HomeDomain Name RegistrationWeb DesignWeb HostingDatabase DevelopmentE-commerce DevelopmentContact Us
Support Call: 0202359214 / +254 723551140

Search for:


 
Frequently Asked Questions  
   
 



F
R
E
Q
U
E
N
T
L
Y

A
S
K
E
D

Q
U
E
S
T
I
O
N
S

 

Frequently Asked Questions
 

What is a Web Server Certificate?
How does a Web Server Certificate work?
What is the difference between a High and a Medium Assurance (i.e., Turbo SSL) Web Server Certificate
What Is the Encryption Strength of your Web Server Certificates?
What is the difference between a Web Server SSL Certificate and a Wild Card Web Server SSL Certificate?
What is SSL?
How does the customer know that a site is secure?
What happens when my certificate expires?
What does it mean to revoke a certificate?
What does it mean to reissue a certificate?
What does it mean to re-key a certificate?
What is browser ubiquity?
How long does it take to issue an SSL Certificate?
What information do you validate, and why?
What happens if validation fails?
How do I install my SSL certificate?
How do I generate a Certificate Signing Request (CSR)?
How do I monitor the progress of my certificate request?
How do I obtain a Domain Registration Letter?
What is an intermediate certificate?
How do I install an intermediate certificate?
What happens if I don't install the intermediate certificate?
Why do visitors receive a security alert when accessing my secure site?
What if I lose my password?
Does a Web Server Certificate secure both "www.domainnamegoeshere.com" and "domainnamegoeshere.com"?
Why is my secure site not displaying the "padlock" icon in the browser's status bar?
Which Countries Are Currently Supported for Certificate Issuance?

WHAT IS A WEB SERVER CERTIFICATE?
A Web Server SSL Certificate is a digital certificate that authenticates the identity of a Web site to visiting browsers and encrypts information for the server via Secure Sockets Layer (SSL) technology. Encryption is the process of scrambling data into an undecipherable format — ciphertext —, which can only be returned to a readable format with the proper decryption key. All our Web Server Certificates use 128-bit encryption.

A certificate serves as an electronic "passport" that establishes an online entity's credentials when doing business on the Web. When an Internet user attempts to send confidential information to a Web server, the user's browser will access the server's digital certificate and establish a secure connection.

A Web Server SSL Certificate contains the following information:
• The certificate holder's name,
• The certificate's serial number and expiration date,
• Copy of the certificate holder's public key,
• The digital signature of the certificate-issuing authority.
Back to Top

HOW DOES A A WEB SERVER CERTIFICATE WORK?
A Web Server SSL Certificate secures safe, easy and convenient Internet shopping. Once an Internet user enters a secure area — by entering credit card information, e-mail address or other personal data, for example — the shopping site's Web Server SSL Certificate enables the browser and Web server to build a secure, encrypted connection. The SSL "handshake" process, which establishes the secure session, takes place discreetly behind the scene without interrupting the consumer's shopping experience. A "padlock" icon in the browser's status bar and the "https://" prefix in the URL are the only visible indications of a secure session in progress.

By contrast, if a user attempts to submit personal information to an unsecured Web site (i.e., a site that is not protected with a valid SSL certificate), the browser's built-in security mechanism will trigger a warning to the user, reminding him/her that the site is not secure and that sensitive data might be intercepted by third parties. Faced with such a warning most Internet users likely will look elsewhere to make a purchase.

WHAT IS THE DIFFERENCE BETWEEN A HIGH AND A MEDIUM ASSURANCE (I.E., TURBO SSL) WEB SERVER CERTIFICATE
We are offering two types of Web Server SSL Certificates: High Assurance Web Server Certificates and Medium Assurance (i.e., Turbo SSL) Web Server Certificates. The main difference between the certificate types lies in validation level and issuance speed. Your choice of certificate type should depend on the size and type of your business, your budget and whether or not you prefer (close-to) instant certificate issuance to a more thorough validation process. See below for a comparison between our Web Server Certificates
Certificate Comparison
High Assurance Certificate — Corporate High Assurance Certificate — Small Business/Sole Proprietor Medium Assurance Certificate (Turbo SSL)
Authentication Process Domain control verification, corporate identity, fraud screening Domain control verification, individual identity, fraud screening Domain control verification, fraud screening
Issuance Speed 2-5 business days 2-5 business days Immediate
Name in Certificate "O" Field Company name Requestor name Web site's common name
Encryption Level 128 bit 128 bit 128 bit

WHAT IS THE ENCRYPTION STRENGTH OF YOUR WEB SERVER CERTIFICATES?
All our Web Server Certificates provide 128-bit encryption.

WHAT IS SSL?
SSL is the de facto standard for creating a secure, encrypted link between a Web server and a browser. SSL thus ensures safe passage of sensitive information, such as credit card numbers, passwords, user names, etc. SSL is used by e-commerce Web sites as a means to protect online transactions with their customers. Once a secure connection has been established, SSL encrypts information sent from your browser to the Web server. SSL utilizes the public-and-private key encryption system.

HOW DOES THE CUSTOMER KNOW THAT A SITE IS SECURE?
An "https://" prefix in the URL and a key or padlock icon in the browser's status bar indicates that a Web site is secure.

An SSL-encrypted session is generally commenced once a visitor signs in to a secure area of a Web site, such as the checkout or account-management area of an online store.

WHAT IS THE DIFFERENCE BETWEEN A WEB SERVER SSL CERTIFICATE AND A WILD CARD WEB SERVER SSL CERTIFICATE?
— A Web Server SSL Certificate secures a single domain name.
— A Wild Card SSL Web Server Certificate secures multiple sub-domains of a domain name.

WHAT HAPPENS WHEN MY CERTIFICATE EXPIRES?
If you allow a certificate to expire, the certificate will be invalid and you will no longer be able to secure transactions on your Web site. We will prompt you to renew your SSL certificate in due time. You can renew a certificate for one or two years. Please note that a certificate can be renewed up to 60 days prior to and 30 days following the expiration date only. The user's browser will display a warning upon entering the Web site area that was supposedly protected with your SSL certificate.

WHAT DOES IT MEAN TO REVOKE A CERTIFICATE?
A certificate holder may request that his/her certificate is revoked – i.e., deleted. A revoked certificate is instantly rendered invalid. Generally, a certificate should only be revoked if the security of the holder's private key has been compromised.

Consider revoking your certificate if any of the following situations occur:
• Loss of your private key,
• Your private key is compromised,
• The certificate contains incorrect information.
A revoked certificate cannot be re-keyed, reissued or renewed.

WHAT DOES IT MEAN TO REISSUE A CERTIFICATE?
Reissuing a certificate means to reproduce an existing certificate. Certificates are generally reissued if the certificate holder has lost his/her certificate.

WHAT DOES IT MEAN TO RE-KEY A CERTIFICATE?
Re-keying is the process of replacing an existing SSL certificate. Specifically, re-keying entails:
I. Deleting/revoking an existing SSL certificate,
II. Creating a new public/private key pair,
III. Issuing a new SSL certificate.
The original certificate is automatically deactivated when the new one is issued.

Consider re-keying an SSL certificate if any of the following situations occur:
• Loss of your private key,
• Compromise of your private key,
• Certificate does not work properly.

Note that the Distinguished Name (DN) in the replacement SSL certificate must be identical to the Distinguished Name in the SSL Certificate that is being re-keyed. In other words: The Common Name, Organization Name, Locality, State/Province, and Country — as entered in the Certificate Signing Request (CSR) — must be the same in both of the certificates. Certificate holders can have their certificates re-keyed at no expense.

You can only request a re-key within 30 days of initial issuance of certificate. A maximum of two re-key requests is permitted within the 30-day period.

WHAT IS BROWSER UBIQUITY?
The term "browser ubiquity" describes an SSL certificate's browser compatibility – i.e., the extent to which the Certification Authority's root certificate is included in the Web browsers on the market. In other words: If the root certificate of the CA is present in the "trusted Root Certificates" store of the browser, then the SSL certificates issued by the CA are compatible with that browser. Thus, a high browser ubiquity means that most existing browsers recognize a certificate, and that secure transactions thus can take place on those browsers. In other words: The more browsers and browser versions supported, the higher the level of browser ubiquity, and hence, the more versatile the certificate is. Most SSL certificate services support all major browsers.
Our root certificate — the Valicert Class 2 Policy Validation Authority — is installed in the following browser versions:
• Internet Explorer 5.01 and higher
• AOL 5 and higher
• Netscape 4.7 and higher
• Opera 7.5 and higher.
• Safari on Mac OS X 10.3.4 or higher
• Mozilla (all versions)
• Firefox (all versions)
That equals 99% total browser ubiquity.
Users of older browser versions may receive a warning that the root certificate is not trusted. When presented with the warning those can simply install the root certificate. To do so, click "View Certificate." hen, when the certificate is displayed, click "Install Certificate." Alternatively, users of older browsers may download and install the root certificate directly from our repository.

HOW LONG DOES IT TAKE TO ISSUE AN SSL CERTIFICATE?
High Assurance Web Server Certificates
If all required documentation is provided and we are able to successfully authenticate the submitted information, a High Assurance Web Server Certificate generally can be issued within 2-5 hours of CSR submission.

HOW LONG DOES IT TAKE TO ISSUE AN SSL CERTIFICATE?
Medium Assurance (i.e., Turbo SSL) Web Server Certificates
If all required documentation is provided and we are able to successfully authenticate the submitted information, a Medium Assurance Web Server Certificate can be issued within minutes of CSR submission.

WHAT INFORMATION DO YOU VALIDATE, AND WHY?
High Assurance Web Server Certificate — Corporate Authentication Process
Before issuing an SSL certificate, we will authenticate that:
• — The certificate is being issued to an organization that is currently registered with a government authority.
• — The requesting entity controls the domain in the request.
• — The individual requesting the certificate is associated with the organization named in the certificate.
Note: Submitted information must successfully pass a fraud screening procedure before a Web Server Certificate can be issued.
High Assurance Web Server Certificate — Small Business/Sole Proprietor Authentication Process
Before issuing an SSL certificate, we will authenticate that:
• — The individual who requested the certificate is who he/she claims to be.
• — The individual requesting the certificate controls the domain in the request.
• — The individual named in the certificate is the individual who requested the certificate.
Note: Submitted information must successfully pass a fraud screening procedure before a Web Server Certificate can be issued.
Medium Assurance (i.e., Turbo SSL) Web Server Certificate
Before issuing an SSL certificate, we will authenticate that:
• — The requesting entity controls the domain in the request.
Note: Submitted information must successfully pass a fraud screening procedure before a Web Server Certificate can be issued.

Our authentication process ensures the highest level of trust. Only through thorough validation of submitted data can the online customer rest assured that online businesses that display SSL certificates indeed are to be trusted.

WHAT HAPPENS IF VALIDATION FAILS?
If we are unable to authenticate the submitted information, the certificate request will be denied. In some cases, the requestor may be able to fix the problem by providing additional documentation to enable authentication. We will notify you if additional documentation is needed.

Note: If — when processing a High Assurance Web Server Certificate Request — we are unable to authenticate the existence/identity of the requesting entity, the requestor will have the option of aborting the validation process and instead have us issue a Medium Assurance (i.e., Turbo SSL) Web Server Certificate, which relies on validation of domain control, only. If the requestor declines this option, the certificate request will be denied.

HOW DO I INSTALL MY SSL CERTIFICATE?
To install your certificate, you will need the original private key, which was created when you first generated your CSR. If you cannot find this key, or it cannot be accessed, you cannot use the certificate and you will have to get a new one. Click here for certificate-installation instructions for supported Web server software.

HOW DO I GENERATE A CERTIFICATE SIGNING REQUEST (CSR)?
In order to purchase a digital certificate, you must first generate and submit a Certificate Signing Request (CSR) to a Certification Authority (CA). The CSR is generated with your Web server software, which will also create your public/private key pair used for encrypting and decrypting secure transactions. Click here for CSR-generation instructions for all supported server software.

Please note that if you are applying for a hosting-integrated certificate (i.e., the domain to which you wish to apply the SSL certificate is hosted with one of our business partners — e.g., GoDaddy.com or Blue Razor Domains) then your hosting provider will generate and submit the CSR for you.

HOW DO I MONITOR THE PROGRESS OF MY CERTIFICATE REQUEST?
You can monitor the status and progress of your certificate request in the certificate-management section of our SSL Web site.

HOW DO I OBTAIN A DOMAIN AUTHORIZATION LETTER?
If we are unable to verify a certificate-requesting entity's domain registration ownership and domain control via the Whois database — generally because the information in the Whois database cannot be found or does not match the information in the certificate request —, the requestor must instead provide a Domain Authorization Letter from his/her domain registrar as documentation of domain registration ownership. If we are able to successfully authenticate the letter, a Registration Authority (RA) associate will manually verify domain control.

In order to obtain a Domain Authorization Letter you must request it from your domain registrar. Consult your registrar for specific instructions.

If the domain in the certificate request is hosted with our affiliate Domains By Proxy, log in to your Domains By Proxy account and request the Domain Authorization Letter. Domains By Proxy will prepare the letter within 48 hours of the request.

Once you have obtained the Domain Authorization Letter, please fax or scan-and-e-mail it to the Certification Authority as proof of domain registration ownership. An RA associate will review the letter upon reception.

WHAT IS AN INTERMEDIATE CERTIFICATE?
In order to enhance the security of the Root certificate (Valicert Class 2 Policy Validation Authority), we have created an intermediate certificate from which SSL certificates are signed and issued. An intermediate certificate is a subordinate certificate issued by the trusted root specifically to issue end-entity server certificates. The result is a trust-chain that begins at the trusted root CA, through the intermediate and finally ending with the SSL certificate issued to you. Such certificates are called chained root certificates.

Creating certificates directly from the CA Root Certificate increases the risk of CA Root Certificate compromise, and if the CA Root Certificate is compromised, the entire trust infrastructure built by the SSL provider will fail. The usage of intermediate certificates for issuing SSL certificates to end entities, therefore, provides an added level of security. You must install the intermediate certificate in your Web server along with your issued SSL certificate.

Using intermediate certificates does not cause installation, performance or compatibility issues.

HOW DO I INSTALL AN INTERMEDIATE CERTIFICATE?
Once your Web Server Cerrtificate has been issued you will receive an e-mail message containing the issued certificate, along with our intermediate certificate and certificate-installation instructions for all supported Web servers. The certificates and installation instructions will be attached to the message in .ZIP format. Please download and unzip the attachment before proceeding to the installation process. The specific procedure through which the intermediate certificate is installed depends on the type of server software you are using. Please refer to the attached installation instructions for specific installation process for your certificate, including the intermediate certificate.

Our intermediate certificate is also available from the repository.

WHAT HAPPENS IF I DON'T INSTALL THE INTERMEDIATE CERTIFICATE?
Failure to properly install our intermediate certificate along with the issued Web Server Certificate means that the trusted-chain certificate cannot be established. This means that when visitors attempt to access your supposedly secure site they will be presented with a "Security Alert" that indicates that "The security certificate was issued by a company you have not chosen to trust…" Faced with such a warning, potential customers most likely will take their business elsewhere.

Downloading and installing the intermediate certificate on your Web server will immediately fix this problem. The intermediate certificate is attached to the e-mail message you'll receive upon certificate issuance. It is also available from the repository.

WHY DO VISITORS RECEIVE A SECURITY ALERT WHEN ACCESSING MY SECURE SITE?
The "Security Alert" (see illustration below) is generally triggered when a Web Server Certificate is invalid or if the Web site owner has failed to properly install the intermediate certificate.

DOES A WEB SERVER CERTIFICATE SECURE BOTH "WWW.DOMAINNAMEGOESHERE.COM" AND "DOMAINNAMEGOESHERE.COM"?
No, a Web server certificate only secures the exact fully qualified domain entered as the Common Name in your certificate signing request. Thus if your certificate secures "www.domainnamegoeshere.com" it will not secure the domain "domainnamegoeshere.com." If a user types in "domainnamegoeshere.com" (without the "www") he/she will receive a warning about the validity of the certificate.
If you need to secure both domains you must request a Web server certificate for each of them. Alternatively, you can contact your domain registrar and request that your DNS records are set up that typing in "domainnamegoeshere.com" automatically resolves to "www.domainnamegoeshere.com."

WHAT IF I LOSE MY PASSWORD?
There is no way to retrieve a lost password. If you lose your account password, you must contact us in order to have a new password created. To do so, call our Technical Support department at 480.505.8825; then fax in or scan-and-e-mail a government-issued photo ID (i.e., driver's license, state/federal/military ID card or passport). When we have received the required documentation your password will be reset and the new one sent to you via e-mail. At that point, you may log in to your account and – if so desired – change the password via the "Edit Account" interface.

WHY IS MY SECURE SITE NOT DISPLAYING THE "PADLOCK" ICON IN THE BROWSER'S STATUS BAR?
If any site element — an image, for example — is being queried from outside the secure layer, the padlock icon will not be displayed in the user's browser. To resolve this problem, make sure that all images and other site elements you want on the secure version of your Web site are being pulled from a secure folder located within the secure site.

WHICH COUNTRIES ARE CURRENTLY SUPPORTED FOR CERTIFICATE ISSUANCE?
High Assurance Web Server Certificates can issued to entities located in Australia, Canada, Germany, New Zealand, the United Kingdom, and the United States.

Medium Assurance (i.e., Turbo SSL) Web Server Certificates can be issued to individuals and companies worldwide.*

*Excludes countries currently subject to United States trade embargoes.
Back to Top
Close Window

   
Print this Page    
Click here to email this page to a friend. Home About Us Privacy Policy Terms and conditions Contact Us  
   
OFFICE E-COMMERCE.BIZ, P.O. Box 9319– 00200 Nairobi, Kenya
Telephone: +254 020 2359214. Mobile: +254-723551140/+254 -727485972
mmailto:webmaster@OFFICE E-COMMERCE.BIZ Copyright © 2007 OFFICE E-COMMERCE.BIZ