Frequent Questions: SSL Certificates¶
- How do I know a website is secured?
- How long does verification take?
- How often should I renew my SSL certificates?
- What is a CSR?
- What is an intermediate SSL certificate?
- How many servers can be secured with a certificate?
- Can I use my Gandi SSL certificate on a host at another hosting provider?
- What does the SSL certificate’s financial guarantee mean?
HTTPS is the protocol that supports these security measures. On the Internet, you browse non-secure websites with HTTP and secure websites with the HTTPS protocol, for example:
Web browsers will recognize certificates and establish an encrypted connection between the website hosted on a server and the vistors who want to reach the site.
For the majority of cases, the verification process takes less than 24 working hours upon reception of the proof of ID, after which the certificate is provided. Extended validation may, however, take longer, in the event that Sectigo requests additional documentation from you.
You should renew your certificates every year. Some free certificates will automatically renew each year.
The CSR — Certificate Signing Request— is a series of characters that contain your public key information.
When you want to activate an SSL certificate on your server, you must prove the identity of your website and of your company. Your web server will then create 2 encrypted digital keys: one public, and one private.
Public keys are designed to be publicly shared. Private keys—the .key file—remain secret. You must not give it to anyone.
The CSR—a .csr file—will be created by you during the process of generating your certificate.
Without these, it may seem like the certificate does not work correctly with Firefox.
Gandi issues its certificates from a certificate that is “intermediate,” or an inheritor of the trust of the root certificate from the certification authority.
This allows us to reduce risk, since all of Gandi’s certificates can be revoked and reissued without revoking the root should the intermediate certificate’s trust become compromised. Most commercial certificate vendors use intermediate certificates for this reason.
You will want to download and install Gandi’s intermediate certificate (also called the operational certificate authority) along with your Gandi SSL certificate so that visitors to your site can automatically download it and verify the trust chain. Instructions for doing this are provided along with those for installing your certificate.
A certificate is linked to a specific domain name, not a given IP address of a server which hosts the secure service.
If your service is hosted among several machines, only one certificate is necessary. Just ensure that servers with the right domain name (and/or subdomains) are used with the certificate.
You should use a wildcard or multi-domain certificate if you want to secure multiple subdomains.
Certificate errors will appear otherwise.
Yes, you can install it on any server you like, as the certificate is tied to the domain name that you use to generate it rather than to any particular host.
However, in order to be considered valid, the corresponding domain name must resolve, in the DNS, to the host on which it is installed.
Note that in most cases you will need root (or administrator) access to the server on which you want to install the certificate.
In order to protect your customers, you have the possibility (starting with the Pro level offering) of adding additional insurance in the event the security of the certificate is breached.
This insurance will cover financial losses by customer caused by the breach.
This added service, the availability of which you can display on your site via our certification logo, gives your customers the assurance that the transaction is secure and guaranteed.
Having transactions insured makes your business safer to run, and safer for the customer to use, and thus more valuable.