SSL Certificate FAQ’s

The SSL (secure socket layer) protocol is the web standard for encrypting communications between users and web sites. Data sent via an SSL connection is protected by encryption, a mechanism that prevents eavesdropping and tampering with any transmitted data. SSL provides businesses and consumers with the confidence that private data sent to a web site, such as credit card numbers, are kept confidential. Web server certificates are required to initialize an SSL session.
QuickSSL is a web server certificate that allows consumers and web sites to conduct safe e-commerce with encrypted SSL connections. QuickSSL web server certificates are compatible with 99% of all browsers. Historically, most SSL certificates cost $350 or more Quick SSL relies on GeoTrust’s fully automated systems to verify that a certificate purchaser has appropriate administrative rights to a web server's domain – all within ten minutes. With QuickSSL, you can assure your customers that their transactions and information are secure on the Internet without having to pay an unreasonable price.
QuickSSL Premium comes with all the features and benefits of QuickSSL, but also includes the QuickSSL Premium smart seal with dynamic date/time stamp. The smart seal is dynamically generated by GeoTrust and ensures that GeoTrust has authenticated the domain. Visitors to your site will also be able to click on the smart seal to verify that your certificate is still valid with GeoTrust, giving your customers extra peace of mind.
True BusinessID provides a simple way for your customers to view your validated organization information via a trusted third party. True BusinessID will increase transactions and revenue by giving your customers the confidence and assurance to trust the identity of your web site. The result- a substantial increase in consumer confidence regarding your web site information, services, and/or products. Even if you don't have a web site brand name, True BusinessID will let your customers know you are legitimate.
The end-user's browser requests a secure channel (via "https:") from the server, and then - if the server has a cert - the browser and the server negotiate their highest common encryption strength (e.g., 128-bits), and then exchange the corresponding encryption keys (this exchange is normally done using 1024-bit encryption strength). The 128-bit encryption key is then used for this particular instance of SSL, for all from-to exchanges between the browser and the server. The next https session will have a new session key. The certificate guarantees the security of the connection between the browser and the server. Once data is in the server, it is up to the server admin to make sure the data remains protected.
All GeoTrust certificates are 128-bit. For each and every session, the server and browser negotiate and choose the highest common encryption strength between them. So if a 40-bit browser user hits your SSL-secured site, the resulting connection will automatically become a 40-bit strength encryption.

GeoTrust recommends that end-user Subscribers select the 1024-bit encryption strength or the equivalent descriptor option when generating their certificate requests. When the certificate's key length is 1024 or longer, the SSL session key will be 128 bit. If the certificate key length is 512, the SSL session key will be 40 bit or 56 bit.

You need to have a separate IP address for each domain you want to secure. The reason for this is because a certificate is bound only to a domain name but, the SSL protocol is bound to static IP addresses; therefore, any certificate-enabled web site must have its own unique IP address. The IP can be real (routable) or internal (RFC 1918 non-routable address) but, it must be unique on a server.
You may be able to move your certificate from one ISP to another. Per our certificate licensing agreement, you must purchase a new certificate if you plan on continuing to use the certificate on its current location. Otherwise, it largely depends on the server compatibility and the willingness of your current ISP to assist you.

Your current ISP will need to export your key pair file from the server hosting your web site. Once you have the complete key pair file, you can provide it to your new ISP to import on their server. If your current ISP will not provide you with the key pair file, you will need to purchase a new certificate to use with your new ISP. If you have to purchase another certificate, please let us know and we will expedite the processing of the new request. In addition, you will not have to resubmit your business documentation as long as nothing has changed.

Please be aware that if the two ISPs are running different server types, you may not be able to import the key pair file due to server compatibility issues. If this happens, a new certificate will have to be purchased.

Please contact Burning Diode Hosting Technical support to have your key pair exported.

GeoTrust supports all current releases of commercial and freeware web servers supporting SSL v.3.

Supported servers include:

  • Apache + MOD SSL
  • Apache + Raven
  • Apache + Raven 1.5x
  • Apache + SSLeay
  • C2Net Stronghold
  • Cobalt RaQ3/RaQ4 "Main Site"
  • Cobalt RaQ3 "Virtual Site"
  • Cobalt RaQ4 "Virtual Site"
  • IBM HTTP
  • iPlanet Enterprise Server 4.1
  • Lotus Domino Go 4.6.2.6 and higher
  • Lotus Domino 4.6 and higher
  • Microsoft Internet Information Server 4.0
  • Microsoft Internet Information Server 5.0
  • Netscape Enterprise/Fast Track
  • O'Reilly WebSite Professional 2.X
  • Stronghold 3
  • WebSTAR 4.0 and higher
  • Zeus Web Server v3