LiveChat

Close

chat

ComodoSSLStore Loading
Partner Program

FAQS

SSL Certificate FAQs

This Comodo SSL Certificate FAQs section provides answers to questions such as How to choose, order, install, and manage SSL certificates., If you are new and unfamiliar with SSL security, then these FAQs will give you guidance.

What is SSL?

SSL (Secure socket layer) is a standard security technology that provides secure communications between a web server and a browser. SSL uses a combination of public key and private key encryption to protect sensitive information like credit card numbers, login credentials, email addresses, etc. Furthermore, HTTPS, padlock and green address bar ensure users for a safe website browsing and online transactions.

Hide

What is a Domain Validated (DV) SSL Certificate?

Domain Validated (DV) SSL Certificates deliver the easiest & quickest solution to secure a domain since only the domain name is verified during the validation process. Anyone who can demonstrate control of a registered domain can get this SSL security within minutes of ordering. DV certificates are suitable for small or start-up businesses.

Hide

What is an Organization Validated (OV) SSL Certificate?

To receive an Organization Validated (OV) SSL certificate the customer must demonstrate control of a registered domain and provide certain pieces of company information that Comodo can verify using third-party sources. The OV certificate is a good solution for business sites to increase user trust as the certificate certifies and displays company information to prove ownership of the website.

Hide

What is an Extended Validation (EV) SSL Certificate?

An Extended Validation (EV) certificate is the premium SSL certificate. It provides great assurance to customers by providing the Green Bar within the browser URL window, which is a global symbol of trust. Extended Validation (EV) SSL certificates provide a secure connection and provide visible proof to establish business identity validation.

Hide

How can I get the Green Bar for my website?

An Extended Validation (EV) SSL Certificate is only the certificate that provides the Green Bar.

Hide

Can I qualify for an EV certificate?

To have an EV SSL Certificate you must demonstrate that your business is an official company registered with a government authority. You cannot qualify for any EV SSL Certificate if you are a Sole Proprietor or a Partnership registered in the U.K.

Hide

What certificates offer www and non-www coverage?

All Comodo SSL Certificates offer www and non-www coverage automatically, except for specialty certificates such as multi-domain (SAN) certificates.

Hide

What is a Wildcard SSL certificate?

A Wildcard SSL Certificate secures a single main domain (domain.com) and an unlimited number of subdomains (mail.domain.com, blog.domain.com, login.domain.com etc.) A wildcard certificate is annotated with an asterisk, as in *.domain.com.

Hide

What is a Multi-domain or SAN certificate?

Multi Domain or SAN (Subject Alternative Names) certificates protects multiple domain names with a single certificate (domain.com, example.net, website.org etc). The Comodo multi-domain certificates can cover up to 100 domains with just one certificate.

Hide

What is the difference between Wildcard and SAN/Multi-Domain functionality?

A wildcard certificate secures a single domain (domain.com) and an unlimited number of sub-domains at a specific level. A multi-domain (SAN) certificate protects multiple domain names (domain.com, newdomain.org, otherdomain.com) under one certificate. You can add/edit/ or delete SANs throughout the life cycle of your multi-domain certificate.

Hide

What is a Multi-Domain Wildcard SSL Certificate?

A multi-domain wildcard SSL certificate combines the features of a wildcard certificate and a multi-domain certificate into one. It is designed to secure unlimited subdomains under multiple domains. During generation, the Common Name has to be a regular domain (www.domain.com) and the SAN fields can be your wildcard entries.

Hide

How can I use 256-bit encryption?

256-bit encryption (SHA-2) is available for all Comodo SSL certificates.

Hide

What is the difference between 1024- and 2048-bit key lengths?

1024 and 2048 bit key size or key length refers to the strength of the private key used in a cryptographic algorithm. 2048-bit keys are more secure than 1024-bit key size. 2048 keys are based on new latest industry standard.

Hide

What is the difference between SHA-1 and SHA-2?

SHA stands for Signature Hashing Algorithm which is used by the Certificate Authority to sign a certificate. SHA-1 is an older version of the algorithm and produce a 160-bit (20-byte) hash value. SHA-2 is the current hashing algorithm standard.

Hide

I'm a Sole Proprietor, can I still qualify for an OV/EV certificate?

Any sole proprietor outside of the UK can qualify for both OV and EV Certificates. However, a sole proprietor or partner from the UK can only get an OV SSL with additional documentations.

Hide

What is a Certificate Authority and what is your relationship to them?

Certificate Authority (CA) is an entity that is authorized to issue and manage digital certificates. Comodo is one of the most popular and leading CAs. We are resellers of Comodo digital certificates. We buy SSL Certificates in bulk from Comodo and pass along the savings to you. We also provide industry leading technical support 24/7.

Hide

Which SSL brands are most trusted & secure?

Recently, Comodo positioned itself as the leading SSL Certificate with a 33.6% market share & 6.6% usage. Additionally, all certificates from Comodo are available at affordable price with guaranteed high security.

Hide

Can I see which Certification Authorities have their own Trusted CA root present in browsers?

Of course, yes, Comodo has its roots included in modern devices and browsers. They come with 99% browser compatibility and browser ubiquity.

Hide

What is the SSL certificate warranty?

SSL Certificate Warranty provides protection if your SSL is misused, hacked or met to a data breach due to flaws in the certificate. Comodo offers different types of SSL with different warranty like $10,000, $25,000, $100,000, $1,750,000 etc.

Hide

What is browser ubiquity or browser recognition?

Browser recognition or browser ubiquity refers how many web browsers recognize an SSL Certificate and display SSL or trust indications properly. Higher browser ubiquity means higher browser recognition.

Hide

How long are your SSL certificates valid for?

Comodo SSL Certificates are offered from 1-3 years, depending on which certificate is ordered. Comodo's EV certificate can be issued for a maximum 2 years and DV & OV Certificate can be obtained for up to 3 years.

Hide

What is an Intermediate certificate?

An Intermediate Certificate is a CA Certificate that completes the chain between an SSL certificate and the trusted root in the web browser.

Hide

Where do I get my Intermediate certificate?

The appropriate intermediate certificate is emailed with your SSL Certificate. You can also download your certificate and the intermediate file from your storefront account.

You can download intermediate files from this site:https://support.comodo.com/index.php?/Default/Knowledgebase/List/Index/108/sha-2

Hide

Can I use SSL to cover an internal domain?

Internal domains can be secured through SSL but it must be an official registered domain (a publicly available FQDN). SSL certificates will not be issued for internal domains if it is not a registered or delegated domain.

Hide

What is the difference between 128- and 256-bit security?

The main difference is the key length after establishing an SSL connection in the browser. But practical purpose, 128 bit security is enough to ensure security. The only reason 256-bit security is needed is if it's specifically required by your industry or company policy.

Hide

How many domains can I secure with a Multi-Domain SSL Certificate?

It depends on the certificate you buy, but Comodo Multi-domain Certificate can secure up to 100 domains.

Hide

What is a UC Certificate (UCC)?

A Unified Communications Certificate (UCC) is exclusively developed to protect MS Exchange Server 2007, Office Communications Server 2007, and Live Communications Server 2005. A single UCC SSL enables you to secure communication for multiple domains and host names on a single IP address. The certificate is best suitable to protect both internal network names as well as external domain names.

Hide

What should I do with my private key?

A private key is essential for your SSL certificate to work and it must remain private to avoid any man-in-the-middle-attacks. Only your hosting company can see the private key to install SSL on the server.

Hide

What should I do to expedite the validation of my order?

If you are looking to obtain your SSL certificate quickly; you can do it by contacting to your SSL certificate provider. Only the SSL provider can help you to make your order as top priority by using their close & direct connections with the CA.

Hide

How do I know what my Control Panel/Server OS is?

To know about your control panel or server OS, just contact to your web hosting provider or your IT support department.

Hide

Can I switch my method of Domain Control validation from Email to File, or vice versa?

Yes, you can switch your domain control validation method from file-based to email based or email-based to file-based for any SSL Certificate from Comodo.

Hide

If I buy a Domain Validated (DV) SSL Certificate, which document(s) do I need to provide?

Domain Validated (DV) SSL Certificate does not require any documents; you can have this certificate by simply proving your ownership of the domain.

Hide

If I buy an Organization Validated (OV) SSL Certificate, which document(s) do I need to provide?

The Organization validation SSL Certificate requires true identity of the business. So, you need to provide all accurate documents related to your company. Before asking any documents from you, Certificate Authority (CA) verify the organization through online government database. In case of inaccurate, incomplete, out of date business information, CA may request additional official government registration documents, which vary on a case-by-case basis.

Hide

If I buy an Extended Validation (EV) SSL Certificate, which document(s) do I need to provide?

Extended Validation (EV) SSL Certificate require strict verification. This certificate requires additional steps to have this certificate; you have to provide true organization verification, domain authentication, operational as well as the physical presence of the website owner for a simple telephone call by the Certificate Authority to complete the process.

Hide

If I buy a Code Signing Certificate, which document(s) do I need to provide?

There are two different types of Code signing available, code signing for individual or for an organization. You can have a code signing certificate by fulfilling all requirements of OV certificate. But, if you want to get a code signing for an individual, you need to complete a simple form to verify your identity. This form has to be notarized by a lawyer, CPA, or public notary, a scan of a government issued ID and you may also ask to provide additional documents by the Certificate Authority as need.

Hide

I haven't received my Domain Control Validation email (DCV) yet. What should I do?

There may be few reasons behind not receiving the Domain Control Validation (DCV). Check your order to make sure you entered the correct email address, without any typos. Also, check your spam or junk mail folders for the DCV email. You can request a change to your DCV email address; you can choose the registrant email address contained in the domain’s who.is registration or one of the following file authorized alias email addresses at your domain:

Admin@domain.com, Administrator@domain.com, Hostmaster@domain.com, Postmaster@domain.com, Webmaster@domain.com

Hide

My File Authentication file has been uploaded to the wrong directory. What should I do?

Upload the authentication file to the correct directory. If file is viewable for both yourdomain.com/file and subdomain.yourdomain.com/file, it means you have successfully uploaded your file to the appropriate directory.

Hide

How can I reschedule the phone verification call?

In case you missed the phone verification call and want to reschedule, just contact your SSL provider and tell them your availability. Make sure that the phone number you have provided is verified by the Certificate Authority.

Hide

My verified phone number is outdated, what should I do?

Please contact to your SSL provider to get appropriate advice to verify your outdated phone number. The SSL provider will tell you the right method of updating phone number or creating a new listing.

Hide

How long will validation take?

It depends on the type of certificate and the validation process of the Certificate Authority. Domain Validated (DV) Certificate can take a few minutes to a business day, Organization Validated (OV) Certificate can be issued within 2-3 days to be issued and Extended Validation (EV) Certificate usually take around 3-5 business days to be issued.

Hide

Who do I send a validation document to?

We highly recommend to send a validation document to your SSL provider because they have a list of email address or contact information for the Certificate Authority. They will submit your documents as per your region and type of SSL certificate you purchased.

Hide

Why is my order showing Failed Security Review? What does that mean?

Certificate Authority review your SSL time-to-time and a failed security review may show; but it does not mean that your SSL got something wrong or invalid. Whenever you see that kind of review, just contact to your SSL provider who can work to resolve the issue for you by contacting the CA.

Hide

I completed validation, but never received the certificate. What should I do?

Once you complete validation, certificate authority will send the certificate to the technical contact email address that you provided in your order. In case you didn't receive it, check your spam or junk folder of the email folder. You can also download your issued certificate in your storefront account.

Hide

Can I use the email address listed in the WHO.IS record to complete Domain Control Verification (DCV)?

Yes, you can use the registrant email address listed in the WHO.IS record for DV, OV and EV certificates.

Hide

I cannot remember or have lost my login details.

Just send a note from your administrative email address to support@comodosslstore.com and include your registered domain name and/or order number.

Hide

I have accidentally deleted my "private key" what can I do now?

You can re-install your 'Private Key' using your backup with the help of your system administrator. In case you don't have a backup, contact your web server software vendor for technical support. The last alternative is re-issuance of the certificate following the re-submitting of a replacement CSR.

Hide

I have changed my server, or moved to a different provider; how do I move the certificate?

It's easy, just create a new CSR on the new machine and have the certificate re-issued.

Hide

What is a CSR?

A Certificate Signing Request (CSR) is an encoded file that is generated on the server for all SSL Certificates. The CSR file includes information that identifies your organization and domain name.

Hide

How do I generate a CSR?

You can generate a CSR through your web server software; but before generate a CSR consult your official documentations for server, control panel and operating system which you can get through Google search.

Hide

I have noticed something incorrect in my CSR. What should I do?

You can't modify CSR once it's created. If you found anything incorrect information in your CSR than you have only one option that is to generate a new CSR with the correct details.

Hide

The CSR cannot be decoded. What does that mean and what should I do?

Confirm that you have copied the correct file along with the complete header and footer lines to include all the hyphens, and be sure it is not your previous SSL or self-signed certificate or if it is bundled as a PKCS7 or PKCS12. Or, you could have a password that does not have alphanumeric characters or disallowed characters. If this is the case, you will require to generate a new CSR without the disallowed characters in the password. Keep in mind to use the English alphabet and numbers 0-9 but no special characters.

Hide

What should I do if I receive a 'CSR invalid' error during the certificate activation process?

You may see a CSR invalid error during the certificate activation process due to incorrect format for your certificate and also may be using disallowed characters in the other filed. In this case, you need to generate a new CSR using only the English alphabet and numbers 0-9 and do not use any special characters.

Hide

What is a private key used for?

A private key is important for SSL installation and it should be kept privately on your server. You should not expose it to your SSL provider or other users. Sometimes your web hosting company may ask for your private key to create an SSL secure connection, then you may share it with the only web host. In case, if you lost or deleted your Private Key, then you must generate a new CSR on your server because any Certificate Authority or SSL Provider doesn't provide private key.

Hide

How do I add additional domains to a multi-domain/SAN certificate?

It's easy, Just reissue the certificate to add additional domains to a multi-domain or SAN certificate.

Hide

I entered in the wrong common name, how do I change it?

In case you entered the wrong common name, you can't change it. You have to cancel and reissue your certificate and generate a new CSR with the correct common name.

Hide

I have accidentally deleted my "private key," what can I do now?

Reissue the certificate with a new CSR that was generated on your server.

Hide

I have changed my server, or moved to a different provider; how do I move my SSL certificate?

You can move your SSL certificate to a different server, you need your private key on the active certificate. But, if you don't have your private key then you will have to reissue the certificate with new CSR.

Hide

Is technical support available from the CA? Should I need it?

Certificate Authority (CA) does not provide direct technical support, you have to contact to your SSL provider. Your SSL provider is able to provide support for any technical issue that you are facing. However, you can contact the CA directly for questions and support related to the actual validation process of the SSL certificate.

Hide

How do I download my certificate files?

As you complete your order, the CA will send the certificate to the technical contact email that you listed on the order.

Hide

How can I install my SSL certificate on more than one server?

There are two ways to install SSL certificate on more than one server. First, import the certificate, private key and intermediate files on server #2, #3 etc. Another way is to generate a new CSR and private key on server #2, #03 etc and reissue the active certificate.

Hide

My certificate works in my browser, but my visitors get a Security Alert that says 'The security certificate was issued by a company you have not chosen to trust...' What is the problem?

If visitor's browser unable to identify the certificate or the certificate is outdated or incorrect, then your visitors may face this error message. To solve the issue, first make your visitors are seeing the correct certificate. In case, your visitors seeing the correct certificate, then you can solve this issue by installing the intermediate certificates.

You can download Comodo intermediate certificate from following link- https://support.comodo.com/index.php?/Default/Knowledgebase/List/Index/108/sha-2

Hide

Do I need a dedicated/static IP address to use an SSL certificate?

You can't use an SSL Certificate without a static IP address. You can obtain it from your webserver or you may need to purchase one from your web host if you own/operate your webserver.

Hide

My browser is not showing the green padlock/green bar, why?

There may be several reasons behind not showing the green bar or green padlock, check out the most common reason below -

  1. The issued certificate may be with the SHA-1 hash algorithm. And now browsers trust on the SHA-2 so you need to reissue the certificate with the SHA-2 hash algorithm.
  2. If your HTML elements of the site are linked with http then it may be seen as insecure content and need to update via your system administrator.
  3. Your certificate is issued from an intermediate file and if missing or invalid is, then the green padlock may not show. Make sure that you have installed this alongside your certificate on your server. Your SSL provider can provide this file if you don't have.
  4. In case of incorrect certificate. If you installed an old expired certificate or a certificate provided by your hosting company or a self-signed certificate on the site. You will need to identify the source of the incorrect certificate and contact that party to resolve the issue.

Hide

When trying to go to the site over https, it displays the message 'The page cannot be displayed.' Why is that?

In reality, there may be several reasons behind this sort of error message, some may be related to the certificate or some may be not. So, it will be better to get solution of the error message; just click on detail to get more specific information about the message. Then, tell us; we'll help you to remove this error message.

Hide

Why does the website say the name on the security certificate does not match the name of the site?

There may be some specific reasons, when your the common name in the certificate and URL in the browser are not EXACT match, when www. is missing in the browser or domain in the certificate, if the web host's certificate is incorrectly assigned to your domain name and sometimes it also happens if you purchased a certificate which not cover the specific subdomain that you are looking at.

Hide

Why does the website say the SSL certificate is 'Untrusted'?

The common reason is if the intermediate certificate were never installed. Just install the intermediate certificate to resolve the issue. You can find it here - https://support.comodo.com/index.php?/Default/Knowledgebase/List/Index/108/sha-2

Hide

How can I check to see that my SSL certificate works properly and has been installed correctly?

If you installed a certificate successfully and want to the status of the certificate is has been installed correctly and work properly, just use the SSL checker tool - https://comodosslstore.com/checksslcertificate.aspx

Hide

How can I renew my SSL certificate?

A renewal is similar to purchase a new SSL Certificate. In the industry, 'Renewal' is used as a term by all SSL providers. Further, if you go for "renewal" the remaining time on your existing certificate will be rolled over to your new renewal certificate.

Hide

Do I need to create a new CSR to renew my certificate?

When you renew a certificate, you can use original CSR but this CSR uses the same exact private key which may be a drawback of security. So, we highly recommend to generate a new CSR to renew a certificate.

Hide

Do I need to provide my business verification document again for renewing my OV/EV SSL certificate?

It depends of the type of certificate. Usually, Certificate Authority may use your previous documents to renew process for some certificate, but in case if any information of the organization has changed then you need to submit your new documents again. In case of an EV SSL order, you are required to complete full business validation again if the certificate validated more than 13 months. For OV SSL, you can reuse the previous information up to 39 months from the original order.

Hide

I paid for my renewal, (where is my certificate/why is my site not secure)?

When you paid for your renewal and completed all process of the order, then look at your account or email address to generate or apply for your new order. Once you have generated a certificate, make sure that your new certificate was issued and then installed in place of the old expiring certificate.

Hide

I purchased a renewal certificate, but my website still displays the old certificate. What should I do?

If you have completed a renewal process and installed, but sill displaying the old certificate, then the issue may be with the configuration. To resolve this issue, just restart your webserver (http server) also to uninstall/delete the incorrect/old certificate(s).

Hide

What is a Code Signing Certificate?

Code signing certificate is a digitally signed certificate that used to prove that the code has not been altered or corrupted since it was signed by the author. You can sign many different types of codes including .exe, .cab, .dll, .ocx, and .xpi files.

Hide

How do I generate a Code Signing certificate? Do I need a CSR?

If you want to use in-browser control provided by the Certificate Authority, you must use Firefox as the default browser in order to generate a code signing certificate. The browser is essential because if the browser is not used properly, then you may receive an error message. If you use Firefox as default browser than you will be able to automatically generate the CSR and store the private key within Firefox's file system and this will be due to in-browser controls. This unique private key will automatically be pulled by the corresponding certificate during the installation/download process.

Hide

How do I download my code signing certificate?

As you finish the validation process, the CA will send a 'collection' or 'pick-up' link to the verified email address. Follow the link and download the certificate using the same computer and the same Firefox browser which generated the order. Firefox will pull the previous stored private key automatically and install the code signing certificate. Export the code signing certificate and private key from the browser into a PFX (.p12) file when the downloading has finished.

Hide

Why can't I download my code signing certificate?

You may face trouble to download the code signing certificate and this may happen due to several different reasons. First, if Firefox is not default browser or if you are not using browser properly, then you will receive an error message. Second, if you are not using the same PC which generated the order, in this case if you use a different PC than the corresponding private key will be missed and you will not able to download code signing certificate.

Hide

How do I export my certificate from my browser?

Export your code signing certificate by following simple steps given below, but keep in the mind that the certificate can be generated and export from Firefox browser -

  1. Click the "Open" menu.
  2. Go to 'Options'
  3. Click on "Advanced" or "Encryption"
  4. Select "View Certificates" under the certificate tab
  5. Under Your Certificates, click your certificate name
  6. Once highlighted, select "back up all" and enter in your passphrase

Hide

How do I use my platform's signing tool?

The most common platforms are Microsoft, JAVA, Adobe, etc… The platform is used by developers to sign their applications using specific tools. Each platform is different, so please reference official instructions for your particular platform.

Hide

What platforms can I sign for?

You can use following platforms to sign -

  1. Windows 8
  2. Any Microsoft format (32 and 64 bit), EXE, OCX, MSI, CAB, DLL, and kernel software
  3. Adobe AIR applications
  4. JAVA applets
  5. Mozilla Object files
  6. MS Office Macro or VBA (Visual Basic for Applications) files
  7. Apple Mac software for MacOS 9 and OSX
  8. Microsoft Silverlight applications or XAF files

Hide