| Technical FAQ
See also:
• General FAQ - commercial related questions
• Product
Selection Wizard - helps you choose the best SSL certificate for you
• Free Guides
& White Papers
• Jargon Buster
What do I need
to enroll for an SSL Certificate for my webserver?
You need the following:
• A web server that is capable of running SSL
• Access to the SSL configuration functions of your webserver (you
may need to speak to your webhost if you cannot readily identify where
these functions are)
• A Certificate Signing Request (CSR) - see below
What is a CSR
and how do I generate one?
A CSR is a Certificate Signing Request. It is a block of encoded data
that is generated by your webserver and contains the necessary details
about your domain and organization. For instructions on how to generate
a CSR on your webserver, please follow our detailed instructions here.
The enrollment
form says my CSR is invalid
There are a number of common issues that would cause the CSR to be invalid.
When you created the CSR you will have been asked for several pieces of
information, now:
• Check the common name field. You may have specified an IP
address (e.g. 178.0.1.23) or a server name (e.g. mywebserver) instead
of a Fully Qualified Domain Name such as www.mydomain.com or domain name
such as mydomain.com. You must specify a Fully Qualified Domain Name or
domain name to enroll for a RapidSSL, FreeSSL or Professional Level certificate.
• Make sure you do not have any illegal characters in any of the
fields in the CSR. Illegal characters are [! @ # $ % ^ ( ) ~ ? > <
& / \ , . " ']
• Check the country field. If you are located in the United
Kingdom, do not specify your country code when generating the CSR as "UK"
- it must be "GB".
• Make sure you have included the header and footer of the CSR into
the enrollment form. The header and footer will look like:
----BEGIN CERTIFICATE REQUEST -----
encoded data
-----END CERTIFICATE REQUEST------
Make sure that there are 5 dashes on each side of Begin and End certificate
request. There should also be no trailing spaces in the CSR.
Can I change
my CSR during the enrollment process?
Yes, you can change / correct your CSR at a number of stages during the
enrollment. You will be asked in the final steps to confirm ALL details
provided during enrollment. When you have confirmed then you will no longer
be able to change details or your CSR.
Once your certificate has been issued you cannot change the common name
(e.g. the domain name) of your certificate.
What
is the enrollment process?
The enrollment process is online and immediate and includes telephony
based validation. You must be near to, or have access to, a telephone
or cell phone to complete the enrollment process in one step - which takes
about 5 minutes.
If you do not have access to a telephone when the enrollment is taking
place you can complete the telephony validation at a later time. We will
send you an email containing a link for you to be able to complete the
process at any time. It is very important that you do not lose this email,
doing so will delay the issuance of your certificate. If you do lose your
email please contact us immediately.
Please note that until the telephony validation is complete we will not
be able to issue your certificate.
I
am not based in the US or Europe, will the Phone Authentication still
work?
Yes, just remember to select the country code that you are in. If you
cannot find your country code in the list provided during enrollment,
you can enter you country code into the "Other Country Code".
My
country code is listed, do I need to specify anything in "Other Country
Code"?
No. If your country code is available in the list provided during enrollment
you do not need to specify any other country codes, simply specify your
telephone number and extension if necessary.
The
telephone validation process tells me that my country's local exchange
does not recognize the area code.
Your telephone area code must be in brackets.
I have not received
any emails from RapidSSL.com since enrolling
Please ensure that you have access to the email addresses used in the
application process. Also, as we send unique URLs in the issued emails,
be sure that your mailserver has not separated or quarantined the emails.
They will always be from support@rapidssl.com.
I have not
received the "Approval" email from RapidSSL.com
The Approval email will be sent to the authorized domain name owner or
controller. When you apply for your certificate we will attempt to obtain
the authorized domain contacts for your domain name. You may then choose
to have the approval email sent to either the authorized domain contact,
or alternatively you will be able to choose a generic domain contact such
as admin@yourdomain.com, administrator@yourdomain.com, webmaster@yourdomain.com,
hostmaster@yourdomain, root@yourdomain.com etc. Make sure that you have
set up the email addresses chosen at this point in the application otherwise
the approval email will not be delivered.
How do I install
my certificate?
Please refer to the Installation pages of
our support section.
My
browser informs me of errors when I browse to the secure part of my site
Browsers will tend to check a number of common features of your certificate
when connecting via https. The common errors are:
My browser states
a warning next to "The security certificate is from a trusted certifying
authority " whenever I connect to my website using SSL
This usually indicates that the certificate has not been installed correctly or the server requires a physical reboot. First try reinstalling the certificate and phsyically restarting your server. If the problem persists, contact support for detailed troubleshooting instructions.
My
browser states a warning next to "The security certificate date is
valid" whenever I connect to my website
using SSL
This indicates that the certificates has expired, or is not yet valid.
It may also indicate that the time/date is incorrect on the computer being
used to visit the website over https.
My
browser states "The name on the security certificate is invalid or
does not match the name of the site" whenever I connect to my website
using SSL
An SSL Certificate is issued to a Fully Qualified Domain Name (FQDN).
The actual FQDN is digitally signed and sealed within the issued certificate.
The SSL Certificate can only be used on this FQDN and nothing else - otherwise
a name mismatch occurs. For example:
An SSL Certificate issued to www.yourdomain.com can only be used on www.yourdomain.com.
It cannot be used on secure.yourdomain.com or even just yourdomain.com
(with no subdomain). If you require a single SSL certificate that can
be used on multiple subdomains then you may want to consider a RapidSSL Wildcard certificate.
When
connecting to my site over https, my browser alerts me that I have both
secure and non-secure content
This error occurs when you are trying to reference files from your (or
somebody else's ) webserver over http when you have a https session. Either
change the file references, e.g. graphics, stylesheets, etc, in your HTML
webpage code to https or use relative links.
I
cannot view my webpages over SSL
This error will occur when your webserver, firewall or network has not
been correctly configured to serve pages over SSL. Check the following:
1. Your certificate has been installed for the correct website
2. Your private key is not corrupt or has not been accidently deleted
3. You have assigned port 443 as the SSL port on your webserver
4. You have opened port 443 for SSL traffic on your firewall or router
5. You have correctly configured your DNS settings on your network
I may need
to change my IP address for my webserver, does this matter?
An SSL Certificate is issued to a domain name and not an IP address. So
long as your webserver is hosting the domain name for which your SSL certificate
has been issued, the IP address doesn't matter.
My webserver hosts many sites
on a single IP address, can I install a certificate for each domain name?
The SSL protocol encrypts the domain name when an SSL session is being
established. If you are hosting many websites each with their own SSL
certificate on the same webserver, each website must have a unique IP
to ensure that the webserver knows which domain the SSL session should
be for. If you only host a single domain then you can use name based hosting.
However if you host multiple domains on the same server then you must
use IP based hosting. Please note that host headers on Microsoft IIS will
cause SSL errors if you install multiple SSL certificates for multiple
domains on a single IP address.
© 2005 RapidSSL.com.
|
