RapidSSL FAQs
A Guide to RapidSSL Certificate
1. What
is SSL?
2. What is a RapidSSL Certificate?
3. What is a Single
Root SSL Certificate?
4. What browser versions are compatible with
RapidSSL?
5.Why
is DomainPeople providing RapidSSL secure server
certificates?
6. How
long are the SSL Certificates valid?
7. How
long does it take to issue my SSL Certificate?
8. Can
I secure multiple subdomains with a single SSL
Certificate?
9. What
validation processes does RapidSSL.com use?
10. What
is the warranty on my certificate?
11. I've
submitted my order, how do I get my RapidSSL
Certificate?
12. What
do I need to enroll for an SSL Certificate for
my Web server?
13. What
is a CSR and how do I generate one?
14. What
do I do if the enrollment form says my CSR is
invalid?
15. What
is the enrollment process?
16. I
am not based in the US or Europe, will the Phone
Authentication still work?
17. I
have not received any emails from RapidSSL.com
since enrolling, how should I proceed?
18. I
have not received the "Approval" email from RapidSSL.com,
how should I proceed?
19. How
do I install my certificate?
1. What is SSL?
The SSL protocol is the Web standard for encrypting
communications between users and SSL (secure
sockets layer) sites where Ecommerce or sensitive
data is exchanged. Data sent via a SSL connection
is protected by encryption, a mechanism that
prevents eavesdropping and tampering with any
transmitted data. SSL provides businesses and
consumers with the confidence that private data
sent to a Website, such as credit card numbers,
will be kept confidential. Web server certificates
(also known as secure server certificates or
SSL certificates) are required to initialize
an SSL session.
Customers can easily detect when they have a SSL session established with a Website because their browser displays the little gold padlock and the address bar begins with an “https” rather than “http.” SSL certificates can be used on Web servers for Internet security and mailservers such as imap, pop3 and smtp for mail collection / sending security.
2. What is a RapidSSL Certificate?
RapidSSL Certificates uniquely enable businesses
to obtain low cost fully functional single root
trusted SSL certificates.They are ideal for
Websites conducting light levels of Ecommerce
or sites that provide a secure login area. RapidSSL.com
owns the root used to issue the certificates,
making RapidSSL both stable and far easier to
install than a chained root install certificate.
RapidSSL lowers the barrier of entry for companies that want single root SSL security by providing immediately issued certificates at the lowest cost available.
See a RapidSSL Certificate in action - click here for a Secured by RapidSSL test page.
3.
What is a Single Root SSL Certificate?
When connecting to a Web server over SSL, the
visitor's browser decides whether or not to trust
the Website's SSL certificate based on which
Certification Authority has issued the actual
SSL certificate. To determine this, the browser
looks at its list of trusted issuing authorities--represented
by a collection of Trusted Root CA certificates
added into the browser by the browser vendor
(such as Microsoft and Netscape).
Most SSL certificates are issued by CAs who own and use their own Trusted Root CA certificates, such as those issued by GeoTrust and RapidSSL.com. Since GeoTrust and RapidSSL.com are known to browser vendors as trusted issuing authorities, their Trusted Root CA certificate has already been added to all popular browsers. These SSL certificates are known as "single root" SSL certificates. RapidSSL.com, a subsidiary of GeoTrust, owns the Equifax Secure eBusiness CA-1 root used to issue its certificates.
Some Certification Authorities, like Comodo, do not have a Trusted Root CA certificate present in browsers, therefore they need a "chained root" in order for their certificates to be trusted - essentially a CA with a Trusted Root CA certificate issues a "chained" certificate which "inherits" the browser recognition of the Trusted Root CA. These SSL certificates are known as "chained root" SSL certificates. Installations of chained root certificates are more complex and some Web servers are not compatible with chained root certificates.
For a Certification Authority to have its own Trusted Root CA certificate already present in browsers is a clear sign that they are long-time, stable and credible organizations who have established relationships with the browser vendors (such as Microsoft and Netscape) for the inclusion in their Trusted Root CA certificates. For this reason, such CAs are seen as being considerably more credible and stable than chained root certificate providers who do not have a direct relationship with the browser vendors.
Chained root certificates require additional effort to install as the Web server must also have the chained root installed. This is not necessary for single root certificates.
4.
What browser versions are compatible with RapidSSL?
RapidSSL.com certificates are compatible with
IE 5.01+, Netscape 4.7+, Mozilla 1+, AOL 5+,
Firefox, Safari and many newer Windows and Mac
based browsers and are single root install certificates
(they do not use chaining technology), meaning
that they are compatible with SSLv2 and SSLv3.
Single root certificates are also more widely
accepted by Web servers with some Web servers
not accepting chained root technology.
5.
Why is DomainPeople providing RapidSSL secure
server certificates?
By providing RapidSSL certificates, DomainPeople
is lowering the barrier of entry for companies
and Websites wishing to secure their low volume
and low value online transactions and data with
the lowest cost single root install certificates
available.
6.
How long are the SSL Certificates valid?
RapidSSL certificates are valid for 1 to 5 years.
FreeSSL certificates are valid for 30 days.
When your SSL certificate expires, DomainPeople will automatically provide you with renewing instructions.
7.
How long does it take to issue a SSL Certificate?
If you need a SSL certificate right away, you
have options. If you can wait 3-5 days, you can
get certificates from established vendors that
use traditional validation methods. However,
immediate issuance certificates use alternate
validation methods. Please review our information
on validation to familiarize yourself with standard
methods and question your vendors when in doubt.
RapidSSL and FreeSSL are issued immediately.
8.
Can I secure multiple subdomains with a single
SSL Certificate?
A SSL certificate is issued to a fully qualified
domain name (FQDN). This means that a SSL certificate
issued to "www.yourdomain.com" cannot
be used on different subdomains, such as "secure.yourdomain.com".
9.What
validation processes does RapidSSL.com use?
Trust hierarchy demands that entities "vouch" for
each other. Companies that issue SSL certificates
are in the business of establishing that entities
on the Web are, in fact, who they claim to be.
The potential for criminal activity on the Web
(in relevance to SSL anyway), is in online "hijacking"
of sites or connections to siphon encrypted data.
Persons so inclined can easily "copy" Web
site interfaces and pose as well known vendors,
simply to collect data.
SSL certificates work to prevent hijacking by ensuring that www.abc.com is, in fact, ABC Co. In the “real world”, we use identification procedures like photo ids, telephone calls and papers of incorporation to know with whom we’re dealing. If products or services are defective, buyers can seek recourse. In the “online world”, companies wishing to use SSL certificates must prove to the Certificate Authority that they have the right to present themselves online as a particular company.
This verification is done through a variety of means in different SSL products. For simplicity’s sake, consider the method started and championed by Verisign, as the "traditional" model. The process involves certificate petitioners faxing in their articles of incorporation, and then waiting several days to be granted a certificate to do business online under that name. There is a fair amount of overhead related to this task, as these credentials are examined and reviewed, and full-service products in this arena can cost hundreds of dollars.
There are newer, lower-cost alternatives in which certificates are issued more quickly. These certificates verify that the certificate holder is the owner of that domain, ensuring customers that URL “owners” are who they claim to be.
There are also other validation options, like two-way, real-time telephony. Certificate applicants are required to provide telephone numbers, and certificate authorities call to verify basic information, which is yet another way to seek recourse in the event of problems.
As part of the provisioning process with RapidSSL, your business will be assigned a Unique Business Identifier — equivalent to a DUNS number. The Unique Business Identifier provides a corporate profile to your Internet users through information imbedded in your certificate. The business registration profile initially contains the basic self-reported information from your CSR — your Domain, Company Name, Division, Country, State and City. Your Unique Business Identifier will allow relying parties to view and purchase additional data about your company. With the Unique Business Identifier, industry-recognized domain control authentication, and two-factor telephony authentication, both of these products add further validation to forge the strongest real-time authentication process on the market today.
10.What
is the warranty on my Certificate?
RapidSSL provides a $10,000 warranty on
certificates. The warranty protects the
end user if RapidSSL misuses a certificate.
It is worth noting that other SSL Providers use warranties as a means of adding perceived value to their offerings.They then, offer the same certificate with higher warranties and charge more for the certificate! RapidSSL wants to make it clear that warranty has not been collected on any SSL Certificate, ever. The inclusion of a $10,000 warranty on RapidSSL makes RapidSSL.com the lowest cost provider of highly trusted, fully warrantied SSL certificates.
11.I've
submitted my order, how do I get my RapidSSL
Certificate?
RapidSSL employs a two-level automated vetting
process. You must complete both stages of the
vetting process before your SSL certificate can
be issued.
Stage 1: Telephone Authentication
As part of the enrollment process you will be
prompted to complete the Telephone Authentication.
This is where RapidSSL will place an automated
call to your telephone number and ask you to
enter a PIN they display on screen, so ensure
you have access to a telephone when you enroll.
If you do not have access, or experience any difficulty in completing the Telephone Authentication during enrollment do not worry. RapidSSL will also send you an email specifying how you can attempt the process again. If you still have problems, please call RapidSSL technical support immediately at (720)-359-1590 or +44 870 4325190 and they will assist you in completing the process manually.
Stage 2: Approver Email
When you have successfully completed the Telephone
Authentication, RapidSSL will send an Approver
email to the designated Approver email address.
You must select the Approver email
address during enrollment. Your Approver email
address would either be:
The email address associated with your WHOIS
contact (if you are unsure you can check this
address by searching the WHOIS database at www.internic.com),
or a generic email address such as:
admin@yourdomain.com
administrator@yourdomain.com
webmaster@yourdomain.com
ssladmin@yourdomain.com
root@yourdomain.com
hostmaster@yourdomain.com
postmaster@yourdomain.com
Unless the Approver receives this email and approves the application by clicking on the link within the email, your certificate cannot be issued. If you are the administrator of the Approver email address please check any spam filters and virus protection folders in case the email has been quarantined.
If you experience any difficulties, contact RapidSSL technical support team at:
| In the US: RapidSSL.com US 600 17th Street, Suite 2800 South Denver, Colorado, USA 80202 Tel: 720 359 1590 Fax: 720 528 8160 Office hours: 1 AM to 9 PM EST |
In Europe: RapidSSL.com Europe 155 Regents Park Road London, England, NW18BB Tel: +44 870 4325190 Fax: +44 870 4325191 Office hours: 6 AM to 2 PM |
12.What
do I need to enroll for an SSL Certificate
for my Web server?
You need the following:
• A Web server that is capable of running
SSL
• Access to the SSL configuration functions
of your Web server (you may need to speak to your
Web host if you cannot readily identify where these
functions are)
• A Certificate Signing Request (CSR)|(see
below)
13.What
is a CSR and how do I generate one?
A CSR is a Certificate Signing Request. It is
a block of encoded data that is generated by
your Web server and contains the necessary details
about your domain and organization. For instructions
on how to generate a CSR on your Web server click here.
14.
What do I do if the enrollment form says
my CSR is invalid?
There are a number of common issues that would
cause the CSR to be invalid. When you created
the CSR you will have been asked for several
pieces of information.
• Check the common name field. You may have specified an IP address (e.g. 178.0.1.23) or a server name (e.g. myWebserver) instead of a Fully Qualified Domain Name such as www.mydomain.com or domain name such as mydomain.com. You must specify a Fully Qualified Domain Name or domain name to enroll for a RapidSSL certificate.
• Make sure you do not have any illegal characters in any of the fields in the CSR. Illegal characters include: ! @ # $ % ^ ( ) ~ ? > < & / \ , . " '
• Check the country field. If you are located in the United Kingdom, do not specify your country code when generating the CSR as "UK." It must be "GB".
• Make sure you have included the header
and footer of the CSR into the enrollment form.
The header and footer look like:
----BEGIN CERTIFICATE REQUEST -----
encoded data
-----END CERTIFICATE REQUEST------
Make sure that there are 5 dashes on each side of Begin and End certificate
request. There should also be no trailing spaces in the CSR.
15.
What is the enrollment process?
The enrollment process is online and immediate
and includes telephony based validation. You
must be near, or have access to, a telephone
or cell phone to complete the enrollment process
in one step, which takes about 5 minutes.
If you do not have access to a telephone when the enrollment is taking place you can complete the telephony validation at a later time. RapidSSL will send you an email containing a link you will be able to process at any time. It is very important that you do not lose this email, doing so will delay the issuance of your certificate. If you do lose your email please contact RapidSSL immediately. Please note that until the telephony validation is complete RapidSSL will not be able to issue your certificate.
16.
I am not based in the US or Europe, will the
Phone Authentication still work?
Yes, just remember to enter your current country
code.
17.
I have not received any emails from RapidSSL.com
since enrolling, how should I proceed?
Please ensure that you have access to the email
address used in the application process. Also,
as RapidSSL sends unique URLs in the issued emails,
be sure that your mailserver has not separated
or quarantined the emails. They will be from
support@rapidssl.com.
18. I
have not received the "Approval" email
from RapidSSL.com, how
should I proceed?
The Approval email will be sent to the authorized
domain name owner or administrative contact.
When you apply for your certificate, you'll
obtain the authorized domain contacts for your
domain name. You may then choose
to have the approval email sent to either the
authorized domain contact, or alternatively you
will be able to choose a generic domain contact
such as:
admin@yourdomain.com
administrator@yourdomain.com
webmaster@yourdomain.com
ssladmin@yourdomain.com
root@yourdomain.com
hostmaster@yourdomain.com
postmaster@yourdomain.com
In order to receive the approval email, make sure that you have set up the email addresses you specify during the application process. If you need to change the approver email address, please contact RapidSSL.
19.How
do I install my certificate?
Please refer to the RapidSSL
installation pages of our support section.