SSL Certificates

This guide will help you get started with our SSL Certificates.

What is an SSL Certificate? What can I do with it?

An SSL Certificate is a digital certificate which identifies the authenticity of a server and is used to encrypt information to and from the server. SSL certificates allow your visitors to ensure that your server is genuine and to protect sensitive data such as credit card purchases and other communications.

How do I set it up?

Please complete the following steps to create and install your SSL Certificate.

1. Generate the Certificate Signing Request (CSR)

First, you will need to generate a Certificate Signing Request (CSR) for your server. The CSR contains information about your cert (Common Name, city and state, etc.) and the public portion of your public/private key. To generate the CSR, please see our Commands for Generating CSRs for SSL Certificates article here. You should be able to find instructions in your software's documentation as well if your server is not listed here.

When your certificate has been generated, it should look like this:


If you are having trouble generating your CSR, please see our Preventing CSR Errors article here.

2. Create the SSL Certificate

Create an account and create your SSL Certificate. Enter the Common Name of your certificate (e.g. or and select a certificate type. You will be prompted to provide the CSR (make sure to include the "BEGIN CERTIFICATE REQUEST" and "END CERTIFICATE REQUEST" lines), which will validate the request. Once this completes, choose an Approver E-Mail (address where the confirmation will be sent), additional contact information and optional features such as Alternate Names.

3. Approve the SSL Certificate

Once you complete the checkout process, a confirmation email will be delivered to the Approver E-Mail address. Depending on the level of certificate you purchased, the process is slightly different:

QuickSSL Premium Certificates

In several minutes, you will receive an email from Geotrust that contains a link to approve the certificate request. Once this is approved you will receive an email from letting you know your order is complete. You may then go to your account and download your SSL certificate.

True BusinessID Certificates:

Just like the QuickSSL Premium you will receive an email from Geotrust for approval. True BusinessID® Certificates require a business verification process to assure web site visitors of your business identity.

Before proceeding through the enrollment process, you must make sure that the following items consistently match in order to have your server certificate order processed:

  • The Registrant listed in the InterNIC/WHOIS records for the domain name in question
  • The Organization appearing in your "Proof of Organization" documents or DUNS number
  • The Organization entered into the CSR (Certificate Signing Request)

After completing the enrollment process, please fax your Proof of Organization information and proof of Domain Registration to +1-866-435-8452 or +1-858-300-5306. Include your domain name and order ID number on the cover letter. If any of the above items do not match or are not submitted, the processing of your certificate request will be delayed.

Acceptable documents for Proof of Organization include:

  • DUNS number (Dun and Bradstreet)
  • Articles of Incorporation
  • Business License
  • Doing Business As (DBA) registration
  • Partnership documentation
  • Sole Proprietorship documentation

If you represent a Government Department, Non-Government Organization, or a University, then you should E-mail or call at 1-866-436-8787. (Please note: All documents must be provided in English or with an English translation. Any documentation that is not in English should also be accompanied with a notarized English translation, as we are unable to issue the certificate without the original business document.)

After completing the process you will receive an email from letting you know your order has been completed. You can then go to your account with us and download your SSL Certificate.

4. Install the SSL Certificate on your server

The final step is to install the SSL Certificate in your server. Your server's documentation should provide more information on how to do this. We also have a collection of SSL Certificate installation manuals here.

Frequently Asked Questions

How many bits should I use when creating my private key?

The current recommended strength for private keys is 2048-bit. 512-bit keys are considered insecure, and some certificate types (such as Extended Validation certs) do not even allow 1024-bit keys. Using 2048-bit keys will ensure the strength of your certificate and prevent certificate generation issues.

What happens if I lose my private key?

If you lose your private key, please contact our Support team. They will be able to help you reissue the certificate, allowing you to generate a new private key and CSR as if you were creating a brand new certificate.

Do SSL Certificates work with dynamic IP addresses?

Yes. SSL Certificates are associated with the server and Common Name, not the IP address, so you may use SSL Certificates with our Dyn Standard DNS service and a dynamic IP address without a problem.

Can I use a free Dynamic DNS host with SSL Certificates?

Third-party SSL certificates cannot be used with our free Dynamic DNS hosts, including the certificates we offer. You may use self-signed certificates for Dynamic DNS hosts. If you need the security of our certificates for business transactions or corporate use, you may wish to create your own domain registration and DNS service and purchase SSL certificates for your new domain.

What is the difference between a self-signed certificate and a CA-signed certificate?

Self-signed and Certificate Authority-signed certificates differ in the level of trust given to the identity of the certificate holder. Certificates that are self-signed have no real verification of identity. Browsers and other software have a list of certificate authorities who are "trusted" to vouch for the identity of domain holders.

If I renew my certificate early, do I "lose" the remaining time?

Like domain registrations, certificate renewals take the previous expiration date into account, extending the updated certificate by one or more years from the original date. For example, a cert that expires on July 1, 2009 would be renewed to July 1, 2010. (Please note that SSL certs can only be renewed within the last 90 days before expiration.)

What does "Unrecognized CA Root Authority" mean?

This error indicates that your browser does not recognize the Certificate Authority, and therefore cannot verify the authenticity of the certificate. While rare (our certificates provide 99% browser recognition), it likely indicates that you do not have the necessary Equifax certificates installed. You may download the necessary certificates here.

Do SSL Certificates work with mobile browsers?

All of our SSL certificates feature comprehensive browser recognition for desktop browsers with over 99% mobile browser compatibility. If you intend to use SSL with mobile devices such as web-enabled phones, Blackberries, or devices using Windows Mobile or Windows CE, our SSL certificates may be a good fit for you.

What is a wildcard certificate?

Certificates issued with wildcards, like the True BusinessID Wildcard, match all subdomains of a domain. For example, a wildcard certificate issued for * would provide security and authenticity for,, and with a single cert.

What is an alternative name?

Some certificates allow you to create Alternative Names for an additional fee. Alternative Names allow you to use a single SSL certificate for multiple subdomains at the same domain; for example, a QuickSSL certificate for can have up to three Alternative Names, such as, and

Please note: Alternative Names can only be selected during the certificate's creation process. You cannot add or modify a certificate's Alternative Names after creation. Additionally, some mail clients such as Outlook 2007 may only view the first listed alternate name on a certificate.