DigiCert FAQ

Are DigiCert SSL certificates automatically trusted by browsers?
Yes! DigiCert ssl certificates are automatically trusted in all of today's common browsers including all Internet Explorer 5.01 and above, Netscape 4x and above, AOL 5 and above, Opera 5 and above, Safari, and Mozilla based browsers such as Firefox.

How does a Wildcard Certificate Work?
Our DigiCert SSL Wildcard Certificate provides SSL protection for unlimited first-level sub-domains of the domain name you specify in your Certificate Signing Request (CSR). For example, if you hosted www.your_domain.com, a DigiCert SSL Wildcard Certificate for *.your_domain.com would allow you to secure Unlimited First-Level Subdomains such as:

• www.your_domain.com
• mail.your_domain.com
• admin.your_domain.com
• sales.your_domain.com
• europe.your_domain.com
• anything.your_domain.com

The * character in the common name is the wildcard character. It can take on any first-level subdomain name. The value assumed by the * character must not have a period or 'dot' in it. This is why we say that the Wildcard Certificate will cover unlimited first-level subdomains. The Wildcard Certificate comes with an unlimited server license. This means that you can install the certificate to as many different server machines as you want at no extra cost. The naming scheme requirement described above remains the same for the additional servers.

What is a 'Scalable SSL Certificate'?
Scalable certificates offer a range of encryption bit length. DigiCert Digital Certificates are, by default, 256 Bits in encryption strength. However, some older web browsers only support an encryption length of 40 bits. Rather than force those customers to upgrade their browsers, the DigiCert certificate scales down to 40 bits, thus offering the customer the maximum strength they can support.

What is a 'Site Seal'?
A DigiCert Site Seal is offered FREE ($79 Value) when you purchase a DigiCert SSL certificate, this Site Seal provides a stamp of legitimacy on your site. It provides a dynamic proof that DigiCert has verified your business or organization.

Will DigiCert Digital SSL Certificates work with my server(s)?
Digicert Certificates are standard x509 certificates and they are fully compatible with all common server platforms including all Windows servers, Apache servers, Novell servers, Tomcat Servers, and many, many more.

Why is Authentication and Validation so Important?
SSL Certificates are not only used for encryption, but they also show that a Certificate Authority has verified your company. In this way, the certificate also works as verification of your business. When a Certificate Authority gives out SSL certificates like candy, the Internet becomes an unsafe place with high fraud risks. Before DigiCert issues a certificate, we verify the organizational details of the entity that applied for the certificate. Through this vetting process we build confidence in your customers and we make the Internet a safer place for everyone.

How do I order a certificate?
All of our products can be ordered easily from our home page. Our SSL Certificate support pages have detailed instructions that will help you to create your CSR and Install your certificate. If there is anything that we can help you with, please feel free to contact our customer support team. They will be happy to assist you.

What is a CSR and how do I create one?
CSR stands for Certificate Signing Request. A CSR is simply an encrypted block of text that is generated on your server. We will need a CSR from you in order to create your certificate. For instructions on how to generate a CSR on your server, please see our CSR Creation Instructions.

How do I open the CSR to place it in the DigiCert order form?
A CSR is simply a text file that contains an encrypted block of text. You can open the CSR with any text editor such as Notepad or Wordpad. When you copy the CSR to the order form make sure to include the 'begin' and 'end' tags on the CSR.

What should I do with my private key?
A private key is generated on your server when you generate your CSR. On Windows servers the private key is contained in the 'Pending Request'. As the name implies, the private key is indeed private and therefore should never be publicly available. You must use the exact same private key with your certificate when you install the certificate files we issue to you. If the private key is deleted or lost then the certificate will not work. Therefore, make sure to keep your private key in a safe place. If you are using a Windows server, make sure not to delete your 'Pending Request'.

What should I do to expedite the validation of my order?
If we are unable to validate your organization, the issuance of your certificate can be delayed. Please read and follow the validation requirements to ensure that your certificate is issued as quickly as possible.

How do I download my SSL Certificate files?
Once your certificate is issued you can download your certificate files from inside your DigiCert Account (above). First you need to login using the same username and password you used when you placed your certificate order. Then simply view the details of the order that has been processed. You will see 3 buttons on the order details page for downloading your three certificate files. Download all three.

Where are the instructions for installing my certificate?
For instructions on how to install a certificate on your server, please see our Certificate Installation Instructions in our support webpages. On the left menu, select the server platform you are installing your certificate to. Carefully follow all of the instructions. If you have any questions, please contact our Support Staff. They will be happy to assist you with the installation.

How can I install my Wildcard certificate to more than one server?
Once you have the certificate installed to your first server, it should be possible to export the Wildcard certificate to backup files and import the certificate to your other servers. For our instructions on how this is done, please see the Wildcard SSL installation instructions for additional servers

My certificate works, but my visitors get a Security Alert that says 'The security certificate was issued by a company you have not chosen to trust...' What is the problem?
There is something wrong with the installation of your certificate. When correctly installed it will not give any warnings. We will be happy to help you in any way we can. Have you installed both the root and intermediate certificates? Incomplete installation is most likely the cause of the alert you are receiving. Have you restarted the server since the certificate was installed? Please reference our SSL Certificate Installation Instructions. You will need to select your Server Platform in the menu on the left. Please feel free to contact our support team so that we may further assist you if you still experience problems.

I lost my private key. Can I get my certificate reissued for a new one?
We offer free reissues for the lifetime of every certificate we issue. If you would like to have your SSL Certificates reissued, first generate a new CSR with the same details as the original. Login to your Digicert Account. On the left hand menu, go to the Web-PKI Manager. In the Web-PKI Manager you will see your order(s). Click 'Reissue' for the order you would like to reissue and enter the new CSR. Your reissued certificate will be processed within a few hours. You will receive an email confirming that your reissued certificate has been processed and you can login to your account to collect it. There is no cost for the reissue. If you have any questions please contact our SSL Support Team so that they may help you through this process.

Do I need a unique IP address for my secure site?
Yes. The SSL protocol is designed to use IP-based mapping. SSL does not support host headers. Therefore, you should have a unique IP address assigned to your secure site.

How do I renew my certificate?
All of our products can be ordered from inside your digicert account. Instructions for renewing a certificate can be found on our SSL Certificate Renewal Page.

Do I need to create a new CSR to renew my ssl certificate?
Many servers including Apache servers allow you to install a new certificate to an old request. However, the following servers will not allow you to install a new certificate to an old request:

• All Windows Servers
• Tomcat Servers
• Java-Based Servers

If you have any of the above server platforms, you should place your order for a renewal certificate with a new CSR.

Why do I need to install a different certificate if this is a renewal?
It is not possible for us to extend the life of a certificate that is residing on your server because the expiration date is hard-coded into the certificate itself. Therefore, we must issue a new SSL Certificate to replace the one on your server. When your new certificate is issued, make sure to install all of new certificate files as it is a fully new certificate.