Yes, you must have a static IP address for an SSL certificate. If you do not have one, you may be able to assign one via your webserver or you may need to purchase one from your web host if you own/operate your webserver (usually only a few dollars a month).
My certificate works in my browser, but my visitors get a Security Alert that says ‘The security certificate was issued by a company you have not chosen to trust…’ What is the problem?
The issue is that your visitors’ browsers are unable to properly identify who issued your certificate. First, confirm that your visitors are not seeing an incorrect or outdated certificate. Once you have made sure that your visitors are seeing the correct certificate, the issue is most likely solved by installing the intermediate certificates.
Below are the links that you can use to download your intermediate certificate from the vendor website:
- https://knowledge.digicert.com/generalinformation/INFO4331.html
- https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=AR1421
- https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=AR1384
- https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=AR1548
- https://support.comodo.com/index.php?/Default/Knowledgebase/List/Index/108/sha-2
How can I install my SSL certificate on more than one server?
First, check your certificate license. There are two methods to install your certificate on multiple servers. The first method is to import the certificate, private key, and intermediate files on server #2, #3, etc. Or, create a new CSR and key file on server #2, #3, etc. and reissue the active certificate.
How do I download my certificate files?
When the certificate is issued, the Certificate Authority (CA) will send an email to the Technical Contact listed on the order. That email will contain the certificate files.
Is technical support available from the CA? Should I need it?
For all technical support matters regarding your SSL certificate, you can contact your SSL provider, if needed. The CA does not provide direct support, but we will be able to help you right away, as we are more specialized. However, you can contact the CA directly for questions and support related to the actual validation process of the SSL certificate.
I have changed my server, or moved to a different provider; how do I move my SSL certificate?
If you have the original private key on the active certificate, you can install it on the new server or provide it to your new web host. If you do not have the original private key, you will have to reissue your certificate with a new CSR.
I entered in the wrong common name, how do I change it?
You will need to cancel & reorder your certificate and generate a new CSR with the correct common name.
How do I add additional domains to a multi-domain/SAN certificate?
You can add additional domains to an active certificate by reissuing it.
The CSR cannot be decoded?
This is because it is missing one or more required fields or the CSR contains non-alphanumeric characters in the required fields.
What is a private key used for?
The private key is used on the server-side exchange for creating the secure connection. It should never be exposed to your SSL provider or outside users, unless specifically requested by your web host for installation. Please note if the private key is lost or deleted, you will have to make a new CSR and private key on your server. Your private key is not provided by the Certificate Authority (CA) or your SSL provider.