FAQ: SSL Basics

This FAQ answers some of the most common questions regarding SSL and digital certificates.

What is a Certificate Authority (CA)?

A certificate authority is an entity, which issues digital certificates to organizations or people after validating them.

Certification authorities have to keep detailed records of what has been issued and the information used to issue it and are audited regularly to make sure that they are following defined procedures.

Every certification authority provides a Certification Practice Statement (CPS) that defines the procedures that will be used to verify applications.

What is HTTPS? 

HTTPS or ’Hypertext Transfer Protocol Security’ is a protocol that prevents any unauthorized third party (e.g. cyber criminals) from spying on or obtaining the data being sent back and forth between a web browser and a web server.

Whenever you enter your password or credit card number online it is paramount that this information reaches only the server of the website you are communicating with and this is where HTTPS helps you out.

If you are visiting a regular HTTP-website, the information that you use in communicating with that site is visible to anyone with the skills and inclination to obtain it. Using SSL-protocols, HTTPS-sites enable the exchange of cryptographic keys between your browser and the web server, making sure that these alone can decrypt the data. This prevents anyone who might want to ‘eavesdrop’ from doing so.

What is a Site Seal?

A trust seal is a logo that you can display on your web site that verifies that you have been validated by a particular certificate provider and are using their SSL certificate to secure your site.

It can be displayed on secure and non-secure pages and is most appropriate on pages where customers are about to enter their personal information such as a shopping cart page, but they can be displayed on every page to help build trust.

Every certificate authority’s trust seal is different and some look more professional so you should consider what the seal looks like in order to maximize customer trust. 

What is a Public/Private Key?

Each SSL certificate contains a Public/Private Key pair: a Private Key with the code (basically long random numbers) and a Public Key used to decode it.

The private key is installed on the server and never shared with anyone. It is very important that the private key remains confidential to its respective owner. Otherwise, the certificate will be compromised..

The Public Key is incorporated into the SSL certificate and shared with the web browser. The Public Key is what its name suggests: Public. It is made available to everyone via a publicly accessible repository or directory. Because the key pair are mathematically related, whatever is encrypted with a public key may only be decrypted by its corresponding Private Key and vice versa.

What is a Wildcard certificate?

Wildcard certificates work the same way as a regular SSL Certificate, allowing you to secure the connection between your website and your customer’s Internet browser – with one major advantage. A single Wildcard SSL Certificate covers any and all of the sub-domains of your main domain.

Wildcard SSL Certificates save you money and management time by securing your domain and unlimited sub-domains on a single certificate. For example, a single Wildcard certificate for *.website.com can be used to secure:

• www.mydomain.com
• logins.mydomain.com
• mail.mydomain.com
• files.mydomain.com
• drop.mydomain.com

If you have multiple sub-domains to secure, then a Wildcard SSL Certificate purchase can save you hundreds or thousands vs the cost of buying individual SSL certificates.

Read more about our different SSL certificates.

Can I get an EV certificate with a Wildcard?

EV (Extended Validation) Wildcards are not permissible due to the requirements put forth for the issuance of EV certificates by the CAB forum, which regulates the use and issuance of EV certificates. Many similar functions can be attained with the use of subject alternate names.

What is ECC?

ECC stands for Elliptic Curve Cryptography and is an approach to Public Key cryptography based on elliptic curves over finite fields. It is an alternative to RSA, however, ECC can offer the same level of cryptographic strength at much smaller key sizes, offering improved security with reduced computational requirements.

ECC is of course fully supported through our sites and services, and the issuance process is similar to RSA.

What is a SAN?

Subject Alternative Names or also known as Unified Communications (UC) or Multidomain.

The Subject Alternative Name field lets you specify additional hostnames (sites, IP addresses, common names, etc.) to be protected by a single SSL certificate, such as a Multi-Domain (SAN) or Extend Validation Multi-Domain certificate:

• mail.mydomain.com
• files.mydomain.net
• *.mydomain.info
• mail.mydomain2.com

How do I renew?

Same as buying a new certificate, though we will add the remaining time, up to 90 days. That means that you can easily install the new certificate in advance. Read more on how to renew ssl certificates.

Are internal domains like .local supported?

Internal server names will no longer be issued as of October 26, 2015.

Do you have a test or trial certificate?

TRUSTZONE has a 30-day refund policy.

How does a Wildcard with SAN work?

A normal wildcard certificate will only secure a specific subdomain level. For example, if your certificate is for *.yourdomain.com, it will secure subdomains of the same level.

You can replace the wildcard character with any subdomain as long as is does not contain any additional periods.

To secure a different level such nextlevel.test.secure.yourdomain.com you would need a SAN, or another wildcard to secure that level. You can as an additional option get a wildcard as a SAN.

What is FQDN?

A Fully Qualified Domain Name is the complete domain name for a specific computer or host on the Internet.

What is certificate installation scanning?

To ensure that our customers get the full benefit of our products and services, TRUSTZONE performs a thorough security installation and performance test of installed certificates. After completion of the order the scan is performed, if accessible from the internet.

What is browser compatibility?

Certificates issued by TRUSTZONE are trusted by all common browsers, mail clients, operating systems, and browsers. It is this universal support that means your digital certificates can be trusted by each and every customer no matter where, when, and how they connect to your services.

What is a Domain Name System (DNS)?

The Domain Name System or DNS is the Internet’s equivalent of a phone book. It is only possible for computers to communicate and connect with each other using a series of numbers. Therefore, DNS converts human-readable domain names such as www.trustzone.com into Internet Protocol (IP) addresses such as 12.3.45.678. This is necessary because although domain names are easy for people to remember, computers or machines access use IP addresses to access websites.