Signtrust SSL certificates - questions and answers.
- What is the benefit of SSL certificates?
Many internet users still have concerns about sharing their confidential data over the internet - despite the fact that on-line shopping and on-line banking have become commonplace. The fear that confidential information could fall into the wrong hands is too great. SSL certificates help to create trust.
SSL certificates are based on Secure Sockets Layer (SSL) technology, a hybrid encryption technology which allows a secure connection between a website and a browser, thus guaranteeing the confidentiality, authenticity and integrity of shared data. SSL certificates therefore provide secure web communications and increased trust for visitors and customers, which are also important purchasing criteria in e-commerce.
The padlock icon that appears in the browser's URL address bar (or status bar) instantly shows that a website is using a SSL certificate. When using Extended Validation (EV) SSL certificates, the URL address bar is additionally highlighted in green, thus making it even easier for visitors to recognize that it is a secure website.
With Version 3.1, SSL technology was further developed and standardized under the new name TLS (Transport Layer Security). However, the term SSL is more frequently used in the market in connection with certificates, which is why we also use SSL as a synonym for TLS.
- What is an Extended Validation (EV) SSL certificate?
An Extended Validation (EV) SSL certificate is a SSL certificate whose issue is linked to the extended validation criteria specified in the EV SSL guidelines of the CA/Browser Forum.
The CA/Browser Forum is a consortium of leading certification authorities (CAs) and browser providers. In 2006, with the EV SSL guidelines, it adopted strict validation standards for the issuing of certificates. For example, these validation standards stipulate that every SSL application must also be subsequently confirmed by phone.
The URL address bar of a website which is secured with an EV SSL certificate is highlighted in green, also shows the name of the domain owner and the issuing certification authority, and thus substantiates the trustworthiness of the website for its visitors.
- What is a Signtrust SSL Wildcard certificate?
With a Signtrust SSL Wildcard certificate, you can secure as many sub-domains of a domain as you like with a single wildcard certificate (e.g. mail.beispieldomain.de, ftp.beispieldomain.de, support.beispieldomain.de, etc.). As only a single wildcard certificate is required for this, it represents a cost-effective solution for many companies and organizations.
A wildcard certificate always contains a wildcard (*) in its common name (e.g. *.beispieldomain.de). This wildcard can represent any number of sub-domains and is also what gives this type of certificate its name.
When creating the Certificate Signing Request (CSR) for a wildcard certificate, you must make sure that the common name contains a wildcard (*).
With a wildcard certificate, you can also secure domains which are hosted on different servers (physical or virtual), using the same wildcard certificate. You have the opportunity to purchase an additional server license for each additional server on which the wildcard certificate is to be used. You can easily specify this when applying via our SSL on-line application. The private key and the wildcard certificate with the public key can easily be exported using the export function of the web server software being used, and be integrated into the additional servers using the import function of the web server software being used there.
- What is a Trustlogo and how do I get one?
A Trustlogo is a special symbol which allows you to substantiate the security and trustworthiness of your website. This symbol is easily integrated into your website and allows visitors to your website to verify its authenticity.
When clicking on the symbol or hovering over it with the mouse, details of the website (URL) and the website owner (name, address and contact information) are displayed. The Trustlogo therefore provides transparency and reduces the security concerns and inhibitions of your website visitors and customers.
With every SSL certificate you purchase, you will receive a free Trustlogo to include on your website. There are various Trustlogos to choose from. The e-mail you receive containing the issued SSL certificate, will also provide information about how to install the Trustlogo.
- How long does it take to issue a Signtrust SSL certificate?
It usually takes 1-2 working days to issue Signtrust SSL certificates, as long as the following conditions are met:
- Application data is correctly submitted via the SSL on-line application, and evidence is submitted to Signtrust to authenticate the domain owner.
- The certification authority is able to successfully authenticate the domain and the domain owner, based on the application data and evidence submitted.
It can take longer to issue Signtrust SSL EV certificates due to the additional validation requirements specified in the Extended Validation SSL guidelines (e.g. telephone confirmation of the SSL application). You will usually receive a Signtrust SSL EV certificate within a week, as long as the following conditions are met:
- Application data is correctly submitted via the SSL on-line application, and the signed EV application form is submitted to Signtrust to authenticate the domain owner.
- The certification authority is able to successfully authenticate the domain and the domain owner, based on the application data and EV application form submitted.
- Am I able to replace a Signtrust SSL certificate?
Under certain conditions you can replace a Signtrust SSL certificate you have already purchased, for a one-off fee of EUR 25.00 (plus VAT). The following conditions apply:
- the private key has been damaged or lost,
- the name of the domain has changed, or
- different web server software is being used.
The validity of the replacement certificate remains unchanged and is the same as that of the original certificate which has been replaced. The replacement certificate and Trustlogo will be sent to you by e-mail.
To apply for a replacement certificate, please use our SSL on-line replacement application.
If the domain owner has changed (he has changed his name and/or address), you will need to order a new SSL certificate.
- What is the procedure for issuing a Signtrust SSL certificate?
The following 3 steps are required to issue your SSL certificate:
- Create Certificate Signing Request (CSR)
- Complete SSL on-line application
- Verify domain owner
Each step is described in detail in our 3 steps to SSL certification.
This information is also provided on the first page of our SSL on-line application.
- What evidence is acceptable to authenticate the domain owner?
When applying for Signtrust SSL Premium or Signtrust SSL Wildcard certificates, you need to provide the appropriate evidence to verify that the applicant is also the domain owner. Domain owners can be companies, government or other organizations, or even individuals.
Here is the acceptable evidence to authenticate the domain owner.
In order to verify the identity of the domain owner, it is sufficient to submit a single piece of identity. In rare cases, a second piece of identity may be required if necessary. At least two pieces of identity are required to authenticate individuals.
When applying for a SSL EV certificate, it is sufficient to submit a signed EV application form, which is issued upon completion of the SSL on-line application. In rare cases, additional proof of identity may be required.
- What evidence is acceptable to authenticate the domain owner when applying for a Signtrust SSL EV certificate?
When applying for a SSL EV certificate, to authenticate the domain owner it is necessary to submit the EV application form, which is issued as a PDF print-out upon completion of the SSL on-line application. This must if necessary be completed by hand, signed by the applicant, and sent to the e-mail address or fax number specified on the PDF print-out. In rare cases, additional proof of identity may be required.
The domain holder's identity is validated in accordance with the Extended Validation SSL guidelines adopted by the CA/Browser Forum, which also stipulate that a telephone call must be made to the domain owner, to ultimately confirm the application to issue the SSL EV certificate.
- Is any special evidence required to authenticate the domain owner in the case of individuals?
At least two forms of identity are required to authenticate individuals. As well as a copy of their identity card or passport, further proof of identity is also required (e.g. a copy of their trading license, electricity, gas or water bill).
If the address on their identity card or passport does not match the address submitted during the SSL on-line application and held by the domain registration authority (WHOIS data), then it is necessary to submit further proof of identity.
IMPORTANT: It is imperative that the WHOIS data is up-to-date; i.e. that the registered name and address of the domain owner are correct and verifiable with an official document.
Here is information about what is required for successful authentication as well as the acceptable evidence.
- Is any special evidence required to authenticate the domain owner in the case of government organizations, public or charitable institutions?
Much of the acceptable evidence published here is also acceptable to authenticate government organizations, public or charitable institutions. Alternatively, you can also submit an appropriate letter of authorization from the organization. The above-mentioned link also contains information about the details required in the letter of authorization.
- How and in what format can evidence be submitted for authentication?
You can send us your evidence and the signed EV application form (when ordering Signtrust EV SSL certificates) by e-mail or fax.
If sending by e-mail, we can only accept documents in PDF or TIFF format. Please send documents to the following e-mail address: firstname.lastname@example.org. To enable us to assign the documents you send to your application, please state the application number in the e-mail subject line.
If sending by fax, please use the following fax number: +49 (0)228 9086 555589. To enable us to assign the documents you send to your application, please attach the cover sheet which is issued after applying via the SSL on-line application and which contains the printed application number.
The step-by-step guide, which is also issued after applying via the SSL on-line application, also contains a description of the procedure for sending documents.
- What are the conditions for issuing a Signtrust SSL certificate?
Signtrust SSL certificates are domain and organization validated SSL certificates, which meet strict security requirements. The condition for issuing a SSL certificate is the successful authentication of the domain and the domain owner (company, government or other organization or individuals). The validation of the domain and the domain owner is undertaken by the certification authority of our cooperation partner, Comodo CA Limited. A SSL certificate is only issued after the certification authority has successfully authenticated the domain and the domain owner.
In order to successfully authenticate the domain and the domain owner, please note the following important information:
Authentication of the domain
To successfully authenticate the domain, the data entered about your domain during the SSL on-line application must match the corresponding WHOIS data currently held by the registration authority (e.g. DENIC or ICANN). The following data must match:
- Name of the domain/website
- Name and address of the domain owner
- E-mail address of the domain's technical contact person.
IMPORTANT: It is imperative that the WHOIS data is up-to-date; i.e. that the registered name, address and technical contact person of the domain owner are correct and verifiable with an official document.
Advice on how to complete the application correctly can also be found on the relevant pages of the SSL on-line application.
Authentication of the domain owner
You need to provide the appropriate evidence to verify the identity of the domain owner (company, government or other organization or individual). To successfully authenticate the domain owner, the name and address of the domain owner as stated on the evidence must match the name and address of the domain owner as stated on the SSL on-line application and held by the registration authority (WHOIS data from DENIC or ICANN etc.).
- How do I get technical support?
For every Signtrust SSL certificate you purchase, free technical support is available from our partner and certificate issuing company, Comodo.
You can access this by telephone or via the Support Center, with comprehensive support services such as Support Ticket, Knowledgebase, Live Chat, etc.
We recommend that you prepare a Service Ticket, where you can for example also upload a screenshot to better illustrate the technical problem. In order to assign it to your application, please have ready the application number sent to you by e-mail or the name of the domain to be secured.
Please refer to our Support/Info Center for the contact information for Comodo's technical support.
- What is a Certificate Signing Request (CSR)?
A Certificate Signing Request (CSR) is a text sequence generated by the web server software which hosts the domain to be secured. A CSR is essential for issuing a SSL certificate and is typically created by an IT Administrator. As well as the public key, a CSR also contains more structured data such as the name of the domain to be secured, the domain owner and his address. The SSL certificate combines this data with the public key, thus clearly confirming the owner of the public key.
Before applying for a SSL certificate, you must ensure that the CSR has been generated by your web server software. Only then can you apply for a SSL certificate via our SSL on-line application. The text sequence is then entered in the relevant field.
IMPORTANT: Only CSRs containing RSA keys and a key length of 2048 bits can be accepted.
- How is a Certificate Signing Request (CSR) generated?
A CSR is generated by your web server software. The procedure for generating a CSR will differ depending on the web server software you are using.
Detailed instructions for generating a CSR using common web server software can be found in the Support Center of our partner, Comodo.
The link to Comodo's CSR decoder tool can also be found in our SSL on-line application, to help you check the CSR created prior to submission.
You can also access the Comodo CSR Decoder Tool via the following link.
- Which key length should a Certificate Signing Request (CSR) contain?
When applying for Signtrust SSL certificates, only CSRs containing RSA keys and a key length of 2048 bits can be accepted. When creating a CSR, you must therefore be careful to select a key length of 2048 bits.