See also:
    • Technical FAQ - Enrollment, ordering and tech questions
    • Jargon Buster

What is SSL?
The SSL (and TLS) protocol is the Web standard for encrypting communications between users and SSL (secure sockets layer) e-commerce sites. Data sent via an SSL connection is protected by encryption, a mechanism that prevents eavesdropping and tampering with any transmitted data. SSL provides businesses and consumers with the confidence that private data sent to a Web site, such as credit card numbers, are kept confidential. Web server certificates (also known as secure server certificates or SSL certificates) are required to initialize an SSL session.

Customers know when they have an SSL session with a website when their browser displays the little gold padlock and the address bar begins with a https rather than http. SSL certificates can be used on webservers for Internet security and mailservers such as imap, pop3 and smtp for mail collection / sending security.

What is an EasySSL Certificate?
EasySSL Certificates uniquely enable businesses to obtain low cost 1 year fully functional single root trusted SSL certificates and are ideal for all websites conducting all levels of ecommerce. ServersAndDomains' partner company owns the root used to issue the certificates, making EasySSL both stable and far easier to install than a chained root install certificate.

EasySSL lowers the barrier of entry for companies that want single root SSL security by providing immediately issued certificates at the lowest cost available.

What is a Single Root SSL Certificate?
When connecting to a webserver over SSL, the visitor's browser decides whether or not to trust the website's SSL certificate based on which Certification Authority has issued the actual SSL certificate. To determine this, the browser looks at its list of trusted issuing authorities - represented by a collection of Trusted Root CA certificates added into the browser by the browser vendor (such as Microsoft and Netscape).

Most SSL certificates are issued by CAs who own and use their own Trusted Root CA certificates, such as those issued by GeoTrust and ServersAndDomains' partner company. As GeoTrust and our partner company are known to browser vendors as a trusted issuing authority, its Trusted Root CA certificate has already been added to all popular browsers, and hence is already trusted. These SSL certificates are known as "single root" SSL certificates.

Some Certification Authorities, like Comodo, do not have a Trusted Root CA certificate present in browsers, therefore they need a "chained root" in order for their certificates to be trusted - essentially a CA with a Trusted Root CA certificate issues a "chained" certificate which "inherits" the browser recognition of the Trusted Root CA. These SSL certificates are known as "chained root" SSL certificates.

Installation of chained root certificates are more complex and some web servers are not compatible with chained root certificates.

For a Certification Authority to have its own Trusted Root CA certificate already present in browsers is a clear sign that they are long-time, stable and credible organizations who have long term relationships with the browser vendors (such as Microsoft and Netscape) for the inclusion of their Trusted Root CA certificates. For this reason, such CAs are seen as being considerably more credible and stable than chained root certificate providers who do not have a direct relationship with the browser vendors.

You can view the Certification Authorities who have their own root certificates by viewing the list in your browser. Click here for instructions.

Chained root certificates require additional effort to install as the webserver must also have the chained root installed. This is not necessary for single root certificates.

Comodo do not own the BeTrusted root used to issue InstantSSL certificates and therefore cannot offer the stability of our single root certificate EasySSL.

Why is stability important for SSL certificates?
All SSL certificates issued by ServersAndDomains are issued from a trusted CA root certificate that is owned by our partner company. This means that all our certificates are stable.

Some SSL certificate providers cannot offer this stability. For example, Comodo InstantSSL do not own their own trusted root, which means that they can only offer chained root certificates chained to a trusted root certificate that they do not own. They rely on the trusted root certificate owner to allow them to issue certificates and have no control over what the owner of the certificate does with the certificate - as has recently been shown when Baltimore has decided to sell its root certificate. The only way to offer a stable chained root product is to own the root being used to issue the chained root certificates.

What browser versions are compatible with EasySSL?
EasySSL is compatible with IE 5.01+, Netscape 7+, Mozilla 1+ and are single root install certificates (they do not use chaining technology), meaning that they are compatible with SSLv2 and SSLv3. Single root certificates are also more widely accepted by web servers with some web servers not accepting chained root technology.

How long are the your SSL certificates valid for?
EasySSL certificates are available from 1 year up to 5 years.

When your SSL certificate expires and you wish to renew with us, we will give you instructions on how to renew with us.

How long does it take to issue my Certificate?
EasySSL is issued immediately.

If you need an SSL certificate right away, you have options. If you can wait 3-5 days, you can get certificates from established vendors that use slow traditional validation methods. However, immediate issuance certificates use alternate validation methods. Please review our information on validation to familiarize yourself with standard methods and question your vendors when in doubt.

Is there a limit to the number of certificates I can order?
We do not limit the amount of EasySSL certificates that can be ordered. Go ahead and get as many as you need!
We limit one EasySSL certificate to a domain name.

What is browser ubiquity or browser recognition?
Browser ubiquity is the term used in the industry to describe the estimated percentage of Internet users that will inherently trust an SSL certificate. The lower the browser ubiquity, the less people will trust your certificate - clearly, if you are operating a commercial site you require as many people as possible to trust your SSL certificate. As a general rule, any SSL certificate with over 95% browser ubiquity is acceptable for a commercial site. EasySSL has a 96% browser ubiquity.

Can I see which Certification Authorities have their own Trusted CA root present in browsers?
Yes. Your browser contains a Trusted CA root certificate store. You can access this by opening Internet Explorer, then go to Tools, select Internet Options, select the Content tab, click Certificates, select the Trusted Root Certification Authorities tab. You will then see a dialog box presenting a list of all Certification Authorities who own their own Trusted CA roots (you can examine the root certificate by double clicking it).

Can I secure multiple subdomains with a single Certificate?
An SSL certificate is issued to a fully qualified domain name (FQDN). This means that an SSL certificate issued to "secure.serversanddomains.com" cannot be used on different subdomains, such as "www.serversanddomains.com". To get around this restriction we will soon have available EasySSL Wildcard Certificates. Wildcard Certificates allow you to secure multiple subdomains on the same domain name, thereby saving you time and money, and of course you do not need to manage multiple certificates on the same server.

So with a single certificate issued to *.yourdomain.com you could protect:

• www.yourdomain.com
• secure.yourdomain.com
• etc.yourdomain.com

What validation processes does ServersAndDomains use?
A trust hierarchy demands that entities "vouch" for each other. Companies that issue SSL certificates are in the business of establishing that entities on the web are, in fact, who they claim to be. The potential for criminal activity on the web (in relevance to SSL anyway), is in online ‘hijacking’ of sites or connections to siphon encrypted data. Persons so inclined can easily "copy" web site interfaces and pose as well known vendors, simply to collect these data.

SSL certificates work to prevent this through ensuring that www.abc.com is, in fact, ABC Co. In the “real world”, we use identification procedures like photo ids, telephone calls and papers of incorporation to know with whom we’re dealing. If products or services are defective, buyers can seek recourse. In the “online world”, companies wishing to use SSL certificates must prove to the certificate authority that they have the right to present themselves online as ABC Co.

This is done through a variety of means in different SSL products. For simplicity’s sake, consider the method started and championed by Verisign, as the ‘traditional’ model. The process involves certificate petitioners faxing in their articles of incorporation, and then waiting several days to be granted a certificate to do business online under that name. There is a fair amount of overhead related to this task, as these credentials are examined and reviewed, and full-service products in this arena can cost hundreds of dollars.

There are newer, lower-cost alternatives in which certificates are issued more quickly. These certificates verify that the certificate holder is the owner of that domain, ensuring customers that URL “owners” are who they claim to be.

There are also other validation options, like two-way, real-time telephony. Certificate applicants are required to provide telephone numbers, and certificate authorities call to verify basic information, yet another way to seek recourse in the event of problems.

As part of the provisioning process with EasySSL, your business will be registered with ChoicePoint* and assigned a ChoicePoint Unique Identifier (CUI) — equivalent to a DUNS number. The CUI provides a corporate profile to your Internet users through information imbedded in your certificate. The business registration profile initially contains the basic self-reported information from your CSR — your Domain, Company Name, Division, Country, State and City. ChoicePoint will allow relying parties to view and purchase additional data about your company. With the ChoicePoint Unique Identifier, industry-recognized domain control authentication, and two-factor telephony authentication, both of these products add further validation to forge the strongest real-time authentication process on the market today.

*ChoicePoint is the nation's leading provider of identification and credential verification services. For more info about Choicepoint go to www.choicepoint.com.

What type of customer service do you offer?
We offer full telephone, email and web support to all our customers. Our support staff are highly experienced in supporting SSL and webservers and will be happy to help you with technical or sales inquiries Take a look at our support area.

What is the Warranty?
We value our customers, so we provide a $10,000 warranty on our EasySSL certificates. The warranty protects the end user if we mis-issue a certificate.

It is worth noting that other SSL Providers use warranty as a means of adding perceived value to their offerings, as such will offer the same certificate with higher warranties and then charge more for the certificate! We want to make it clear that warranty has not been collected on any SSL Certificate, ever! The inclusion of a $10,000 warranty on EasySSL makes ServersAndDomains the lowest cost provider of highly trusted, fully warrantied SSL certificates!