An SSL (Secure Sockets Layer) certificate is a digital certificate that authenticates the identity of a website and encrypts information sent to the server using SSL technology. Encryption is the process of scrambling data into an undecipherable format that can only be returned to a readable format with the proper decryption key.

A certificate serves as an electronic “passport” that establishes an online entity’s credentials when doing business on the Web. When an Internet user attempts to send confidential information to a Web server, the user’s browser accesses the server’s digital certificate and establishes a secure connection.

An SSL certificate contains the following information:

• The certificate holder’s name
• The certificate’s serial number and expiration date
• A copy of the certificate holder’s public key
• The digital signature of the certificate-issuing authority

For information about installing SSLs, see Install SSL certificates.

 Note: You can view different products’ eligibility for third-party (i.e. non-Buydomains.com.ph SSL certificates) here.

Wildcard SSL certificates secures your website URL and an unlimited number of its subdomains. For example, a single Wildcard certificate can secure www.coolexample.com, blog.coolexample.com, and store.coolexample.com.

Wildcard certificates secure the common name and all subdomains at the level you specify when you submit your request. Just add an asterisk (*) in the subdomain area to the left of the common name.

Intermediate certificates are used as a stand-in for our root certificate. We use intermediate certificates as a proxy because we must keep our root certificate behind numerous layers of security, ensuring its keys are absolutely inaccessible.

However, because the root certificate itself signed the intermediate certificate, the intermediate certificate can be used to sign the SSLs our customers install and maintain the “Chain of Trust.”

Installing Intermediate Certificates

After your SSL certificate is issued, you will receive an email with a link to download your signed certificate and our intermediate certificates.

How you install the certificates depends on the server software you use. In most cases, you can download and install an intermediate certificate bundle. However, for some server types you must download and install the two intermediate certificates individually. Please refer to the Install SSL certificates for the specific process you should follow.

All of our intermediate certificates and certificate bundles are also available from the repository.

 Note: If you don’t install the intermediate certificates with your issued SSL certificate, the trusted-chain certificate might not be established. This means that when visitors attempt to access your site, they might receive a “Security Alert” error indicating “The security certificate was issued by a company you have not chosen to trust…” Faced with such a warning, potential customers will most likely take their business elsewhere.

An SSL certificate ensures safe, easy, and convenient Internet shopping. Once an Internet user enters a secure area — by entering credit card information, email address, or other personal data, for example — the shopping site’s SSL certificate enables the browser and Web server to build a secure, encrypted connection. The SSL “handshake” process, which establishes the secure session, takes place discreetly behind the scene without interrupting the consumer’s shopping experience. A “padlock” icon in the browser’s status bar and the “https://” prefix in the URL are the only visible indications of a secure session in progress.

By contrast, if a user attempts to submit personal information to an unsecured website (i.e., a site that is not protected with a valid SSL certificate), the browser’s built-in security mechanism triggers a warning to the user, reminding him/her that the site is not secure and that sensitive data might be intercepted by third parties. Faced with such a warning, most Internet users will likely look elsewhere to make a purchase.

A Unified Communications Certificate (UCC) is an SSL certificate that secures multiple domain names and multiple host names within a domain name. A UCC lets you secure a primary domain name and up to 99 additional Subject Alternative Names (SANs) in a single certificate. UCCs are ideal for Microsoft® Exchange Server 2007, Exchange Server 2010, and Microsoft Live® Communications Server.

UCCs are compatible with shared hosting. However, the site seal and certificate “Issued To” information will only list the primary domain name. Please note that any secondary hosting accounts will be listed in the certificate as well, so if you do not want sites to appear ‘connected’ to each other, you should not use this type of certificate.

 Note: You cannot upgrade a UCC to include more names. If you bought the UCC with up to five domain names, you need to purchase a new certificate to add another domain name.

Our Certificate Authority validates the identity of an entity purchasing an SSL certificate. The Certificate Authority does so by validating documentation provided by the requestor. The Certificate Authority then digitally signs the certificate using a hash function.

A hash function, when combined with the certificate, creates a standard length digital signature that should be unique. Three common hash functions are MD5, MD2, and SHA-2. With the MD5 and MD2 functions, individuals with the appropriate knowledge and computing power can recreate another digital signature to match the original. If this happens, an unsuspecting user could unknowingly be redirected to another site.

Most Certificate Authorities realize the weakness in MD5 and MD2 and use the hash function called SHA-2 which, to date, no one has been able to break. As a user, you should be suspect of SSL enabled sites that use MD5 or MD2.

As a further security measure, we do not allow null bytes in common names and manually review all requests containing either “\” or “/” to prevent misuse.

To determine what type of SSL certificate a site is using, see Determining the Type of SSL Certificate a Website is Using.

If you allow a certificate to expire, the certificate becomes invalid, and you will no longer be able to run secure transactions on your website. The Certification Authority (CA) will prompt you to renew your SSL certificate prior to the expiration date.

 Note: A certificate can only be renewed up to 120 days prior to and 30 days following the expiration date. You can apply the renewal credit 60 days before expiration or 30 days after expiration.