Can SSL certificates secure public IP addresses?

Answer: Yes, all SSL from DigiCert (including GeoTrust, RapidSSL, and Thawte) and Comodo (Sectigo, PositiveSSL, InstantSSL) can secure public IP addresses. SSL from a Certificate Authority cannot be used to secure internal, private, or reserved IP addresses.

Why is our VAT number not available on the Receipt?

Answer: We do not charge VAT or any other taxes. Your receipt will only display the cost of the SSL certificate you purchase; there are no any additional charges. We are US based company and since there is no VAT system in the USA, we do not display a VAT number on the receipt.

If you need your company's VAT number to display on your receipts, you can add it on the Personal Information page in your account. 

How can I get the SSL certificate in PFX format?

Answer: By default, you will receive the SSL certificate in PEM format. To receive the SSL certificate in PFX format, you will need to convert it. You can use the SSL checker to convert your certificate to PFX format.

*Note: to convert PEM to PFX, you will need your certificate chain files and the private key that was generated alongside your CSR. 

How can I check that the SSL certificate is installed correctly?

Answer: You can use the SSL checker to check for any certificate installation issues.

Can we change the domain name in the SSL certificate?

Answer: Once the SSL certificate is validated and issued, you cannot change the common name, or main domain name on a certificate. Though, you always have an option to purchase a new certificate. If the certificate was purchased within the last 15 days, you can cancel and reorder the certificate for a new domain name.

*Note: For a multi-domain certificate, you can change, add, and remove SANs (subject alternate name) at any time with a re-issue.

How can I convert my certificate from a PKCS#7 file to a PEM file?

Answer: You can convert the PKCS#7 file to PEM file using SSL convertor:

I do not have any pre-approved domain aliases, or any email addresses registered on my domain’s WHO.IS directory. How can I complete the domain validation process?

Answer: If you can’t complete the domain validation process using the email authentication method, you have two alternatives to complete validation:

DNS-Based Authentication method –

  • Add the CNAME record for a Comodo SSL certificate.
  • Add a DNS TXT record for Geotrust, Thawte, RapidSSL and Symantec SSL certificates.

File-based Authentication method –

You will be required to place a verification file in root directory of your domain.

How can I purchase installation support?

Answer: If you face any issues with installing the SSL certificate on your server, you can purchase our installation support at - Our technical agents will install the SSL certificate on your server.

I have installed my SSL certificate. Why is it not showing a padlock?

Answer: First, check to see if the SSL is installed correctly or not using our SSL Checker.
If the certificate is installed correctly, check if there are any insecure links available on your website. Link to check insecure links on website -

How can I get a Certificate Authority (CA) bundle?

Answer: You can follow below steps to download CA Bundle in TXT format:

1. Download the SSL certificate

2. Extract Zipped folder

3. Go to Plain text files or CER - CRT Files

4. Download My_CA_Bundle

How can I display my company’s information in the SSL certificate?

Answer: An Organization Validated (OV) or Extended Validation (EV) certificate will display your company’s information in the SSL certificate. 

Which are the most trusted SSL certificates?

Answer: All SSL is equally secure, but organization validation (OV) and extended validation (EV) SSL certificates include verified company details. Your customers can view your company info from the site seal associated with the certificate and be certain they are doing business with a legitimate company on the company's real website.

What is the fastest issued SSL certificate?

Answer: Domain Validated (DV) certificates are the fastest issued SSL certificates. All you will need to do is complete the domain validation process and the certificate will be issued within minutes.

What should I do after purchasing installation support?

Answer: Our technical agent will help you in installing the certificate on your server.2

Steps to proceed with installation support:

1. Download the TeamViewer version 11. Here is the direct link-

2. Provide us your TeamViewer Login ID and Password.

3. Also, inform us about the exact dates and times you are available so that installation team can schedule your installation.

I have selected the file-based or DNS-based validation method. Why I am still being asked to select an approval email address while generating the order?

Answer: You will be required to complete the validation process as per the selected validation method. The system asks for you to select an email address as a backup method of validation. You can select any of the email address from drop down list and it will not have any impact on completing the validation process.

If I renew my certificate with time left on the original certificate, will I lose that left over time?

Answer: If you renew your certificate within 30 days of the expiration date, the remaining days will be carried forward with the renewal order. If you renew the certificate outside of the 30 day period, you will not be able to keep the additional days. Additionally, the renewal certificate has to be the same certificate type and generated for the same domain for the previous dates to be added to the renewal.

Why does my certificate say it is issued by Sectigo when I have purchased it from Comodo?

Answer: Comodo has been re-branded as Sectigo. This re-branding process started on January 14, 2019. All certificates issued out since then show as Sectigo Certificates.

How can I validate my domain using the File-Based method?

Answer: In the HTTP file-based validation method, the verification file must be available under the root directory:

For Comodo’s SSL certificates, place the file in below path:

For RapidSSL, Thawte, Geotrust and Symantec SSL certificates, place the file in below path:

Here’s the steps to download the content of the verification file:

1. Log in to your account

2. Click on My Orders

3. Go to the Complete Orders section in your account

4. Click on the order number

5. Scroll down and click on Download Auth File

How do I complete domain validation via the DNS-based authentication method?

Answer: For the DNS-based validation method, Comodo will require you to create a DNS CNAME record for your domain. For Symantec, RapidSSL, Thawte and GeoTrust, you will be required to create DNS TXT record for your domain.

Below are the instructions to complete the verification.

1. Login to your domain's DNS provider (typically the registrar of your domain)

2. Go to the DNS Zone Manager to amend the records.

3. Create the CNAME or TXT record using hash values provided as per your issuing vendor.

4. Set the TTL to 3600 or the lowest possible option.

5. Click Save and wait for the record to propagate

How can I add SANs to an existing multi-domain SSL certificate?

Answer: You can add up to 250 SANs to a multi-domain SSL certificate. By default, you will get 2-4 SANs included with your certificate. To add any additional SAN, you will need reissue the certificate from your account and add on any additional SANs.

Does the SSL certificate improve my SEO (Search Engine Optimization) ranking?

Answer: Yes, installing an SSL certificate on your domain improves the search engine rankings.

How does your site comply with GDPR?

Answer: Our website complies directly with GDPR. For more information, you can read our Privacy Policy here

What is a WHOIS directory?

Answer: Whois is a widely used Internet record database that identifies who owns a domain and how to get in contact with them. The Internet Corporation for Assigned Names and Numbers (ICANN) regulates domain name registration and ownership. Whois records have proven to be extremely useful and have developed into an essential resource for maintaining the integrity of the domain name registration and website ownership process. A Whois record contains all of the contact information associated with the person, group, or company that registers a particular domain name.

How can I download my SSL certificate?

Answer: Follow the below steps to download your SSL certificate:

1. Log in to your account

2. Click on Complete Orders in Orders section.

3. Click on your Order Number.

4. Scroll down on the page and click on “Download Certificate”.

What is Certificate Authority Authorization (CAA Record)?

Answer: DNS Certification Authority Authorization (CAA) is designed to allow a website owner to specify one or more Certificate Authorities (CAs) the authority to issue certificates for that domain or website.

What is TLS?

Answer: TLS (Transport Layer Security) is just an updated, more secure, version of SSL (Secure Socket Layer). We still refer to our security certificates as SSL because it is a more commonly used term, but when you are buying SSL from us, you are actually buying the most up to date TLS certificates with the option of ECC, RSA or DSA encryption.

What is HTTPS?

Answer: HTTPS (Hyper Text Transfer Protocol Secure) appears in the URL when a website is secured by an SSL certificate. The details of the certificate, including the issuing authority and the corporate name of the website owner, can be viewed by clicking on the lock symbol in the address bar.

What is DCV (Domain Control Validation)?

Answer: The Domain Control Validation process (DCV) allows the CA (Certificate Authority) to verify that you have control over a domain for which you are requesting a certificate. It is a mechanism used to prove ownership or control of a registered domain name.

Are Code Signing Certificates available for individual developers?

Answer: Yes. Code Signing certificates are available for individual developers who are not affiliated with an incorporated business. Select the appropriate code signing certificate for your development platform, then in the publisher name field on the generation form, simply put your name down as the publisher.

Can I install the Code Signing Certificate on more than one PC?

Answer: Code Signing certificates must be installed on physical hardware such as a vendor-provided USB eToken or a hardware security module. The hardware must be plugged into the PC to use the code signing certificate. If you need to use the certificate on multiple PCs at once, you will need multiple certificates.

How many Code Signing Certificates do I need?

Answer: We recommend that developers purchase additional Code Signing Certificates rather than sharing certificates for better security and management. If a certificate becomes compromised and must be revoked, then all applications signed by that certificate will be disabled.

How can I move my SSL certificate to a new server?

Answer: You will need to export your current SSL Certificate and import it onto the new server. You should contact your systems administrator, hosting company or server provider for assistance. The most important part of your SSL Certificate is the Private Key which will need to be imported to the new server as well.

Why does the generation page show that my CSR is invalid?

Answer: There are several common issues that would cause the CSR to be considered invalid. When you created the CSR you had to put in specific pieces of information.

Check the common name field. This is where the domain name you’re looking to secure goes. Make sure you do not have any special characters in any of the fields in the CSR. Special characters are [! @ # $ % ^ ( ) ~ ? > < & / \ , . " ']

Make sure you have included the header and footer of the CSR into the application form. The header and footer will look like:

encoded data

Make sure that there are 5 dashes on each side of Begin and End certificate request.

Additionally, make sure there are no additional domains or SANs listed on the CSR. The CSR should only be generated for one domain.

For a multi-domain SSL certificate, do I need to purchase and separately?

Answer: Yes, for a multi-domain SSL certificate, you will be required to process and as separate SANs.

How can I reset my account password?

Answer: Please refer to below steps to reset password:

1. Go to

2. Go to My Account section

3. Click on Forgot Password

4. Enter the email address in email field

5. Click on Submit. You will receive the email with further instructions to reset your password.

How can I set up my trust logo (Site seal)?

Answer: You need to create a script for installing the trust logo (Site seal). Please find the links below for creating a trust logo with instructions to install it on your site:

Comodo and Sectigo:

DigiCert (RapidSSL, GeoTrust, Thawte) - check your order dashboard for the Site Seal generation button.