Shortcut to this article: enom.help/ssl-intro
- What do SSL certificates do?
- How does SSL Work?
- What is a CSR?
- Who can obtain an SSL certificate?
- What are the different types of SSL Certificate Validations and how long does it take?
- What does the green address bar indicate?
- Why purchase an SSL certificate with higher assurance?
- Can an SSL certificate be issued to an Individual (not an Organization)?
- Does Enom sell Multi-Domain (SAN) Certificates?
- Does Enom sell wildcard certificates?
- Will my certificate work with both www and without www on a website?
- Are SSL Certificates available for purchase at Enom compatible with mobile browsers?
- How many domain names does a certificate secure?
- Can I upgrade my SSL Certificate?
For more advanced FAQs, please refer to our SSL troubleshooting article.
1. What do SSL certificates do?
SSL Certificates provide two important roles for systems that use them:
- SSL certificates provide security by encrypting the data between the browser and the web server
- Data encryption is critical for financial transactions or other situations where websites are requesting sensitive data from visitors. Many web users will not have confidence that their interactions with the website is secure and encrypted, unless they see the lock icon which provides a visual cue that an SSL certificate has been used to protect data.
- SSL certificates provide identity verification, through domain and organization validation. Only the verified owner of a domain name may purchase an SSL certificate for that domain. For Organization validated SSL certificates, only verified, approved representatives of the organization are permitted to purchase an SSL certificate for domains in use by the organization.
Extended Validation (EV) certificates take identity validation even further. Sites with an EV SSL certificate will cause the address bar on the web browser to turn green. Users are able to view information about the website that will help them to confirm that they are dealing with who they believe they are dealing with.
Both applications of SSL Certificates are important for building a trust relationship with end-users that is required before they will pass along personal, or financial information to websites or online service providers.
2. How does SSL work?
In the case of web browsers surfing secure websites, SSL communication starts with the web browser requesting the digital certificate from the web server. The certificate contains the hostname of the web server, the expiration date of the certificate, and the public key of the web server. The certificate is signed by a Certificate Authority. The web browser can validate all of these pieces of information except for the public key of the web server. If all of the verifiable components pass validation, the web browser will generate its own public key and send it back to the web server. When the web browser's public key is sent back to the web server as a response, it uses the web server's public key, which was contained within the certificate, to encrypt the browser's public key being sent. Now both the web server and web browser will be able to communicate with each other using secure, encrypted communications because they have exchanged public keys.
3. What is a CSR?
A CSR, or Certificate Signing Request, is a file containing your organization’s name, your domain name, your location and your public key.
This information is submitted to the SSL issuer prior to your certificate being issued.
4. Who can obtain an SSL certificate?
Enom partners with leading providers so you can offer a variety of SSL certificates.
Some certificates are available to individuals or groups that are not officially an Organization. However, some of the higher certificates involve organization validation by the Certificate Authority in order to complete the sale. With those certificates, you must be an organization that is registered and is able to be verified.
Currently, residents of the following countries are not able to order or receive SSL certificates from our SSL partners:
- Cuba, Iran, Syria, Sudan, North Korea
These restrictions are due to the inclusion of these countries on the US Government Denied Lists. The listed countries are subject to change. It is also not possible to issue an SSL certificate to any person or organization listed on various US Government Denied Persons lists (e.g. http://www.bis.doc.gov/dpl/default.shtm).
5. What are the different types of SSL certificate validations and how long does it take?
There are three types of Validation used depending on the type of SSL Certificate that you purchased: Domain Validation, Organization Validation, and Extended Validation. The level and process for validation are listed below:
- DV – Domain validation: 1 - 2 Business Days
- OV – Organization validation: 1 - 2 Business Days
- EV - Extended Validation: 1 to 10 Business Days
The methods of validation performed:
- Domain-validated certificates: Only the verified owner of the domain name can purchase an SSL certificate for the domain. Validation is done via email sent to the domain owner. Domain validated SSL certificates can be issued very quickly - often in minutes.
- Domain Control Validation (DCV) Email is sent to Approval Email Address
- Issue time 1-7 days based on the information submitted
- Organization-validated certificates: When corporate identity validation is important, an SSL Certificate for the organization assures customers that the website is trustworthy and secure. Only verified representatives of the organization may purchase these certificates and business licences or other proof is required. The Certificate Authority will verify through phone call to ensure that the certificate request is legitimate.
- DCV email is still sent out to the Approval Email Address
- The certificate issuers will validate the organization through the organizations online presence and/or DUNS (www.dnb.com) or other online business lookups.
- They will also require phone call verification with a public number listed for the organization
- Extended-Validation certificates: In order to be approved for an Extended Validation certificate, the certificate authority will actively check the organization and the individual applying for the certificate. This is to verify that the organization is positively the organization they claim to be, and the individual requesting the certificate is someone who is authorized to request a digital certificate. Extended Validation may take as long as one week to complete.
- Domain verification
- DCV email is still sent out to the Approval Email Address
- A customer wishing to obtain an EV SSL Certificate must own and control the domain name that will utilize the EV SSL Certificate.
- Requester verification
- If necessary, obtain mutual confirmation of the request between the Certificate Authority and the requesting party.
- Typically a contract that will be sent at the end of the validation process to the requesting party. The contract must be signed by an authorized person.
- The Certification Authority must verify that the individual requesting the certificate is acting as a legitimate agent for the requesting company.
- Company verification
- Confirm the existence of the Company through 3rd party sources
- Requires phone call verification with a public number listed for the organization.
- A Certificate Authority will check to make sure that the business is legally recognized and that the formal name matches the official Government records.
- The Certification Authority is required to cross-check the address listed in the certificate application against a qualified government database.
- The Certificate Authority will confirm that the telephone number listed on the certificate application is the primary telephone number for the requesting organization
- Domain verification
6. What does the green address bar indicate?
Web sites using an Extended Validation certificate will cause web browsers to change the address bar to a green color and also to display the name of the Organization to which the certificate was issued. See Why purchase an SSL certificate with higher assurance? below.
7. Why purchase an SSL certificate with higher assurance?
All certificates ensure that the information transmitted is encrypted and secure, but Extended Validation certificates have additional validation of the organization requesting the certificate. This lets the site visitors know that the domain belongs to the company listed on the certificate and that the company exists in government records.
Extended Validation certificates are indicated in web browsers by turning the address bar green, as well as displaying the organization name contained within the certificate. Users visiting a website with this level of validation will have a higher amount of confidence in conducting transactions with that site.
8. Can an SSL certificate be issued to an Individual (not an organization)?
Domain-validated certificates are available to individuals or groups that are not officially an organization. Organization and extended validation certificates require that the entity be an organization.
9. Does Enom sell multi-domain (SAN) certificates?
Enom provides the following SAN certificates:
10. Does Enom sell wildcard certificates?
Enom provides the following wildcard certificates which cover unlimited common names (subdomains) for 1 domain name.
11. Will my certificate work with both www and without www on a website?
GeoTrust, RapidSSL, or COMODO certificates: purchasing www.example.com will secure the root domain example.com.
Symantec certificates: www.example.com will NOT secure the root domain example.com.
For all certificates, purchasing the certificate for any other subdomain will only cover that specific subdomain. You must specify the exact subdomain when generating your CSR. Once a certificate has been issued, the domain cannot be changed.
12. Are SSL Certificates available for purchase at Enom compatible with mobile browsers?
Yes, SSL Certificates available for purchase from Enom are compatible with desktop and mobile browsers. To ensure compatibility, please remember to install the CA Intermediate Bundle included with your SSL Certificate.
13. How many domain names does a certificate secure?
Most certificates will only secure one sub/domain name. (ie: only mail.example.com and not sales.example.com)
Wildcard certificates are valid for an unlimited amount of hostnames beneath a single domain name. With wildcard certificates, the computers using mail.example.com, smtp.example.com, www.example.com as well as any other name based on example.com domain will all be able to use the same certificate.
14. Can I upgrade my SSL Certificate?
Once you purchase a certificate, we can't upgrade it. However, if you need a more secure certificate immediately, you can purchase it and install it on the same web server as the old certificate. If you don't need the more secure certificate immediately, you can wait until the current certificate is near expiry to purchase the desired certificate.