- What is an SSL Certificate? What can I do with it?
- How do I set it up?
- Frequently Asked Questions
- How many bits should I use when creating my private key?
- What happens if I lose my private key?
- Do SSL Certificates work with dynamic IP addresses?
- Can I use a free Dynamic DNS host with SSL Certificates?
- What is the difference between a self-signed certificate and a CA-signed certificate?
- If I renew my certificate early, do I "lose" the remaining time?
- What does "Unrecognized CA Root Authority" mean?
- Do DynDNS.com SSL Certificates work with mobile browsers?
- What is a wildcard certificate?
- What is an alternative name?
This guide will help you get started with our SSL Certificates.
What is an SSL Certificate? What can I do with it?
An SSL Certificate is a digital certificate which identifies the authenticity of a server and is used to encrypt information to and from the server. SSL certificates allow your visitors to ensure that your server is genuine and to protect sensitive data such as credit card purchases and other communications.
How do I set it up?
Please complete the following steps to create and install your SSL Certificate.
1. Generate the Certificate Signing Request (CSR)
First, you will need to generate a Certificate Signing Request (CSR) for your server. The CSR contains information about your cert (Common Name, city and state, etc.) and the public portion of your public/private key. To generate the CSR, please see our Commands for Generating CSRs for SSL Certificates article here. You should be able to find instructions in your software's documentation as well if your server is not listed here.
When your certificate has been generated, it should look like this:
-----BEGIN CERTIFICATE REQUEST----- A1CIyPvFx27LJjTeEuoN5ESAlDktQZPVg4r9b5Ab5/dhR+TDiCNkKhpqQKXWSc6y bXlAaGl0Y2hjb2NrY3JlYXRpb25zLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw BxMKTWFuY2hlc3RlcjEbMBkGA1UEChMSSGl0Y2hjb2NrQ3JlYXRpb25zMR8wHQYD cmeLQ7I0AFKIVMnPyu/kO35QgrhLASnEolV8qYehvrGM/urw341s+bqHt05ttcQo CSqGSIb3DQEBBAUAA4GBAFmtY5nKfua4R9+TJsgaoUFC8s5XkfBdbQOlWpgV3MH4 gYkCgYEA4rbK4pTsBk5ViUyxp6FqoDP7HbuNPJPhhhnFSsghcDfzroFz/OFFy5xv MIIB3DCCAUUCAQAwgZsxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJOSDETMBEGA1UE VQQDExZoaXRjaGNvY2tjcmVhdGlvbnMuY29tMSwwKgYJKoZIhvcNAQkBFh1qZXJl vuZuHwPEI2J0aj/ebLnyzcmbihn00Z1Tjc/50kFslIlfAH2pV3MCAwEAAaAAMA0G y/RpmVwXXtbj992FImnSW4XwM0HYNNWt5j8HGOwrNntyii/mmx4TS5e+dfk2qLNT -----END CERTIFICATE REQUEST-----
If you are having trouble generating your CSR, please see our Preventing CSR Errors article here.
2. Create the SSL Certificate
Create an account and create your SSL Certificate. Enter the Common Name of your certificate (e.g. www.mydomain.com or secure.mydomain.com) and select a certificate type. You will be prompted to provide the CSR (make sure to include the "BEGIN CERTIFICATE REQUEST" and "END CERTIFICATE REQUEST" lines), which will validate the request. Once this completes, choose an Approver E-Mail (address where the confirmation will be sent), additional contact information and optional features such as Alternate Names.
3. Approve the SSL Certificate
Once you complete the checkout process, a confirmation email will be delivered to the Approver E-Mail address. Depending on the level of certificate you purchased, the process is slightly different:
QuickSSL Premium Certificates
In several minutes, you will receive an email from Geotrust that contains a link to approve the certificate request. Once this is approved you will receive an email from DynDNS.com letting you know your order is complete. You may then go to your account and download your SSL certificate.
True BusinessID Certificates:
Just like the QuickSSL Premium you will receive an email from Geotrust for approval. True BusinessID® Certificates require a business verification process to assure web site visitors of your business identity.
Before proceeding through the enrollment process, you must make sure that the following items consistently match in order to have your server certificate order processed:
- The Registrant listed in the InterNIC/WHOIS records for the domain name in question
- The Organization appearing in your "Proof of Organization" documents or DUNS number
- The Organization entered into the CSR (Certificate Signing Request)
After completing the enrollment process, please fax your Proof of Organization information and proof of Domain Registration to +1-866-435-8452 or +1-858-300-5306. Include your domain name and order ID number on the cover letter. If any of the above items do not match or are not submitted, the processing of your certificate request will be delayed.
Acceptable documents for Proof of Organization include:
- DUNS number (Dun and Bradstreet)
- Articles of Incorporation
- Business License
- Doing Business As (DBA) registration
- Partnership documentation
- Sole Proprietorship documentation
If you represent a Government Department, Non-Government Organization, or a University, then you should E-mail firstname.lastname@example.org or call at 1-866-436-8787. (Please note: All documents must be provided in English or with an English translation. Any documentation that is not in English should also be accompanied with a notarized English translation, as we are unable to issue the certificate without the original business document.)
After completing the process you will receive an email from DynDNS.com letting you know your order has been completed. You can then go to your account with us and download your SSL Certificate.
4. Install the SSL Certificate on your server
The final step is to install the SSL Certificate in your server. Your server's documentation should provide more information on how to do this. We also have a collection of SSL Certificate installation manuals here.
Frequently Asked Questions
How many bits should I use when creating my private key?
The current recommended strength for private keys is 2048-bit. 512-bit keys are considered insecure, and some certificate types (such as Extended Validation certs) do not even allow 1024-bit keys. Using 2048-bit keys will ensure the strength of your certificate and prevent certificate generation issues.
What happens if I lose my private key?
If you lose your private key, please contact our Support team. They will be able to help you reissue the certificate, allowing you to generate a new private key and CSR as if you were creating a brand new certificate.
Do SSL Certificates work with dynamic IP addresses?
Yes. SSL Certificates are associated with the server and Common Name, not the IP address, so you may use SSL Certificates with our Dyn Standard DNS service and a dynamic IP address without a problem.
Can I use a free Dynamic DNS host with SSL Certificates?
Third-party SSL certificates cannot be used with our free Dynamic DNS hosts, including the certificates we offer. You may use self-signed certificates for Dynamic DNS hosts. If you need the security of our certificates for business transactions or corporate use, you may wish to create your own domain registration and DNS service and purchase SSL certificates for your new domain.
What is the difference between a self-signed certificate and a CA-signed certificate?
Self-signed and Certificate Authority-signed certificates differ in the level of trust given to the identity of the certificate holder. Certificates that are self-signed have no real verification of identity. Browsers and other software have a list of certificate authorities who are "trusted" to vouch for the identity of domain holders.
If I renew my certificate early, do I "lose" the remaining time?
Like domain registrations, certificate renewals take the previous expiration date into account, extending the updated certificate by one or more years from the original date. For example, a cert that expires on July 1, 2009 would be renewed to July 1, 2010. (Please note that SSL certs can only be renewed within the last 90 days before expiration.)
What does "Unrecognized CA Root Authority" mean?
This error indicates that your browser does not recognize the Certificate Authority, and therefore cannot verify the authenticity of the certificate. While rare (our certificates provide 99% browser recognition), it likely indicates that you do not have the necessary Equifax certificates installed. You may download the necessary certificates here.
Do DynDNS.com SSL Certificates work with mobile browsers?
All of our SSL certificates feature comprehensive browser recognition for desktop browsers with over 99% mobile browser compatibility. If you intend to use SSL with mobile devices such as web-enabled phones, Blackberries, or devices using Windows Mobile or Windows CE, our SSL certificates may be a good fit for you.
What is a wildcard certificate?
Certificates issued with wildcards, like the True BusinessID Wildcard, match all subdomains of a domain. For example, a wildcard certificate issued for *.example.com would provide security and authenticity for www.example.com, mail.example.com, and secure.example.com with a single cert.
What is an alternative name?
Some certificates allow you to create Alternative Names for an additional fee. Alternative Names allow you to use a single SSL certificate for multiple subdomains at the same domain; for example, a QuickSSL certificate for www.domain.com can have up to three Alternative Names, such as secure.domain.com, mail.domain.com and ftp.domain.com.
Please note: Alternative Names can only be selected during the certificate's creation process. You cannot add or modify a certificate's Alternative Names after creation. Additionally, some mail clients such as Outlook 2007 may only view the first listed alternate name on a certificate.