a guide to rapid ssl certificate
1. What is SSL?
2. What is a RapidSSL Certificate?
3. What is a Single Root SSL Certificate?
4. What browser versions are compatible with RapidSSL?
5.Why is DomainPeople providing RapidSSL secure server certificates?
6. How long are the SSL Certificates valid?
7. How long does it take to issue my SSL Certificate?
8. Can I secure multiple subdomains with a single SSL Certificate?
9. What validation processes does RapidSSL.com use?
10. What is the warranty on my certificate?
11. I've submitted my order, how do I get my RapidSSL Certificate?
12. What do I need to enroll for an SSL Certificate for my Web server?
13. What is a CSR and how do I generate one?
14. What do I do if the enrollment form says my CSR is invalid?
15. What is the enrollment process?
16. I am not based in the US or Europe, will the Phone Authentication still work?
17. I have not received any emails from RapidSSL.com since enrolling, how should I proceed?
18. I have not received the "Approval" email from RapidSSL.com, how should I proceed?
19. How do I install my certificate?
1. What is SSL?
The SSL protocol is the Web standard for encrypting communications between users and SSL (secure sockets layer) sites where Ecommerce or sensitive data is exchanged. Data sent via a SSL connection is protected by encryption, a mechanism that prevents eavesdropping and tampering with any transmitted data. SSL provides businesses and consumers with the confidence that private data sent to a Website, such as credit card numbers, will be kept confidential. Web server certificates (also known as secure server certificates or SSL certificates) are required to initialize an SSL session.
Customers can easily detect when they have a SSL session established with a Website because their browser displays the little gold padlock and the address bar begins with an https rather than http. SSL certificates can be used on Web servers for Internet security and mailservers such as imap, pop3 and smtp for mail collection / sending security.
2. What is a
RapidSSL Certificates uniquely enable businesses to obtain low cost fully functional single root trusted SSL certificates.They are ideal for Websites conducting light levels of Ecommerce or sites that provide a secure login area. RapidSSL.com owns the root used to issue the certificates, making RapidSSL both stable and far easier to install than a chained root install certificate.
RapidSSL lowers the barrier of entry for companies that want single root SSL security by providing immediately issued certificates at the lowest cost available.
See a RapidSSL Certificate in action - click here for a Secured by RapidSSL test page.
3. What is a
Single Root SSL Certificate?
When connecting to a Web server over SSL, the visitor's browser decides whether or not to trust the Website's SSL certificate based on which Certification Authority has issued the actual SSL certificate. To determine this, the browser looks at its list of trusted issuing authorities--represented by a collection of Trusted Root CA certificates added into the browser by the browser vendor (such as Microsoft and Netscape).
Most SSL certificates are issued by CAs who own and use their own Trusted Root CA certificates, such as those issued by GeoTrust and RapidSSL.com. Since GeoTrust and RapidSSL.com are known to browser vendors as trusted issuing authorities, their Trusted Root CA certificate has already been added to all popular browsers. These SSL certificates are known as "single root" SSL certificates. RapidSSL.com, a subsidiary of GeoTrust, owns the Equifax Secure eBusiness CA-1 root used to issue its certificates.
Some Certification Authorities, like Comodo, do not have a Trusted Root CA certificate present in browsers, therefore they need a "chained root" in order for their certificates to be trusted - essentially a CA with a Trusted Root CA certificate issues a "chained" certificate which "inherits" the browser recognition of the Trusted Root CA. These SSL certificates are known as "chained root" SSL certificates. Installations of chained root certificates are more complex and some Web servers are not compatible with chained root certificates.
For a Certification Authority to have its own Trusted Root CA certificate already present in browsers is a clear sign that they are long-time, stable and credible organizations who have established relationships with the browser vendors (such as Microsoft and Netscape) for the inclusion in their Trusted Root CA certificates. For this reason, such CAs are seen as being considerably more credible and stable than chained root certificate providers who do not have a direct relationship with the browser vendors.
Chained root certificates require additional effort to install as the Web server must also have the chained root installed. This is not necessary for single root certificates.
browser versions are compatible with RapidSSL?
RapidSSL.com certificates are compatible with IE 5.01+, Netscape 4.7+, Mozilla 1+, AOL 5+, Firefox, Safari and many newer Windows and Mac based browsers and are single root install certificates (they do not use chaining technology), meaning that they are compatible with SSLv2 and SSLv3. Single root certificates are also more widely accepted by Web servers with some Web servers not accepting chained root technology.
5. Why is
DomainPeople providing RapidSSL secure server certificates?
By providing RapidSSL certificates, DomainPeople is lowering the barrier of entry for companies and Websites wishing to secure their low volume and low value online transactions and data with the lowest cost single root install certificates available.
When your SSL certificate expires, DomainPeople will automatically provide you with renewing instructions.
7. How long
does it take to issue a SSL Certificate?
If you need a SSL certificate right away, you have options. If you can wait 3-5 days, you can get certificates from established vendors that use traditional validation methods. However, immediate issuance certificates use alternate validation methods. Please review our information on validation to familiarize yourself with standard methods and question your vendors when in doubt.
RapidSSL and FreeSSL are issued immediately.
8. Can I
secure multiple subdomains with a single SSL Certificate?
A SSL certificate is issued to a fully qualified domain name (FQDN). This means that a SSL certificate issued to "www.yourdomain.com" cannot be used on different subdomains, such as "secure.yourdomain.com".
validation processes does RapidSSL.com use?
Trust hierarchy demands that entities "vouch" for each other. Companies that issue SSL certificates are in the business of establishing that entities on the Web are, in fact, who they claim to be. The potential for criminal activity on the Web (in relevance to SSL anyway), is in online "hijacking" of sites or connections to siphon encrypted data. Persons so inclined can easily "copy" Web site interfaces and pose as well known vendors, simply to collect data.
SSL certificates work to prevent hijacking by ensuring that www.abc.com is, in fact, ABC Co. In the real world, we use identification procedures like photo ids, telephone calls and papers of incorporation to know with whom were dealing. If products or services are defective, buyers can seek recourse. In the online world, companies wishing to use SSL certificates must prove to the Certificate Authority that they have the right to present themselves online as a particular company.
This verification is done through a variety of means in different SSL products. For simplicitys sake, consider the method started and championed by Verisign, as the "traditional" model. The process involves certificate petitioners faxing in their articles of incorporation, and then waiting several days to be granted a certificate to do business online under that name. There is a fair amount of overhead related to this task, as these credentials are examined and reviewed, and full-service products in this arena can cost hundreds of dollars.
There are newer, lower-cost alternatives in which certificates are issued more quickly. These certificates verify that the certificate holder is the owner of that domain, ensuring customers that URL owners are who they claim to be.
There are also other validation options, like two-way, real-time telephony. Certificate applicants are required to provide telephone numbers, and certificate authorities call to verify basic information, which is yet another way to seek recourse in the event of problems.
As part of the provisioning process with RapidSSL, your business will be assigned a Unique Business Identifier equivalent to a DUNS number. The Unique Business Identifier provides a corporate profile to your Internet users through information imbedded in your certificate. The business registration profile initially contains the basic self-reported information from your CSR your Domain, Company Name, Division, Country, State and City. Your Unique Business Identifier will allow relying parties to view and purchase additional data about your company. With the Unique Business Identifier, industry-recognized domain control authentication, and two-factor telephony authentication, both of these products add further validation to forge the strongest real-time authentication process on the market today.
It is worth noting that other SSL Providers use warranties as a means of adding perceived value to their offerings.They then, offer the same certificate with higher warranties and charge more for the certificate! RapidSSL wants to make it clear that warranty has not been collected on any SSL Certificate, ever. The inclusion of a $10,000 warranty on RapidSSL makes RapidSSL.com the lowest cost provider of highly trusted, fully warrantied SSL certificates.
submitted my order, how do I get my RapidSSL Certificate?
RapidSSL employs a two-level automated vetting process. You must complete both stages of the vetting process before your SSL certificate can be issued.
Stage 1: Telephone Authentication
As part of the enrollment process you will be prompted to complete the Telephone Authentication. This is where RapidSSL will place an automated call to your telephone number and ask you to enter a PIN they display on screen, so ensure you have access to a telephone when you enroll.
If you do not have access, or experience any difficulty in completing the Telephone Authentication during enrollment do not worry. RapidSSL will also send you an email specifying how you can attempt the process again. If you still have problems, please call RapidSSL technical support immediately at (720)-359-1590 or +44 870 4325190 and they will assist you in completing the process manually.
Stage 2: Approver Email
When you have successfully completed the Telephone Authentication, RapidSSL will send an Approver email to the designated Approver email address. You must select the Approver email address during enrollment. Your Approver email address would either be:
The email address associated with your WHOIS contact (if you are unsure
you can check this address by searching the WHOIS database at www.internic.com),
or a generic email address such as:
Unless the Approver receives this email and approves the application by clicking on the link within the email, your certificate cannot be issued. If you are the administrator of the Approver email address please check any spam filters and virus protection folders in case the email has been quarantined.
If you experience any difficulties, contact RapidSSL technical support team at:
600 17th Street, Suite 2800 South
Denver, Colorado, USA 80202
Tel: 720 359 1590
Fax: 720 528 8160
Office hours: 1 AM to 9 PM EST
155 Regents Park Road
London, England, NW18BB
Tel: +44 870 4325190
Fax: +44 870 4325191
Office hours: 6 AM to 2 PM
A Web server that is capable of running SSL
Access to the SSL configuration functions of your Web server (you may need to speak to your Web host if you cannot readily identify where these functions are)
A Certificate Signing Request (CSR)|(see below)
a CSR and how do I generate one?
A CSR is a Certificate Signing Request. It is a block of encoded data that is generated by your Web server and contains the necessary details about your domain and organization. For instructions on how to generate a CSR on your Web server click here.
What do I do if the enrollment form says my CSR is invalid?
There are a number of common issues that would cause the CSR to be invalid. When you created the CSR you will have been asked for several pieces of information.
Check the common name field. You may have specified an IP address (e.g. 18.104.22.168) or a server name (e.g. myWebserver) instead of a Fully Qualified Domain Name such as www.mydomain.com or domain name such as mydomain.com. You must specify a Fully Qualified Domain Name or domain name to enroll for a RapidSSL certificate.
Make sure you do not have any illegal characters in any of the fields in the CSR. Illegal characters include: ! @ # $ % ^ ( ) ~ ? > < & / \ , . " '
Check the country field. If you are located in the United Kingdom, do not specify your country code when generating the CSR as "UK." It must be "GB".
Make sure you have included the header and footer of the CSR into
the enrollment form. The header and footer look like:
----BEGIN CERTIFICATE REQUEST -----
-----END CERTIFICATE REQUEST------
Make sure that there are 5 dashes on each side of Begin and End certificate request. There should also be no trailing spaces in the CSR.
15. What is
the enrollment process?
The enrollment process is online and immediate and includes telephony based validation. You must be near, or have access to, a telephone or cell phone to complete the enrollment process in one step, which takes about 5 minutes.
If you do not have access to a telephone when the enrollment is taking place you can complete the telephony validation at a later time. RapidSSL will send you an email containing a link you will be able to process at any time. It is very important that you do not lose this email, doing so will delay the issuance of your certificate. If you do lose your email please contact RapidSSL immediately. Please note that until the telephony validation is complete RapidSSL will not be able to issue your certificate.
17. I have
not received any emails from RapidSSL.com since enrolling, how should I
Please ensure that you have access to the email address used in the application process. Also, as RapidSSL sends unique URLs in the issued emails, be sure that your mailserver has not separated or quarantined the emails. They will be from firstname.lastname@example.org.
18. I have
not received the "Approval" email from RapidSSL.com,
how should I proceed?
The Approval email will be sent to the authorized domain name owner or administrative contact. When you apply for your certificate, you'll obtain the authorized domain contacts for your domain name. You may then choose to have the approval email sent to either the authorized domain contact, or alternatively you will be able to choose a generic domain contact such as:
In order to receive the approval email, make sure that you have set up the email addresses you specify during the application process. If you need to change the approver email address, please contact RapidSSL.
19.How do I install my certificate?
Please refer to the RapidSSL installation pages of our support section.