Frequently Asked Technical Questions
This page contains technical questions and answers relating to SSL Certificates, Certificate Signing Requests (CSR), installation procedures, troubleshooting and common error messages.
If you have a general question about ordering, payments or choosing the right SSL Certificate, please visit our main Frequently Asked Questions (FAQ) page. Explore Our General Questions and Answers 🔗
If you have a technical question which has not been answered here, you can use the Ask Trustico® Assistant service for immediate help or browse our extensive library of technical articles. Explore Our Blog Articles 🔗
Certificate Signing Request (CSR) Questions
A Certificate Signing Request (CSR) is a fundamental component of the SSL Certificate issuance process. This section answers common questions about generating and managing Certificate Signing Requests (CSR).
Understanding and Generating a Certificate Signing Request (CSR)
A Certificate Signing Request (CSR) is a block of encoded data that is generated by your web server and contains the necessary details about your domain and organization. The Certificate Signing Request (CSR) includes your Public Key which will be incorporated into your SSL Certificate.
For instructions on how to generate a Certificate Signing Request (CSR) on your web server or hosting account, please follow our detailed instructions or the instructions provided by your software provider. Learn About Certificate Signing Requests (CSR) 🔗
Invalid Certificate Signing Request (CSR) Error
There are a number of common issues that would cause the Certificate Signing Request (CSR) to be invalid. When you created the Certificate Signing Request (CSR) you will have been asked for several pieces of information.
Check the Common Name (CN) field. You may have specified an IP address such as 178.0.1.23 or a server name such as mywebserver instead of a Fully Qualified Domain Name (FQDN) such as www.mydomain.com or domain name such as mydomain.com. You must specify a Fully Qualified Domain Name (FQDN) or domain name to apply for most SSL Certificates.
Make sure you do not have any illegal characters in any of the fields in the Certificate Signing Request (CSR). Illegal characters include the following : ! @ # $ % ^ ( ) ~ ? > < & / \ , . " '
Check the country field. If you are located in the United Kingdom, do not specify your country code when generating the Certificate Signing Request (CSR) as "UK" as it must be "GB".
Make sure you have included the header and footer of the Certificate Signing Request (CSR) into the application form. The header and footer will look like the following :
-----BEGIN CERTIFICATE REQUEST----- encoded data -----END CERTIFICATE REQUEST-----
Make sure that there are five dashes on each side of the BEGIN and END Certificate request text. There should also be no trailing spaces in the Certificate Signing Request (CSR).
Changing Your Certificate Signing Request (CSR)
Yes, you can change or correct your Certificate Signing Request (CSR) at a number of stages during the ordering process. You will be asked in the final steps to confirm the details provided. When you have confirmed then you will no longer be able to change details or your Certificate Signing Request (CSR).
Once your SSL Certificate has been issued you cannot change the Common Name (CN) such as the domain name of your SSL Certificate. If you need to change the domain name after issuance, you will need to request a reissue of your SSL Certificate with a new Certificate Signing Request (CSR). Learn About SSL Certificate Reissues 🔗
Recommended Key Sizes for Certificate Signing Requests (CSR)
Trustico® recommends using a minimum key size of 2048 bits for RSA keys when generating your Certificate Signing Request (CSR). This is the industry standard minimum and provides strong security for most applications.
Some organizations choose to use 4096 bit keys for additional security, though this can impact server performance slightly. If you are using Elliptic Curve Cryptography (ECC), a 256 bit key provides equivalent security to a 3072 bit RSA key. Learn About Encryption Algorithms 🔗
E-Mail and Validation Questions
Successful SSL Certificate issuance depends on receiving and responding to validation e-mails. This section covers common e-mail related issues during the validation process.
Missing E-Mail Notifications
Please ensure that you have access to the e-mail addresses used in the ordering process. Also, as Trustico® sends unique URLs in the issued e-mails, be sure that your mail server has not separated or quarantined the e-mails as spam.
You may use the tracking area of our website to resend important e-mails. View Our Order Tracking System 🔗
Missing Approver E-Mail
When ordering a Domain Validation (DV) SSL Certificate, the Approver E-Mail confirms that you control the domain name. It is sent to one of five constructed addresses at your domain : admin@, administrator@, hostmaster@, postmaster@ or webmaster@.
You choose which of these addresses receives the Approver E-Mail during the ordering process. Make sure the chosen address is set up and reachable before you order, otherwise the Approver E-Mail will not be delivered.
As an alternative to the constructed addresses, you can publish a Domain Name System (DNS) TXT record named _validation-contactemail that specifies the contact address to use for validation. Learn About E-Mail Address Handling 🔗
Alternative Validation Methods
Yes, Trustico® offers alternative validation methods for customers who prefer not to use e-mail validation or do not have access to the required e-mail addresses.
File Based Authentication requires you to place a specific file on your web server. Domain Name System (DNS) validation requires you to create a specific Domain Name System (DNS) record for your domain. Both methods provide the same level of validation as e-mail without requiring access to domain e-mail addresses. Learn About File Based Authentication 🔗
SSL Certificate Installation
Installing your SSL Certificate correctly is essential for proper website security. This section covers installation procedures and common installation scenarios.
Installing Your SSL Certificate
SSL Certificate installation varies depending on your web server software and hosting environment. You will need to refer to the documentation provided by your hosting company or software vendor.
Trustico® has compiled installation guides for common server platforms that may assist with the process. View Our Installation Instructions 🔗
Installation Assistance Options
Yes, Trustico® offers a Premium Installation service where our technical team will install your SSL Certificate on your server for you. This service is ideal for customers who are not comfortable with the technical aspects of SSL Certificate installation or who want the assurance that the installation is performed correctly by an expert. Learn About Premium Installation 🔗
Intermediate SSL Certificates and Installation Requirements
To successfully install your SSL Certificate, you may be required to install an Intermediate Certificate Authority (CA) SSL Certificate, also known as a Certificate Authority (CA) Bundle.
Intermediate SSL Certificates form the chain of trust between your SSL Certificate and the Root Certificate Authority (CA) Certificate that is trusted by browsers. Please review your fulfillment e-mail carefully to determine if an Intermediate Certificate Authority (CA) SSL Certificate is required, how to obtain it and correctly import it into your system. Learn About Intermediate SSL Certificates 🔗
Installing an SSL Certificate on Apache
To install an SSL Certificate on Apache web server, you need to configure your Apache configuration file, typically httpd.conf or a virtual host configuration file, with the paths to your SSL Certificate file, Private Key file and Intermediate Certificate Authority (CA) Bundle.
You will need to enable the SSL module and configure the appropriate directives including SSLCertificateFile, SSLCertificateKeyFile and SSLCertificateChainFile. After making changes, restart Apache to apply the new configuration.
Installing an SSL Certificate on Internet Information Services (IIS)
To install an SSL Certificate on Microsoft Internet Information Services (IIS), you need to complete the pending Certificate request in the Internet Information Services (IIS) Manager. Open the Server Certificates feature, select Complete Certificate Request and browse to your SSL Certificate file.
Once imported, bind the SSL Certificate to your website by editing the site bindings and adding an HTTPS binding on port 443 with your SSL Certificate selected.
Installing an SSL Certificate on Nginx
To install an SSL Certificate on Nginx web server, you need to configure your Nginx server block with the paths to your SSL Certificate file and Private Key file. For Nginx, you typically need to combine your SSL Certificate and Intermediate Certificate Authority (CA) Bundle into a single file.
Configure the ssl_certificate and ssl_certificate_key directives in your server block, then restart Nginx to apply the changes.
Testing and Verifying Your SSL Certificate
After installing your SSL Certificate, it is important to verify that everything is working correctly. This section covers how to test your SSL Certificate installation.
Testing Your SSL Certificate Installation
After installing your SSL Certificate, you should test your website by visiting it using HTTPS in your web browser. Check that the padlock icon appears and that there are no security warnings.
You can also use online SSL testing tools that will analyze your SSL Certificate configuration and report any issues with the Certificate chain, expiry date, key strength and server configuration.
Checking Your SSL Certificate Expiry Date
You can check your SSL Certificate expiry date by clicking on the padlock icon in your browser when visiting your HTTPS website and viewing the Certificate details. Alternatively, you can use the Trustico® order tracking system to view the expiry date of SSL Certificates purchased from us.
Trustico® also offers an SSL Certificate monitoring service that will automatically alert you before your SSL Certificate expires.
Verifying Your SSL Certificate Chain
Your SSL Certificate chain consists of your SSL Certificate, any Intermediate Certificate Authority (CA) SSL Certificates and the Root Certificate Authority (CA) Certificate. You can view the Certificate chain by clicking on the padlock icon in your browser and viewing the Certificate path or hierarchy.
A correctly installed SSL Certificate will show a complete chain from your SSL Certificate up to a trusted Root Certificate Authority (CA). If the chain is incomplete, you may need to install the Intermediate Certificate Authority (CA) Bundle.
Common SSL Errors and Solutions
This section covers common SSL Certificate errors and their solutions to help you troubleshoot installation and configuration issues.
Untrusted Certificate Authority Error
Problem : This error message appears when connecting to your website over HTTPS, indicating the browser does not trust your SSL Certificate.
Solution : This usually indicates that the SSL Certificate has not been installed correctly, the Intermediate Certificate Authority (CA) Bundle is missing, or the server requires a physical reboot. First try reinstalling the SSL Certificate including the Intermediate Certificate Authority (CA) Bundle and physically restarting your server. Learn About Intermediate SSL Certificates 🔗
Expired or Not Yet Valid SSL Certificate Error
Problem : This error message appears relating to SSL Certificate validity dates.
Solution : This indicates that the SSL Certificate has expired and needs to be renewed, or the SSL Certificate is not yet valid because it was issued with a future start date. It may also indicate that the time or date is incorrect on the computer being used to visit the website over HTTPS or on the server itself.
Check the system clock on both the client and server. If your SSL Certificate has genuinely expired, you will need to renew it for a further license period. Learn About Renewing Your SSL Certificate 🔗
SSL Certificate Name Mismatch Error
Problem : A name mismatch error occurs when connecting to your website, indicating the SSL Certificate was issued for a different domain name.
Solution : An SSL Certificate is issued to a Fully Qualified Domain Name (FQDN). The actual Fully Qualified Domain Name (FQDN) is digitally signed and sealed within the issued SSL Certificate. The SSL Certificate can only be used on this Fully Qualified Domain Name (FQDN) and nothing else, otherwise a name mismatch occurs.
For example, an SSL Certificate issued to www.yourdomain.com can only be used on www.yourdomain.com. It cannot be used on secure.yourdomain.com or even just yourdomain.com without the www prefix.
If you require a single SSL Certificate that can be used on multiple subdomains then you should consider a Wildcard SSL Certificate. If you need to secure both www and non-www versions of your domain, ensure your SSL Certificate includes both as Subject Alternative Names (SAN). Discover Our Wildcard SSL Certificate Options 🔗
Mixed Content Warnings Explained
Problem : A mixed content warning appears on your HTTPS pages, indicating some resources are being loaded over insecure HTTP.
Solution : This error occurs when you are loading resources such as images, scripts, stylesheets or other files over HTTP when your page is being served over HTTPS.
Either change the resource URLs in your HTML code to use HTTPS, use protocol-relative URLs that start with // instead of http:// or https://, or use relative paths. Ensure all external resources you load also support HTTPS.
Resolving SSL Connection Errors
Problem : The browser cannot establish an SSL connection to your website at all.
Solution : Check that your SSL Certificate has been installed for the correct website and that the site is configured to listen on port 443. Ensure your Private Key is not corrupt or has not been accidentally deleted.
Verify that port 443 is open on your firewall and router. Check that your Domain Name System (DNS) settings are correctly configured to point to your server.
Private Key Issues
The Private Key is a critical component of your SSL Certificate that must be kept secure. This section covers common Private Key related issues.
Recovering from Lost Private Keys
First check your backups and see if you can find the Private Key. The Private Key should be in the same location where you generated your Certificate Signing Request (CSR). If you are using Internet Information Services (IIS), check the Certificate store.
If you have purchased Issuance Insurance from Trustico® you may have your SSL Certificate reissued free of charge with a new Certificate Signing Request (CSR) and Private Key, otherwise you may need to purchase a new SSL Certificate. Learn About Issuance Insurance 🔗
Resolving Pending Request Not Found Errors
If you are attempting to install an SSL Certificate that does not match the Private Key, also known as the Pending Request in Internet Information Services (IIS), you will receive this error.
Internet Information Services (IIS) only allows you to make one Certificate request per site. If you create a new Certificate Signing Request (CSR) for the same website, your original request and Private Key will be overwritten.
If you have a backup of the Private Key, you can install the SSL Certificate via the Microsoft Management Console (MMC) if you can restore the request to the REQUEST folder. If you have lost your Private Key you may need to complete a new order or use Issuance Insurance if previously purchased.
Keeping Your Private Key Secure
Your Private Key should be kept confidential and only accessible to authorized personnel. Store the Private Key in a secure location with appropriate file permissions. Never share your Private Key via e-mail or other insecure channels.
Consider using a Hardware Security Module (HSM) for high-security applications. Always maintain secure backups of your Private Key in case of server failure.
Moving and Migrating SSL Certificates
Sometimes you need to move your SSL Certificate to a different server or hosting environment. This section covers SSL Certificate migration.
Moving Your SSL Certificate to a New Server
You will need to export your current SSL Certificate and Private Key from your existing server and import them into the new server. The export format depends on your server software.
For Windows servers, you typically export as a PFX or PKCS#12 file which includes the SSL Certificate, Private Key and Intermediate SSL Certificates. For Linux servers, you may export the SSL Certificate and Private Key as separate PEM files.
SSL Certificate Formats for Different Servers
Different server platforms require SSL Certificates in different formats. Apache and Nginx typically use PEM format files with .crt or .pem extensions. Internet Information Services (IIS) uses PFX or PKCS#12 format files with .pfx extension. Java-based servers may require JKS (Java KeyStore) format.
Trustico® can provide your SSL Certificate in multiple formats, or you can use standard command-line tools to convert between formats.
IP Address Requirements
Understanding IP address requirements for SSL Certificates helps with server configuration and planning. This section covers common IP address related questions.
Changing Your IP Address and SSL Certificates
An SSL Certificate is issued to a domain name and not an IP address. So long as your web server is hosting the domain name for which your SSL Certificate has been issued, the IP address does not matter. You can change your IP address without needing to replace or reissue your SSL Certificate.
Dedicated IP Address Requirements
Modern web servers and browsers support Server Name Indication (SNI), which allows multiple SSL Certificates to be hosted on a single IP address. This is supported by all current browsers and operating systems, so if you host a single domain you can use name-based hosting without any issues.
If you need to support very old browsers or operating systems that lack Server Name Indication (SNI), you may need a dedicated IP address for each SSL Certificate.
Please note that host headers on older versions of Internet Information Services (IIS) may cause SSL errors if you install multiple SSL Certificates for multiple domains on a single IP address without Server Name Indication (SNI) support.
SSL Certificate Reissues
Sometimes you need to reissue your SSL Certificate during its validity period. This section explains when and how to request a reissue.
Common Reasons for SSL Certificate Reissues
Common reasons for reissuing an SSL Certificate include changing your web server and needing to generate a new Certificate Signing Request (CSR), losing your Private Key, or discovering that your Private Key has been compromised.
You may also need a reissue when adding or removing domains from a Multi Domain SSL Certificate, or when changing the encryption algorithm from RSA to Elliptic Curve Cryptography (ECC). Learn About SSL Certificate Reissues 🔗
Requesting an SSL Certificate Reissue
You can request a reissue of your SSL Certificate through the Trustico® order tracking system. You will need to generate a new Certificate Signing Request (CSR) on your server and submit it as part of the reissue request.
You will then need to complete the validation process again for the new SSL Certificate to be issued. Reissues are provided free of charge during your SSL Certificate validity period. View Our Order Tracking System 🔗
HTTPS Redirects and Configuration
Once your SSL Certificate is installed, you should configure your website to use HTTPS by default. This section covers HTTPS redirect configuration.
Redirecting HTTP to HTTPS
After installing your SSL Certificate, you should redirect all HTTP traffic to HTTPS to ensure visitors always use the secure version of your website.
For Apache web server, you can add redirect rules to your .htaccess file or virtual host configuration. For Nginx, add a server block that redirects port 80 traffic to HTTPS. For Internet Information Services (IIS), you can use the URL Rewrite module to create redirect rules.
HTTP Strict Transport Security (HSTS) Explained
HTTP Strict Transport Security (HSTS) is a security feature that tells browsers to only connect to your website using HTTPS, even if the user types HTTP. Once a browser receives the HTTP Strict Transport Security (HSTS) header from your server, it will automatically use HTTPS for all future connections to your domain.
This helps protect against SSL stripping attacks and accidental insecure connections. You can enable HTTP Strict Transport Security (HSTS) by adding the Strict-Transport-Security header to your server configuration.
SSL Certificate Monitoring
Proactive monitoring helps prevent SSL Certificate expiry and identifies configuration issues before they affect your visitors. This section covers SSL Certificate monitoring.
Monitoring Your SSL Certificate
Trustico® offers an SSL Certificate monitoring service that automatically checks your SSL Certificate and alerts you before it expires. The monitoring service also checks for configuration issues such as incomplete Certificate chains, weak encryption settings and other problems that could affect your website security.
Key Monitoring Indicators
Key aspects to monitor include your SSL Certificate expiry date, so you can renew it before it expires. You should also monitor the completeness of your Certificate chain, the strength of your encryption settings, and whether your server is vulnerable to known SSL and Transport Layer Security (TLS) vulnerabilities.
Regular monitoring helps maintain optimal security and prevents unexpected outages due to expired SSL Certificates.
Automated SSL Certificate Management (ACME)
For organizations that manage multiple SSL Certificates or want to automate the SSL Certificate lifecycle, Trustico® offers automated solutions. This section covers SSL Certificate automation options.
ACME Protocol Explained
Automatic Certificate Management Environment (ACME) is a protocol that automates the process of obtaining, renewing and revoking SSL Certificates. ACME allows you to automatically obtain and renew SSL Certificates without manual intervention, reducing administrative overhead and the risk of expiry.
Trustico® supports ACME for automated SSL Certificate management. Learn About The ACME Protocol 🔗
Supported ACME Clients
There are many ACME clients available for different platforms and use cases. Popular options exist for Linux servers, Windows servers and shell environments.
Trustico® is compatible with standard ACME clients that support the ACME protocol. Learn About ACME Clients 🔗
Certificate as a Service (CaaS) Explained
Certificate as a Service (CaaS) from Trustico® provides a comprehensive solution for automated SSL Certificate management. Certificate as a Service (CaaS) integrates with your existing infrastructure to automatically provision, renew and manage SSL Certificates across your organization.
This is ideal for enterprises managing large numbers of SSL Certificates or those seeking to implement DevOps practices for SSL Certificate management. Learn About Certificate as a Service (CaaS) 🔗
Getting Started with Automated SSL Certificate Management
To get started with automated SSL Certificate management, you will need to obtain External Account Binding (EAB) credentials from Trustico® which link your ACME client to your Trustico® account.
You can then configure your ACME client with these credentials and begin automating your SSL Certificate management. Learn About EAB Credentials 🔗
Most Popular Questions
Frequently asked questions covering SSL Certificate technical topics, including Certificate Signing Requests (CSR), validation e-mails, installation on common web servers, troubleshooting common errors, Private Key security, reissues, and automated SSL Certificate management.
Purpose of a Certificate Signing Request (CSR)
A Certificate Signing Request (CSR) is a block of encoded data generated by your web server that contains details about your domain and organization, including your Public Key. That information is incorporated into your SSL Certificate when it is issued, so a Certificate Signing Request (CSR) is required for every order.
Common Causes of an Invalid Certificate Signing Request (CSR)
Common causes include using an IP address or server name instead of a Fully Qualified Domain Name (FQDN), placing illegal characters in a field, or entering UK instead of GB as the country code for the United Kingdom. Make sure the header and footer lines are both present with five dashes on each side and that there are no trailing spaces in the Certificate Signing Request (CSR).
Changing a Certificate Signing Request (CSR) After Ordering
You can change or correct your Certificate Signing Request (CSR) at several stages during the ordering process, up until you confirm the final details. Once the SSL Certificate has been issued you cannot change the Common Name (CN), so a change of domain name requires a reissue with a new Certificate Signing Request (CSR).
Recommended Key Size for a Certificate Signing Request (CSR)
Trustico® recommends a minimum key size of 2048 bits for RSA keys, which is the industry standard and provides strong security for most applications. For additional security you may use 4096 bit RSA keys, and if you use Elliptic Curve Cryptography (ECC) a 256 bit key provides security equivalent to a 3072 bit RSA key.
Steps for a Missing Validation E-Mail
Check that you have access to the e-mail addresses used during ordering, and confirm that your mail server has not quarantined the messages as spam, because Trustico® sends unique links in validation e-mails. You can use the Trustico® order tracking system to resend important e-mails.
Addresses Used for the Approver E-Mail
The Approver E-Mail can be sent to one of five constructed addresses at your domain : admin@, administrator@, hostmaster@, postmaster@ or webmaster@. As an alternative, you can publish a Domain Name System (DNS) TXT record named _validation-contactemail that names the contact address, so make sure the chosen address is reachable before ordering.
Alternatives to E-Mail Domain Validation
Trustico® offers File Based Authentication, which requires placing a specific file on your web server, and Domain Name System (DNS) validation, which requires creating a specific Domain Name System (DNS) record. Both methods provide the same level of validation as e-mail without needing access to domain e-mail addresses.
The Intermediate Certificate Authority (CA) Bundle
Intermediate SSL Certificates form the chain of trust between your SSL Certificate and the Root Certificate Authority (CA) Certificate that browsers trust. Check your fulfillment e-mail to determine whether an Intermediate Certificate Authority (CA) Bundle is required and how to install it correctly.
Installing an SSL Certificate on Apache
Configure your Apache configuration file, such as httpd.conf or a virtual host file, with the paths to your SSL Certificate file, Private Key file and Intermediate Certificate Authority (CA) Bundle. Enable the SSL module, set the appropriate certificate directives, then restart Apache to apply the configuration.
Installing an SSL Certificate on Internet Information Services (IIS)
Open the Internet Information Services (IIS) Manager and use the Server Certificates feature to complete the pending Certificate request, then browse to your SSL Certificate file. Edit your site bindings to add an HTTPS binding on port 443 with your SSL Certificate selected.
Installing an SSL Certificate on Nginx
Combine your SSL Certificate and Intermediate Certificate Authority (CA) Bundle into a single file, then point the Nginx server block to this combined file and to your Private Key file. Restart Nginx to apply the changes.
Verifying a Successful SSL Certificate Installation
Visit your website using HTTPS and confirm that the padlock icon appears without any security warnings. Click the padlock to view the Certificate chain, which should show a complete path from your SSL Certificate up to a trusted Root Certificate Authority (CA). Online SSL testing tools can also analyze your configuration and report any issues.
Fixing an Untrusted Certificate Authority Error
This error usually means the SSL Certificate was not installed correctly or the Intermediate Certificate Authority (CA) Bundle is missing. Reinstall your SSL Certificate together with the complete Intermediate Certificate Authority (CA) Bundle, then physically restart your server.
SSL Certificate Name Mismatch Errors
This occurs when the domain name in the browser does not match the domain name sealed within your SSL Certificate. For example, an SSL Certificate issued to www.yourdomain.com cannot be used on secure.yourdomain.com or on the bare domain without the www prefix. Consider a Wildcard SSL Certificate for multiple subdomains, or make sure your SSL Certificate lists both the www and non-www names as Subject Alternative Names (SAN).
Causes and Fixes for Mixed Content Warnings
Mixed content warnings appear when an HTTPS page loads resources such as images, scripts or stylesheets over insecure HTTP. Fix this by updating the resource URLs in your HTML to use HTTPS, using protocol-relative URLs, or using relative paths. Make sure every external resource you load also supports HTTPS.
Options After Losing a Private Key
First check your backups and the location where you generated your Certificate Signing Request (CSR). If you purchased Issuance Insurance from Trustico® you may have your SSL Certificate reissued free of charge with a new Certificate Signing Request (CSR) and Private Key. Otherwise, you may need to purchase a new SSL Certificate.
Keeping a Private Key Secure
Keep your Private Key confidential and accessible only to authorized personnel, stored in a secure location with appropriate file permissions. Never share your Private Key by e-mail or other insecure channels, and maintain secure backups. For high-security environments, consider using a Hardware Security Module (HSM).
Changing a Server IP Address and the SSL Certificate
SSL Certificates are issued to domain names, not to IP addresses. As long as your web server still hosts the domain name for which the SSL Certificate was issued, you can change the IP address without replacing or reissuing the SSL Certificate.
Dedicated IP Address Requirements
Modern web servers and browsers support Server Name Indication (SNI), which allows multiple SSL Certificates on a single IP address. Because Server Name Indication (SNI) is supported by all current browsers and operating systems, a dedicated IP address is only needed when you must support very old systems that lack it.
Common Reasons for an SSL Certificate Reissue
Common reasons include changing your web server and needing a new Certificate Signing Request (CSR), losing your Private Key, or discovering that your Private Key has been compromised. You may also need a reissue when adding or removing domains from a Multi Domain SSL Certificate, or when changing from RSA to Elliptic Curve Cryptography (ECC) encryption.
Requesting an SSL Certificate Reissue from Trustico®
Request a reissue through the Trustico® order tracking system by generating a new Certificate Signing Request (CSR) on your server and submitting it with the request. You will then complete domain validation again, and reissues are provided free of charge during your SSL Certificate validity period.
Redirecting HTTP Traffic to HTTPS
For Apache, add redirect rules to your .htaccess file or virtual host configuration. For Nginx, add a server block that redirects port 80 traffic to HTTPS. For Internet Information Services (IIS), use the URL Rewrite module to create the redirect rules.
HTTP Strict Transport Security (HSTS) Explained
HTTP Strict Transport Security (HSTS) instructs browsers to connect to your website only over HTTPS, even when a visitor types HTTP. This protects against SSL stripping attacks and accidental insecure connections. Enable it by adding the Strict-Transport-Security header to your server configuration.
SSL Certificate Monitoring from Trustico®
Trustico® offers an SSL Certificate monitoring service that checks your SSL Certificate automatically and alerts you before it expires. The service also identifies configuration issues such as incomplete Certificate chains and weak encryption settings that could affect your website security.
The ACME Protocol for SSL Certificate Automation
Automatic Certificate Management Environment (ACME) is a protocol that automatically obtains, renews and revokes SSL Certificates without manual intervention. Trustico® supports ACME for automated SSL Certificate management, which reduces administrative overhead and the risk of unexpected expiry.
-
PositiveSSL DV Single Site
Vendor :Sectigo CARegular Price From €16,95 EURRegular PriceSale Price From €16,95 EUR -
Trustico® DV Single Site
Vendor :Trustico CARegular Price From €21,95 EURRegular PriceSale Price From €21,95 EUR -
PositiveSSL DV + Wildcard
Vendor :Sectigo CARegular Price From €134,95 EURRegular PriceSale Price From €134,95 EUR -
Trustico® DV + Wildcard
Vendor :Trustico CARegular Price From €170,95 EURRegular PriceSale Price From €170,95 EUR -
Sectigo® DV Single Site
Vendor :Sectigo CARegular Price From €61,95 EURRegular PriceSale Price From €61,95 EUR -
Sectigo® DV + Wildcard
Vendor :Sectigo CARegular Price From €244,95 EURRegular PriceSale Price From €244,95 EUR
We Match Our Competitors Prices
We'd prefer not to lose your business, if you have found a cheaper price we'll ensure to welcome you as a customer of Trustico® by matching the price you have found elsewhere.
Ask Trustico® Assistant
For Instant Answers - Start Here When You Have a Question or Need Help
SSL Certificates and Front-of-Site Services Lik...
Learn how front-of-site services like Cloudflare affect which SSL Certificate visitors see and how to apply your purchased SSL Certificate to them.
SSL Certificates and Front-of-Site Services Lik...
Learn how front-of-site services like Cloudflare affect which SSL Certificate visitors see and how to apply your purchased SSL Certificate to them.
Understanding X9 Certificates and the Public Tr...
Learn what X9 Certificates are, how X9 PKI differs from public browser trust, and why they are not a substitute for a publicly trusted SSL Certificate.
Understanding X9 Certificates and the Public Tr...
Learn what X9 Certificates are, how X9 PKI differs from public browser trust, and why they are not a substitute for a publicly trusted SSL Certificate.
Why Your SSL Certificate Type and Brand Matter ...
Why the type and brand of SSL Certificate matter across regulated industries, who examines your validation standing, and what is at stake when they do.
Why Your SSL Certificate Type and Brand Matter ...
Why the type and brand of SSL Certificate matter across regulated industries, who examines your validation standing, and what is at stake when they do.
Revocation Status Errors on a Valid SSL Certifi...
A revocation status error such as RevocationStatusUnknown can appear on a valid SSL Certificate. Learn how to confirm it is not revoked and what to do next.
Revocation Status Errors on a Valid SSL Certifi...
A revocation status error such as RevocationStatusUnknown can appear on a valid SSL Certificate. Learn how to confirm it is not revoked and what to do next.
Website Security Checks : Essential Steps to Pr...
Keep your website secure with the SSL Certificate checks that matter most, from expiry and chain coverage to validation levels, issuance controls, and automation.
Website Security Checks : Essential Steps to Pr...
Keep your website secure with the SSL Certificate checks that matter most, from expiry and chain coverage to validation levels, issuance controls, and automation.
Installing an S/MIME E-Mail Certificate in Mozi...
Import a PKCS12 E-Mail Certificate into Mozilla Thunderbird, assign it for signing and encryption, and exchange secured messages with any recipient.
Installing an S/MIME E-Mail Certificate in Mozi...
Import a PKCS12 E-Mail Certificate into Mozilla Thunderbird, assign it for signing and encryption, and exchange secured messages with any recipient.


