Home » Comodo SSL » SSL Certificates FAQ

What is SSL certificate and why I need my own private SSL?

» I am not a company, can I apply for a Certificate?

» When I generate a CSR what do I put in the Common Name field?

» I ordered my certificate but chose the wrong type of web server, do I need to re-apply?

» How can I get the status of my application?

» Can I apply for a certificate for each sub-domain of the main domain?

» Why does the secure part of the website say the name on the security certificate is invalid or does not match the name of the site?

» When trying to go to the site over https it displays the message 'The page cannot be displayed'?

» The CSR cannot be decoded?

» I have accidentally deleted my "private key" what can I do now?

» I have changed my server, or moved to a different provider, how do I move the certificate?

» Why does the website say the SSL certificate is 'Untrusted'?

» Why does an InstantSSL Certificate cost considerably less than other SSL providers?

» Where can I find out more about the validation, issuance and management process?

» What is the difference between an InstantSSL, InstantSSL Pro and Premium SSL?

» What does the Warranty actually mean?

» I want an increased Warranty on my InstantSSL Certificate - how can I get this?

» How long does it take to process my application?

» Which versions of the SSL protocol is InstantSSL compatible with?

» Do Instant SSL certificates only support 128 bit encryption?

» What is a strong encryption?

» What is SGC?

Q: What is SSL?

The SSL (secure socket layer) protocol is the Web standard for encrypting communications between users and Web sites. Data sent via an SSL connection is protected by encryption, a mechanism that prevents eavesdropping and tampering with any transmitted data. SSL provides businesses and consumers with the confidence that private data sent to a Web site, such as credit card numbers, are kept confidential. Web server certificates are required to initialize an SSL session.

Q: Why does an InstantSSL Certificate cost considerably less than other SSL providers?

InstantSSL has direct access to the IdAuthority, the largest commercial directory on the web. InstantSSL can therefore expediate the validation of an application. This efficient and highly effective validation method ensures we can issue a Certificate at a greatly reduced cost as reflected through our guaranteed lowest price in the industry as well as maintain a level of validation far superior to the methods employed by other SSL providers. In particular, the validation process employed to issue an InstantSSL, InstantSSL Pro or PremiumSSL Certificate is considerably more than just a domain name ownership check - we firmly believe this method alone to be insufficient to maintain the level of integrity in SSL that consumers have come to expect.

Q: Where can I find out more about the validation, issuance and management process?

As a commercial Certificate Authority, Comodo (the company through which Drundo certificates are issued) publish a Certification Practice Statement. This policy document is available here.

Q: What is the difference between an InstantSSL, InstantSSL Pro and Premium SSL?

We have outlined all the key differences in table format for your convenience - just click here to view. In summary, InstantSSL Certificates are designed to secure intranets and transactions below $50. Our InstantSSL Pro and PremiumSSL Certificates are designed to secure all web servers. Technically the three types of certificate are identical, due to the nature of how we intend the InstantSSL Certificates to be used, they carry a reduced warranty This reduced warranty enable us to further reduce the cost of the certificate to you. However, InstantSSL Pro Certificates carry a warranty of $10,000 for your total peace of mind and also include a free TrustLogo and unlimited US toll free technical support.

Q: What does the Warranty actually mean?

We believe it is important to protect the end user. If we were to mis-issue a certificate to a fraudulent site, and that fraudulent site has an SSL link with an end user and as a result of this the end user loses money. The end user had what they thought was a "trusted session". Comodo (the company through which Drundo certificates are issued) should never have provided the fraudster with the ability to engineer this situation. Hence, we have taken out insurance to pay out money to the end user.

How can we do this? We value the end customer! We believe the insurance provided greater peace of mind hence allows the merchant to sell more products. Most importantly, we value our validation techniques (delivered through www.idauthority.com) We pre-validate customers and provide validation that is far higher than the majority of other SSL providers. Some CA's have very weak validation hence they decide NOT to offer insurance! Finally, it is worth pointing out, that we offer high validation, but not at the compromise of speed. You can still obtain SSL instantly.

Q: I want an increased Warranty on my InstantSSL Certificate - how can I get this?

If you require an increased warranty on your SSL Certificate, choose from the InstantSSL Pro or PremiumSSL Certificates option. This provides a greatly increased warranty of $10,000 respectively.

Q: How long does it take to process my application?

Provided we have sufficient validation information available through the IdAuthority (as described in our CPS), your InstantSSL, InstantSSL Pro or PremiumSSL can be issued in only minutes. If additional verification processes must be used to validate your application, the issuance process may take slightly longer. In such cases we guarantee that the Certificate is issued within 2 working days. Please send your request to support@drundo.net to expedite your Order should it be urgent.

Q: Which versions of the SSL protocol is InstantSSL compatible with?

InstantSSL is compatible with any browsers and webservers using SSL version 3 - the de facto SSL implementation. SSL version 1 and version 2 have been superseded by version 3 for a number of years, mainly due to the inherent security flaws found in these old versions. All web browsers developed after Internet Explorer 3 and Netscape 3 use SSL version 3 (however still support older SSL protocol versions). If your webserver is only capable of supporting versions 1 and 2 of the SSL protocol we strongly recommend you contact your webserver software vendor for an update - these protocols are flawed. More details on why SSL version 2 is no longer used can be found here: http://www.eucybervote.org/Reports/MSI-WP2-D7V1-V1.0-02.htm

Q: Do Instant SSL certificates only support 128 bit encryption?

No, they support the key size as determined by the web server or browser, if the web server or browser can negotiate on 256 bit, then this is session that is established.

Q: What is a strong encryption?

This is another term for 128 bit encryption. All InstantSSL certificates are strong encryption.

Q: What is SGC?

SGC is Server Gated Cryptography. This does have the ability to up rate a weak browser to a stronger (128bit) browser without the need to upgrade. It was introduced at a time that the US encryption export laws were stringent. SGC Certificates rely on the webserver software being able to handle SGC. Comodo does not at this time issue SGC certificates.

Q: I am not a company, can I apply for a Certificate?

Yes, anyone wishing to provide a confidential and secure link between server and customer's browser can apply for a certificate.

Q: When I generate a CSR what do I put in the Common Name field?

The Common Name field contains the domain or server name. Do not include http:// or https:// before the name or any subfolders indicated by the / after the domain name.

Q: I ordered my certificate but chose the wrong type of web server, do I need to re-apply?

The web server details are for our records and support purposes only. The certificates are the same format irrelevant of the web server chosen.

Q: How can I get the status of my application?

Contact support at support@drundo.netwith your order number and a member of the issuance team will be happy to update you!

Q: Can I apply for a certificate for each sub-domain of the main domain?

Yes, but it can be simpler and more cost effective to use a Wildcard certificate which protects all sub-domains below the primary named domain. For more information please contact support@drundo.net

Q: Why does the secure part of the website say the name on the security certificate is invalid or does not match the name of the site?

This is usually caused by the certificate having a Common Name of "domain.com" and the customer is going to "www.domain.com"

Q: When trying to go to the site over https it displays the message 'The page cannot be displayed'?

Usually caused by port 443 not allowed through firewall or by the SSL certificate not having a corresponding key file.

Q: The CSR cannot be decoded?

This is because it is missing one or more required fields or the CSR contains non-alphanumeric characters in the required fields.

Q: I cannot remember or have lost my login details.

If the customer still has the order number they can use the automated password reminder system or if not then an email must be sent from the administrative email address on the account to passwordreminder@comodogroup.com

Q: I have accidentally deleted my "private key" what can I do now?

First check your backups and see if you can re-install the "private key". If you don't know how to re-install the key from your backups, then contact your systems administrator. Failing that, contact your web server software vendor for technical support. The only alternative course of action available is a re-issuance of the certificate following the re-submitting of a replacement CSR.

Q: I have changed my server, or moved to a different provider, how do I move the certificate?

The easiest way is to create a new CSR on the new machine and have the certificate re-issued.

Q: Why does the website say the SSL certificate is 'Untrusted'?

The usual cause of this is that the Comodo intermediate certificate has not been loaded.