Home > Knowledgebase > SSL Certificates > General Questions > Frequently-Asked Questions (FAQ)

Frequently-Asked Questions (FAQ)

1. What is SSL?

The SSL protocol stands for Secure Sockets Layer and is the Web standard for encrypting communications between users and websites. It was developed by Netscape for transmitting private documents and data via the Internet in secured way. Secure Sockets Layer (SSL) technology protects your Web site and makes it easy for customers to trust you. SSL creates an encrypted connection between a web server and a web browser to ensure that all data transmitted remains private and secure, preventing eavesdropping and tampering with any transmitted data. SSL provides businesses and consumers with the confidence that private data and sensitive information sent to a Web site, such as credit card numbers, is kept confidential.

Customers know a website is protected with an SSL certificate when their browser displays a little gold padlock and the address bar begins with an https:// rather than http://. Higher-end SSL certificates, known as EV (extended validation) certificates, are identified by a green address bar, which adds even more security and trust to a website.

Each SSL Certificate contains unique, authenticated information about the certificate owner. Every SSL Certificate is issued by a Certificate Authority (CA) that verifies the identity of the certificate owner.

2. Why do I need SSL?

There are many reasons why a website needs an SSL certificate. First of all, SSL certificates help websites gain an advantage over their competition by appearing more trusted and more legitimate. Also, these certificates provide assurance to website visitors that their data cannot be tampered with or forged by hackers. SSL certificates also ensure that a customer’s sensitive data, like personal information, credit card details, social security number, etc. can be transmitted securely from web browser to server.

3. Why are your prices so low?

We have strategic partnerships with many of the industry’s leading Certification Authorities (CAs). We buy SSL certificates in huge quantities, which is why we can offer you wholesale prices. You get exactly the same certificate, same quality, same brand, same satisfaction/technical guarantee, and the same support as you would by buying direct, just at much lower prices!

4. How long does it take to issue my SSL Certificate if I place order with you?

We will send you email with SSL enrollment link as soon as you complete your order of any SSL product with us. RapidSSL, RapidSSL Wildcard, and GeoTrust QuickSSL Premium Certificates are issued within a few minutes once you complete the SSL enrollment process.

GeoTrust True BusinessID Certificates are premium SSL Certificates. All True BusinessID orders are typically processed within 2 – 3 working days, from the time GeoTrust receives your business documents. Depending on your order, it may take more or less time to complete. For detailed information about all certificates, please visit the individual product pages of each SSL certificate at Hostedo.

5. Is there a limit to the number of certificates I can order?

No, we do not limit the amount of SSL certificates that can be ordered. Go ahead and get as many as you need!

6. How does a certificate work?

The end-user’s browser requests a secure channel (via “https:”) from the server, and then – if the server has an SSL certificate – the browser and the server negotiate their highest common encryption strength (e.g., 128-bits), and then exchange the corresponding encryption keys (this exchange is normally done using 1024-bit encryption strength). The 128-bit encryption key is then used for this particular instance of SSL, for all from-to exchanges between the browser and the server. The next https session will have a new session key.

The certificate guarantees the security of the connection between the browser and the server. Once data is in the server, it is up to the server admin to make sure the data remains protected.

7. What type of customer service do you offer?

We offer email- and ticket-based support to our customers, with a guaranteed response time of less than one hour (average response time is 35 minutes). We provide support 24/7, thus you can rest assured to get help anytime you need it. Our support staff is highly experienced in supporting SSL and webservers and will be happy to help you with any and all technical inquiries.

8. What is an SSL Warranty?

Our customers are of the utmost importance to us, which is why we only offer trusted SSL Certificates that include a warranty just in case the certificate was issued incorrectly, meaning issued to a third-party site that did not properly get verified and caused the end-user harm.  Our warranties start at $10,000 and go all the way to $1,500,000. You can see the specific warranty information on every SSL product page.

Warranties protect the end-user by guaranteeing that the SSL certificate was issued to the appropriate party. Warranties are important when considering an SSL certificate purchase; it means that the issuing vendor is standing behind their certificate and its validation methods. Be wary of any certificate that does not offer some kind of warranty.

We strongly recommend only purchasing SSL Certificates from reputable Certificate Authorities (CAs) such as, Symantec (VeriSign), RapidSSL, GeoTrust, Thawte or Comodo.

9. What is your certificate replacement / re-issuance policy?

We offer free replacement / re-issuance for all certificates which are ordered within 7 days from the certificate issue date. Refunds are also only issued within 7 days from the initial certificate issuance.

To replace a certificate within 7 days of issuance, send an email containing the new CSR request along with the Order ID & Invoice Number to

10. Do I need a Dedicated IP Address for SSL?

Yes. To make the SSL certificate work, a Dedicated IP Address is required.

11. Can I secure multiple subdomains with a single SSL Certificate? 

An SSL certificate is issued to a fully qualified domain name (FQDN). This means that an SSL certificate issued to “” cannot be used on different subdomains, such as “”. To get around this restriction, we have Wildcard Certificates available. Wildcard SSL Certificates allow you to secure multiple subdomains on the same domain name, thereby saving you both time and money. And, of course, you do not need to manage multiple certificates on the same server.

So with a single certificate issued to “,” you could protect:


12. What are Wildcard SSL certificates?
A standard SSL Certificate would only secure, requiring you to purchase an additional certificate for Wildcard certificates use Subject Alternative Names (SANs) to secure multiple subdomains on the same domain, thus saving you time and money. For example, a certificate for * secures,, etc.

13. What are SAN/UC SSL certificates?
Subject Alternative Names (SAN) or Unified Communications (UC) certificates allow for multiple domain names to be protected with a single certificate. For example, you could get a certificate for, and then add more SAN values to have the same certificate protect, and even

14. What are SGC SSL certificates?
Server Gated Cryptography (SGC) SSL Certificates enabled older browsers to connect to websites using 128-bit encryption even if the normal browser encryption rate was 40-bit. At one time this seemed to provide a great advantage to many websites. Today, SGC certificates are widely considered to be obsolete, since many parties are aware that facilitating the use of older, insecure browsers creates more security concerns.

15. What are DV, OV & EV SSL certificates?
Domain Validated (DV) certificates are certificates where the CA checks the right of the applicant to use a specific domain name. No company identity information is checked and no information is displayed other than encryption information within the Secure Site Seal.
Organization Validated (OV) certificates are certificates where the CA checks the right of the applicant to use a specific domain name in addition to conducting some scrutinizing of the organization. Additional company information is displayed to customers when clicking on the Secure Site Seal, thereby enhancing trust.
Extended Validation (EV) certificates are certificates where the CA checks the right of the applicant to use a specific domain name, in addition to conducting a thorough scrutinizing of the organization. The displayed company information when the Secure Site Seal is clicked instills the highest level of trust in the website visitors.

16. What is a Trust Seal/Mark?
The presence of a Trust Seal create trust between a website and its visitors and increase conversion rates. A Trust Seal shows visitors that a company is committed to protect them and their information. Visitors can simply click on the Trust Seal/Mark to view website security information including website/company information, assuring them that the website is authentic and protected.

17. What is a CSR?
A CSR or Certificate Signing Request is a block of encrypted text that is generated on the server that the SSL certificate will be used on. It contains information that will be included in your certificate such as your organization name, domain name, locality, and country. You cannot obtain an SSL certificate without a CSR. Generating a CSR on the server where you plan to install your SSL certificate is the first step to getting an SSL certificate. Please contact your server administrator to generate your CSR. You may test your CSR using our free CSR Checker tool.

18. How does the buying process work?
The buying process for any certificate on our website is fairly simple. You:
-Add the certificate to the Shopping Cart
-Enter your details on a Customer form
-Make the purchase via PayPal or supported Credit Card
-Receive an email with a link to complete the verification process with the chosen Certificate Authority (CA).

19. What happens after the buying process?
After you generate a CSR and submit your order via the link in the email, the vendor will validate your domain by matching the Registrant on your domain name’s WHOIS record to your company name. Please ensure that the Registrant on your domain and the Organization field in your CSR both match your legally registered name for the quickest and easiest validation. This may take up to 48-72 business hours, after which they will send an email to the Administrative/Technical Contact listed on your domain name’s WHOIS registry with further instructions on how to proceed, depending on the SSL certificate you chose.

20. What is browser ubiquity or browser recognition?

Browser ubiquity is the term used in the industry to describe the estimated percentage of Internet users that will inherently trust an SSL certificate. The lower the browser ubiquity, the less people will trust your certificate. If you are operating a commercial site, you require as many people as possible to trust your SSL certificate. As a general rule, any SSL certificate with more than 95% browser ubiquity is acceptable for a commercial site.

Ubiquity is, however, not the only consideration in deciding whether one SSL certificate is better than another. Many companies running high-transaction, high-volume web sites need to maximize customer confidence and therefore buy certificates from well-known, experienced security vendors and mostly use the major players like GeoTrust and Symantec/VeriSign, who are both WebTrust compliant.

If you have a low-volume website and you decide that your customers’ confidence is not affected at all by the brand behind the SSL certificate, then RapidSSL or RapidSSL Wildcard certificates are ideal. However, all our other certificates are more than suitable as well, depending on your specific needs.

21. What are Chained and Single Root SSL Certificates?

When connecting to a webserver over SSL, the visitor’s browser decides whether or not to trust the website’s SSL certificate based on which Certification Authority (CA) has issued the actual SSL certificate. To determine this, the browser looks at its list of trusted issuing authorities – represented by a collection of Trusted Root CA certificates added into the browser by the browser vendor.

Most SSL certificates are issued by CAs who own and use their own Trusted Root CA certificates, are both known to browser vendors as trusted issuing authorities, their Trusted Root CA certificates have already been added to all popular browsers, and hence are already trusted. These SSL certificates are known as “single root” SSL certificates.

Some Certification Authorities do not have a Trusted Root CA certificate present in browsers, or do not use the root they do own, and use a “chained root” in order for their SSL certificates to be trusted – essentially a CA with a Trusted Root CA certificate issues a “chained” certificate which “inherits” the browser recognition of the Trusted Root CA. These SSL certificates are known as “chained root” SSL certificates. Installation of chained root certificates is a rather simple process and instructions are available in the webserver manuals as well as on the support sites of CAs.

A Certification Authority that has and uses its own Trusted Root CA certificate already present in browsers is a clear sign that they are an experienced, stable, and credible organization that has a long term relationship with the browser vendors for the inclusion of their Trusted Root CA certificates.

All SSL certificates issued by our vendors are issued from a trusted CA root certificate that is owned by the vendor. This means that all of our certificates are stable.

22. What is a RapidSSL Certificate?

RapidSSL Certificates uniquely enable businesses to obtain low-cost, 1 year, fully functional single root trusted SSL certificates and are ideal for websites conducting low levels of e-commerce. RapidSSL lowers the barrier of entry for companies that want single root SSL security by providing immediately issued certificates at the lowest cost available.

23. I may need to change my IP address for my webserver, does this matter?

No. An SSL Certificate is issued to a domain name and not an IP address. So, as long as your webserver is hosting the domain name for which your SSL certificate has been issued, the IP address doesn’t matter.

24. My webserver hosts many sites on a single IP address; can I install a certificate for each domain name?

The SSL protocol encrypts the domain name when an SSL session is being established. If you are hosting many websites each with their own SSL certificate on the same webserver, each website must have a unique IP to ensure that the webserver knows which domain the SSL session should be for. If you only host a single domain, then you can use name-based hosting. However, if you host multiple domains on the same server then you must use IP-based hosting. Please note that host headers on Microsoft IIS will cause SSL errors if you install multiple SSL certificates for multiple domains on a single IP address.

25. With which web server/mail server do your SSL Certificates work?

Our certificates work with all major web servers and mail servers.

Web server software:

  • Apache / Apache2 / ApacheSSL / ModSSL / OpenSSL / SSLEAY
  • Apache + Raven
  • C2Net Stronghold
  • Cobalt Series
  • cPanel / WHM
  • Ensim
  • Helm
  • IBM Domino Go
  • iPlanet Enterprise Server 4.1
  • Jakarta -Tomcat
  • Lotus Domino 4.6 – 5.x
  • Microsoft Internet Information Server (IIS) 4.x
  • Microsoft Internet Information Server (IIS) 5.x & 6.x
  • Netscape Enterprise 3.51
  • O’Reilly WebSite Professional 2.x
  • Deerfield (O’Reilly) Website Professional 3.x
  • Plesk
  • WebSTAR 4.x – 5.x
  • Zeus Web Server v3

Mail server software:

  • Exchange / Outlook Web Access (OWA)
  • CPPop (cPanel mail server) and other stunnel based mail servers
  • Postfix

Courier IMAP

Copyrights 2020 - Hostedo Ltd. - All rights reserved.