSL certificate.
Yes. Every GeoTrust SSL certificate issued comes with free re-issues and replacements for the life of your SSL certificate for the exact same fully-qualified-domain name. So, if you need move your SSL certificate you may export the keys to your new server, or you may generate a new CSR request on the new server and have your certificate re-issued.
Yes. You need to have a unique IP address for each domain you want to secure. This is not a GeoTrust thing, but rather an SSL protocol thing and has to do with the Secure Sockets Layer working below the application layer. Any site that wants to use an SSL certificate must have its own unique IP address that is not shared by another site. The IP can be real (routable) or internal (RFC 1918 non-routable address) but, it must be unique on the server. Please also note that it doesn't matter if the IP address you assign to the site changes later. If you decide to change the IP address later you won't need to get a new SSL certificate. The SSL certificate must be bound to an IP, but not a specific IP. Your hosting company should be able to set you up with a unique IP address if you don't already have one.
In most cases, yes. Your hosting company should be able to help you generate your CSR and upload your SSL certificate. Check with your hosting provider to make sure.
Sure, all you need is a Certificate Signing Request (CSR) to get started. Sometimes you can use the CSR from last year, other times you must generate a new CSR. It just depends what type of server environment you're site is hosted on. If you didn't originally purchase from this site you should start the order off as a NEW order. As you progress through the online order process, and your CSR is decoded, GeoTrust's system will let our system know that this is a renewal order and we'll automatically change your order type from New to Renewal during the ordering process.
Please see our tutorial: Renewing an IIS SSL Certificate.
The SSL certificate delivered to you will look very much like the CSR you submitted. Here is sample of a completed SSL certificate.
A dynamic site seal is a security icon graphic for you to display on your site. This prominently displayed smart site seal guarantees online visitors they will receive the highest level of encryption possible. Clicking the seal reveals the authenticity of your site.
Get a site seal if you want to assure your online visitors your site
is verified by a trusted third party like GeoTrust. Both GeoTrust QuickSSL
Premium, GeoTrust True BusinessID, and Wildcard SSL come with dynamic
The QuickSSL Premium Site Seal
The True BusinessID Site Seal
How do I get my Site Seal on my web pages?
You can secure more than one fully-qualified-domain (FQDN) with one SSL certificate but you have to choose the right SSL product.
Yes. Go crazy! Install your SSL certificate on as many servers as you like with our unlimted server licensing policy.
Years ago it was illegal in the US to export 128-bit high-encryption due to national security concerns. So, browser developers like Microsoft and Netscape had to offer two versions of their browsers: a high-encryption version for US customers and a low-encryption export version for customers outside the US. The export versions could only support up to 56-bit encryption. Server Gated Cryptography (SGC) was a way to legally "bump up" a session to a 128-bit connection even on the low-encryption export browsers. In early 2000 the US government relaxed its ban on exporting high-encryption, making it available for export outside the US, and, as a result, the need for SGC began to fade away. For this reason GeoTrust made a decision not to offer SGC.
X.509 is a standard for public key infrastructure. All GeoTrust SSL certificates are X.509 compliant.
Yes, you will see the GeoTrust roots listed as GeoTrust or Equifax. In Internet Explorer, from the top menu, go to Tools > Internet Options then select the Content tab. In the Certificates section click the Certificate button and then select the Trusted Root Certification Authorities tab.
GeoTrust was founded years ago by a few key people from Equifax Secure. In 2001 GeoTrust acquired Equifax Secure, which included the Equifax root certificates. Now, GeoTrust has become the world's second largest SSL provider.
If I install a GeoTrust SSL certificate, will users of my site have to install anything on their end?
GeoTrust's root certificates come pre-installed on 99% of all web browsers in use today. So, unless the user is using a very, very old browser, he or she won't have to do or install anything when they visit your site. The user experience will be seamless.
All GeoTrust SSL certificates now support up to 256-bit encryption. That means that if the user's browser supports 256 and your web server supports 256, the SSL session will be 256. If 256 is not supported by both the browser and the server, the SSL session steps down to 128. Mozilla's Firefox web browser now supports 256 and others, such as Microsoft, are likely to follow. Going forward the shift will be from 128 to 256.
Yes. Please see a complete list of supported web browsers and micro-browsers.
Yes. If you domain is registered to, say, Jane Doe, then you will need to generate your CSR with "Jane Doe" in the Organization field (where you would normally put your company's name). Then, once you have placed an online order, you will be required to fax in a copy of your valid drivers license or valid passport, issued to "Jane Doe". Keep in mind that this does not apply to QuickSSL nor QuickSSL Premium; which do not require any proof-of-organization documents.
Currently we do not offer a cert for an IP address (rather than a FQDN).
No. The SSL session is bound to an IP address, but not a specific one. If you change your IP you don't need a new SSL certificate.
Yes we do! Check it out
This would only be a concern if you are trying to purchase a True BusinessID or Wildcard SSL certificate. If your company is not the registered owner of the domain, as verified through a WHOIS lookup, you must get the registrant information changed prior to submitting an SSL certificate application. You can usually change the registrant information yourself by logging in where you registered your domain and making the changes. Any changes you make to the WHOIS record may take 24-48 hours to update.
You will be notified when the verification process is complete. If your application has been accepted, you will receive your SSL certificate via email.
A Wildcard SSL certificate is used to secure unlimited sub domains that share a common base domain. For example, if your base domain is 'books.com', you can secure sales.books.com, www.books.com, secure.books.com, and shop.books.com with one Wildcard SSL certificate.
Say you have five sites in IIS where you want to use one Wildcard SSL certificate. You'd pick one of the sites and generate a CSR in IIS for that site using *.yourdomain.com as the Common Name field. When the order is complete and the Wildcard certificate is sent to you by email, you go back to that site in IIS and import the Wildcard certificate. Then, using the Web Server Certificate Wizard in IIS, go to each of the other four sites and assign an existing certificate to each of the remaining four sites. Note that each site using the Wildcard SSL certificate must have its own IP.
Unlimited, as long as each sub domain shares the same common base domain. If your base domain is 'books.com', you can secure sales.books.com, www.books.com, secure.books.com, and shop.books.com with one Wildcard SSL certificate.
The Certificate Signing Request (CSR) is a small, encrypted text file. The CSR contains information about your organization and the domain you wish to secure. A CSR is what you give to a Certification Authority, such as GeoTrust, to generate your SSL certificate. It is an essential part of obtaining an SSL certificate.
Learn more About the CSR.
If you have access to your web server you can generate your own CSR, otherwise your hosting provider or server administrator will need to help you. Some well known control panels (Ensim, Plesk, cPanel, etc.) will allow you to generate your own CSR if your hosting provider has enabled that feature for you. How you generate your CSR depends on the brand of web server software your domain is hosted on.
The completed CSR looks like a big block of random text.
Yes. You should include ---- BEGIN CERTIFICATE REQUEST----,
You cannot use any of the following characters in your CSR:
Note that the asterisk (*) may be used for Wildcard certificate CSR's only. Also, do not include http:// or https:// in your Common Name.
No. Please do not include http:// or https:// in your CSR's Common Name.
No. You must have a CSR for your domain before you can apply for an SSL certificate.
The Common Name (CN) is the fully-qualified domain name for your web server. This must be an exact match. For example: if you intend to secure the URL https://www.yourdomain.com, then your CSR's Common Name must be www.yourdomain.com.
Learn more About the CSR.
If you want to secure both the www and non-www version of your site it is recommended that you use 'www.mydomain.comn' in your CSR.
Learn more About the CSR.
Let's say you want to secure all of these domains:
Let's say you want to secure all of these domains:
The asterisks (*) represents the "wildcard" part of the domain.
If you need to install an SSL certificate and private key on multiple servers you should generate a CSR from the first machine and isntall the issued SSL certificate on that machine. Once installed on the first machine you should make a backup of your private key and SSL certificate and import it to machine #2, and so on. So, you will only be generating one CSR and using the same keys for each machine. If you are working with Windows IIS servers this is an easy task. Please see our tutorial Exporting/Importing SSL Certificates Between Windows Servers.
You should use the fully-qualified domain name of the site you are trying to secure, not the host name of the box (unless they are the same).
Multi-domain SSL. It's Here!
Our Customers(see more)