FAQ - frequently asked questions

In the FAQ you will find answers to the most common questions about TLS certificates. You will also find related terminology.

FAQ - frequently asked questions
You can use our certificate selection guide to choose the right TLS certificate. If you still do not know how to choose the right certificate, please do not hesitate to contact our customer support for advice on choosing the right certificate.

You can also contact us directly from your customer account by sending a request from the Authorized Request menu.
After placing the certificate order, a payment request is sent to the selected billing email. Once we receive your payment, the tax receipt will also be sent to this billing email address.

You can pay by bank transfer, credit card or PayPal online. See the customer account help for more information. If you have not received a payment request or have other issues, please contact customer support.
A trustworthy certificate is ensured by its connection to the Intermediate authority certificates in the so-called chain of trust. A frequent trust error is the missing Intermediate certificates on the server, resulting in a customer’s browser warning about an unknown SSL/TLS certificate issuer. After Intermediate certificates have been added to the server, the problem is fixed.
If your browser does not display a lock as a security symbol, some of your site sections will be loaded over an insecure protocol. All page elements must be fetched over HTTPS for complete web security and symbol display. For example, if a page is loaded with JavaScript (Google Analytics) or an image over a non-secure HTTP protocol, the security is incomplete and the lock symbol does not appear.
Modifying and adding SAN names is possible for all TLS certificates except RapidSSL. To add a SAN name to the certificate (FQDN domain), use your customer administration or contact customer support. In addition, each individual SAN name will be charged according to the current price list if it has not already been paid in the certificate order.
The TLS certificate installation can be checked online. We provide a custom installation control tool that connects to the specified domain and checks the installation of the certificate. If a problem is found, the verifier will alert you and suggest a solution. If you have a frequent problem with Intermediate certificates, will offer the right certificates for you to download, so you don't have to search for them.

Make sure you have installed your certificate correctly: Check certificate installation .
A public key (CSR) is necessary to issue a TLS certificate and use on a server. This public key (CSR) is generated by the administrator of your website (webhosting company) on the server where the domain that certificate secures is located. You can also generate the CSR directly in SSLmarket and then provide the server administrator with stored private key and with the certificate.

For more information and how to generate a public key, see the article about the public key (CSR).
Yes, the matches the private key only, nothing more. If you export the certificate together with the private key, you can import it to another server and use it. Use of the certificate on multiple servers at the same time is unlimited!
All DigiCert TLS certificates have an unlimited server licence. You can use it on more physical servers.
The certificate can be exported either separately or together with a private key. On the Microsoft platform, the PFX format is used for export, in which the certificate is together with the private key. On Apache, certificate management is typically performed through OpenSSL, which allows you to export the certificate to various formats. To export from Apache, simply copy the key and certificate files. They are saved in text format and you can use it anywhere.
The private key is created when the certificate request is made on server and must not leave the server under any circumstances, since it is possible to use the server's TLS certificate to obtain it. Then the private key is compromised and you should revoke the certificate.

A public key (CSR) is a certificate request which is sent to a Certification authority; after verification, the authority signs the public key and creates a TLS certificate.

During TLS communication, data on the client side is encrypted with the server's public key (certificate) and encrypted with private on the server.

You must have the appropriate private key to deploy and use the certificate. See our Key Matching Tool to see if it the certificate matches your private key.
Intermediate certificates are used for establishing trust of the leaf certificate and must be installed on the server along with your domain certificate. A common mistake is forgetting to import Intermediate certificates on the server during installation, which causes the visitor's browser to display a warning about an unknown TLS certificate issuer. Adding the intermediate certificat to the server fix this issue.
Data in an already issued certificate cannot be changed. If you need to change your certificate information and it has not been 30 days since it was issued, contact customer support to help resolve the issue.
If you have a problem installing the certificate, which is mostly caused by a missing private key, you can reissue the certificate for free with a new CSR request. Do the same if you delete or compromise the private key. The reissue could be started anytime in your customer administration.

Feel free to contact our customer support to assist you to make the reissue.

Didn't find the answer to your question?

Our certified staff have prepared the most important information regarding our SSLmarket system and TLS certificates in general in the Help section. Topics in Help are sorted to several sections for our better orientation.

To the Help