FAQ – frequently asked questions

Here you will find answers to frequently asked questions related to SSL certificates

Which SSL certificate do I choose?

Our certificate selection guide will help you select the right certificate for your needs.

If the selection guide did not help you choose a certificate, you can contact our customer service. We will be happy to assist you in finding the right certificate for your requirements.

How do I pay for the certificate?

After ordering the SSL certificate, you will receive a request for payment. The request will be sent to the e-mail address that you stated in the invoice details. After receipt of the payment, a tax voucher will be sent to the same e-mail address.

You can pay your order either by direct debit, or online by credit card or Pay Pal. More Information can be found in the help section of your customer account.

If you did not receive a payment request or you have any other questions, do not hesitate to contact our customer service.

Why is the SSL certificate not trustworthy?

The trustworthiness of the SSL certificate is issued by the certificate authority – a chain of trust is established. Missing intermediate certificates are a common reason for the certificate to not be trusted. In this case, a warning message about an unknown certificate issuer will be displayed in the browser of the website visitor. To solve this problem, you only need to add the intermediate certificate to your webserver.

Why is there no lock symbol being displayed in the browser?

If you can’t see a lock in your browser, it means that a certain part of your web is being read by an insecure protocol. In order to fully secure the web and show the lock symbol, all parts of the website must be read via HTTPS. If for instance a JavaScript (Google analytics) or graphic is uploaded to your website via the insecure HTTP protocol, the protection will not be complete and the lock symbol will not be displayed.

How do I add or change a SAN in the certificate

Adding or changing a SAN name is possible, if the SAN certificate was issued with at least one SAN. Please contact our customer support if you would like to add a SAN name.

Every new SAN name must be paid according to the current price list, if it was not already paid when ordering the certificate.

How do I double check the installation?

You can check if the installation was successful by clicking on the SSL Labs Server Test Link by Qualys which you can find in the order details in your customer account. This test does not only check the accuracy of the installation, but also the quality of the protection of your server.

What does CSR mean and how do I acquire it?

The public key (CSR) is essential for the issuing of the SSL certificate. The public key will be generated by your webhost or the administrator of the server on which the domain runs, that is to be secured.

More information and instructions for the public key can be found in an independent article.

Can I use the certificate on another server?

Yes. The certificate is only linked to the private key. If you export your certificate along with the private key, you can import it to another server and use it there. However, a simultaneous use of one certificate on several servers is limited (see below).

Can I use the SSL certificate on multiple web servers?

The SSL certificates have a limited number of server licences, depending on the conditions of the respective certification authority. The certificates by GeoTrust, RapidSSL and Thatwte can be used on an unlimited number of servers. Only the certificates by Symantec need a licence for each web server. If you want to use the Symantec certificate on two web servers at the same time, you need to buy a second server license.

How do I export the SSL certificate?

The SSL certificate can either be exported on its own, or along with the private key. On the Microsoft platform, the format PFX, on which the certificate is saved along with the private key, is used for the export. On an Apache server, the certificates are usually managed with the tool OpenSSL, which makes it possible to export the certificates into different formats. On the Apache server, the files are saved in a text format along with the certificates and the keys, so they can be exported by simply copying them.

What are private and public keys?

The private key is being issued during the generation of the certificate request and must not leave the server, as its acquisition allows the use of the server’s SSL certificate.

The public key represents a certificate request, which is sent to the certificate authority. After the validation process, the certificate authority signs the public key and issues the certificate.

During the SSL communication, the files will be encoded on the server with the public key (the one holding the certificate), and decoded on the server with the private key.

What is an intermediate certificate and what do I need it for?

The intermediate certificates establish the trustworthiness of the SSL certificate and need to be installed on the web server along with the certificates. The cause of an incorrectly installed certificate lies often in the missing intermediate certificate. In that case, an error message about an unknown certificate issuer will be displayed in the browser. The problem can be solved by adding the intermediate certificate on the web server.

How do I change the data in the certificate?

The data cannot be changed in an already issued certificate. If you would like to change the data in your certificate and the issuing is less than 30 days ago, contact our customer support team, who will be happy to help you.

I can’t install the certificate. I don’t have a private key.

If you have issues installing the SSL certificate (e.g. matching the certificate with the CSR) the certificate can be issued again with a new CSR free of charge. The same applies if the private key got lost or stolen. Our customer support team will be happy to assist you.

Our customer service team is always willing to help. You can also contact us directly from your customer account – you just need to send us the authorised request.