Get SSL Certificate in Zimbabwe!

You need an SSL Certificate. This is security for sites that handle sensitive information such as visitor's personal information and credit card numbers. It creates a secure connection between a visitor's web browser and the server of the company they're interacting with. Hence earning trust with users.

Is SSL certificate mandatory? Yes, an SSL Certificate is necessary to avoid hackers from your website. It is mandatory for your website to be accessible through https connection because https connection provides security to your data- it protects it from snoopers. Truly this is necessary. Even Google now penalises website without SSL.

What is an SSL certificate and do I need one? An SSL certificate scrambles data as it flows between your website and its visitors. Everything is encrypted — including non-sensitive information, as well as names, passwords and banking details. Improve your website security with an SSL certificate — it ensures a private connection between you and your site visitors.

Secure your website, emails and server today.

Most websites in Zimbabwe are not secure. This is manly due to lack of SSL Certificates on Zimbabwean websites. We fix these issues by offering SSL Certificates in Zimbabwe for even .co.zw domain names. Not only do we sell SSL Certificates, we offer free installation for major control panels as well. Buy SSL Certificate in Zimbabwe today!

Which type of SSL is best for you?

Get SSL Certificates...

Domain Validated (DV)

Domain Validated (DV) certificates are a fast and simple way to secure your website with industry-standard up to 256-bit encryption. The process of obtaining one of these SSL certificates couldn't be easier and is usually handled with just a standard email. A file-based authentication method can also be used and is recommended if you have direct access to the server that hosts your domain name. In order to receive a DV certificate from one of our trusted Certification Authorities (CAs), all you have to do is prove that you own the domain that you wish to protect. Since no extensive validation process is required, DV certificates are the most affordable type of SSL on the planet.

Organization Validated

Organization Validated certificates, or OV certificates, are a type of SSL technology that offers up to 256-bit encryption to websites of businesses and other registered organizations. The difference between OV certificates and domain validated (DV) certificates is that a little extra vetting is required to confirm that you not only own your domain but that your organization is also legit. But don't fret! So long as your business is registered, the validation process isn't a problem. In most cases, it only takes a couple of days and you'll be all set.

Extended Validation

Extended Validation SSL certificates are the gold standard. They encrypt your website, and also have a variety of extra premium features that have proven to boost trust & clearly demonstrate that you are, in fact, someone safe to do business with. They enable the green address bar! Granted, the only thing green about the EV address bar nowadays is the font. But the name just kind of stuck. Not just anyone can obtain an EV SSL certificate, which activates this globally trusted & recognized green bar. Before issuing your EV SSL certificate, your Certificate Authority (CA) has to first complete a thorough validation process to verify & ensure that you're actually a legitimate business.

SAN Muilti-Domain

Multi-Domain and Unified Communications Certificates (UCC) protect all sorts of different fully qualified domain names (FQDNs): public ID addresses, private host names, IP addresses and other subject alternative names (SANs) with one simple solution. Rather than buying an individual SSL certificate for each and every domain you control, this SSL is a cost-effective alternative that simplifies the validation process, saves you money, and offers the encryption you require.

Wildcard Certificates

If you have a website that has multiple sub domains, you're going to love wildcard SSL certificates. Rather than having to purchase an SSL certificate for each and every sub domain, you can actually protect them all with just one wildcard SSL certificate. This can lead to some major savings and make managing your SSL portfolio a breeze.

Multi-Domain Wildcard

There's nothing a Multi-Domain Wildcard SSL certificate can't secure. For any company or organization with a complicated public-facing web infrastructure, a Multi-Domain Wildcard is the perfect security solution. Depending on CA, you can secure up to 25, 100 or 250 different domains or IPs and all accompanying sub-domains. Nothing saves you more time, money and effort than securing your entire web presence with a single SSL certificate.

Code signing

Code signing certificates are a useful tool that can be used to protect your code, content, and other files when transmitted online. Understandably, people are leery of downloading any applications that they can't trust onto their computers, which is why code signing certificates are so valuable. By signing your file extension with this encryption technology, a third party Certification Authority (CA) will confirm you as the author of the file and the certificate will automatically alert the user if any changes are made to the code. That way you don't have to worry that someone has altered your work without your knowledge.

Email Signing

Today more than ever, people rely on the Internet to send and receive personal information. Mortgages are signed. Bank accounts are opened. Applications for employment with social security numbers are submitted. The list goes on and on. And the only way that this is accepted is because of truly advanced encryption technology like you find in email and document signing certificates. With this tool at your disposal, you can send and receive sensitive information without worrying about the true identity of the sender or the data being compromised.

Anti-Malware Scanning

We all know how annoying, not to mention hazardous a hacked website can be. And since malware is designed to make very small changes to your code, an infection to a website can be difficult to detect for even the most tech-savvy individuals. Make your life easier and protect your business by implementing website scanners to detect vulnerabilities and malware...and show you how to quickly fix any issues that happen.

SSL, which stands for Secure Sockets Layer, is a cyber-security protocol that digitally encrypts information sent from a browser to a server. SSL certificates are used to protect sensitive information like credit card numbers, usernames, passwords, email addresses, and more. A website with an SSL certificate is identified using a number of trust indicators, like “https” and the padlock icon in the browser bar, a site seal from a reputable Certificate Authority (CA), and a green bar that wraps around the URL on more premium certificates.

The only way to get the green address bar on your website is with an Extended Validation (EV) certificate. These are the only type of SSL certificate that come with the green address bar.

The main criteria for qualifier for an EV certificate would be that your business is an official company registered with a government authority. Also, if you’re a Sole Proprietor or a Partnership registered in the U.K., you cannot qualify for any EV SSL certificate.

GeoTrust and RapidSSL both offer coverage for www and non-www. As long as the certificate is generated with www as the common name, the non-www version will automatically be covered. This is not the case, however, for Symantec and Thawte certificates. You will to purchase separate certificates to cover both the www and non-www common name for either of those brands. Comodo certificates also automatically cover www and non-www.

Wildcard SSL certificates can cover one main domain name (www.domain.com) and an unlimited amount of subdomains (mail.domain.com, login.domain.com, test.domain.com, etc.).

Multi-domain or SAN (Secure Alternate Name) SSL certificates can cover multiple domain names on just one certificate. For example, Symantec and Thawte multi-domain certificates can cover up to 250 domains. GeoTrust multi-domain certificates can cover anywhere from 25 to 250 domains, depending on the type of certificate you order.

Wildcard SSL certificates can cover one main domain (www.domain.com) and an unlimited amount of subdomains (mail.domain.com, login.domain.com, test.domain.com, etc.). Multi-domain (SAN) SSL certificates can cover multiple domains on just one certificate. For example, Symantec and Thawte multi-domain certificates can cover up to 250 domains. GeoTrust multi-domain certificates can cover anywhere from 25 to 250 domains, depending on the type of certificate you order.

256-bit encryption is a server configuration. This has nothing to do with the certificate itself, it is based on your server configuration. To learn this, you should seek information provided by your webhosting platform or operating system. They will inform you how to set this encryption strength up.

These key lengths refer to the strength of the private key. You can think of it as the size of the cypher being used to encode your messages. Obviously, 2048-bit private keys are exponentially more secure than 1024-bit ones and are the new standard across the industry and are required during the generation process.

SHA stands for Signature Hashing Algorithm. It’s a mathematical hash that proves the authenticity of the certificate. SHA-1 is an older version of the algorithm that is no longer seen as secure by industry experts and major browsers and is not allowed to be used during the generation process any longer by the industry. SHA-2 is the latest version that is widely accepted and viewed as secure by all major browsers and industry experts. The hashing algorithm of your CSR has no relevance to what hashing algorithm is used on the certificate.

Sole Proprietors outside of the U.K. can qualify for both OV and EV certificates. However, Sole Proprietors located in the United Kingdom or UK Partnerships cannot qualify for EV certificates, but are eligible for OV certificates, with additional documentation required.

A Certificate Authority (CA) is the company that actually issues the SSL certificates. Symantec, Thawte, GeoTrust, RapidSSL, and Comodo are all CAs, for example. We are a reseller of these CAs, meaning that we are able to offer the exact same certificate that you would get from buying direct, but at much lower prices. We are hooked up to the API of these CAs, which is how we are able to offer the exact same products. Because we buy in bulk, we are able to offer them at the significant discounts that you see. We also offer dedicated SSL support for every certificate we offer and can help walk you through the entire process, from purchasing to generation to issuance to installation and more.

All of the Certificate Authorities (CAs) that we carry are leaders in the industry and trusted across the world. Symantec is the largest CA in the world, and their Norton Trust Seal is the most recognized symbol of trust across the web. Their name definitely adds the most value of any CA in the industry. Additionally, GeoTrust, Thawte, RapidSSL, and Comodo are all trusted and secure CAs.

Yes, the brands that we provide all have their roots included in modern devices and browsers. They all feature 99% or better compatibility, or browser ubiquity.

An SSL certificate warranty covers any damages that you may incur as a result of a data breach or hack that was caused due to a flaw in the certificate. The warranties range in value, which means that the higher value certificates come with more extensive warranties.

Browser ubiquity or browser recognition basically means how many browsers recognize an SSL certificate and properly display the trust indicators. So, the higher the browser ubiquity of an SSL certificate, the more browsers that recognize and accept it.

Our SSL certificates can be valid from anywhere to 1-2 years, depending on the certificate you choose to purchase. Per the Certificate Authority/Browser (CA/B) Forum, the governing body of the SSL industry, EV certificates can only be issued for a maximum of 2 years. DV and OV certificates from Symantec, GeoTrust, Thawte, Comodo and RapidSSL can be issued for a maximum of 2 years.

An intermediate certificate is a file that helps the web browser identify who issued your SSL certificate. It is not required, but it is HIGHLY recommended that you install it along with your server SSL certificate in order to have full compatibility with all browsers and mobile devices.

An intermediate certificate will be emailed to you along with your SSL certificate. You can also download the intermediate certificate from the vendor’s website, which is something that can be done if you didn’t receive the intermediate via email. This is also sometimes referred to as the “CA Bundle.” It is also important to note that some certificates have multiple intermediate certificates. Below are the links that you can use to download your intermediate certificate from the vendor website: https://knowledge.digicert.com/generalinformation/INFO4331.html https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=AR1421 https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=AR1384 https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=AR1548 https://support.comodo.com/index.php?/Default/Knowledgebase/List/Index/108/sha-2

You can use SSL to cover an internal domain if it is an officially registered domain (a publically available FQDN). If the internal domain is not a delegated and registered domain, the certificate will not be issued.

If your hosting platform or company tells you that you can only use one certificate file, then you can combine your server certificate with the intermediate file.

That is the difference between the key lengths used once an SSL connection has been established in the browser. 256-bit security is indeed a bigger key however that does not necessarily mean it is more secure. Experts and research agrees that 128-bit is equally secure for the foreseeable future. The only reason 256-bit security is needed is if it’s specifically required by your industry or company policy. All our certificates have the ability to use either bit-length, which one you use is a matter of server configuration, NOT certificate support.

This largely depends on the type of Multi-Domain SSL certificate that you purchase. Comodo Multi-Domain certificates can cover up to 100 additional domains. Symantec and Thawte certificates can cover up to 25 additional domains. GeoTrust Multi-Domain certificates can cover anywhere between 25-100 additional domains, depending on the certificate.

UC stands for Unified Communications and is a newer type of SSL certificate that is designed and primarily used for securing Microsoft Exchange 2007 and Microsoft Office Communications Server 2007 products. The main difference between a UCC SSL and a standard Multi-Domain certificate is that a UCC can secure both internal network names and external domain names as well.

A Multi-Domain Wildcard SSL certificate can secure multiple domains and all of their associated subdomains. Basically, this certificate combines multiple wildcard domains into one certificate.

Your private key should always remain private. The only person that should see your private key is your hosting company, if they ask for it. However, do not delete your private key, as it is required for your certificate to work.

If you’re in a pinch and need your certificate fast, feel free to contact your SSL provider with the exact order you need expedited. They have connections with the Certificate Authorities (CAs) directly and can help make sure your urgent order is treated with top priority.

If you are unsure what your Control Panel/Server OS is, we recommend that you ask your web hosting provider or your IT department.

You can switch your method of Domain Control validation from file-based to email-based for any SSL product that we provide. You can switch from email-based to file-based only for Comodo products.

You do not need to provide any documentation in order to purchase a Domain Validated (DV) certificate. All you will need to do is confirm that you own the domain you wish to cover, either through a simple email or file-based authentication.

Organization Validated (OV) verification requires checking your business registration. If the Certificate Authority (CA) can verify this information using online government databases, no additional documents will be required. However, if the online filings are not available or inaccurate or not up to date, the CA may request additional official government registration documents, which vary on a case-by-case basis. A Dun & Bradstreet listing can usually satisfy most of the requirements for an OV certificate.

EV certificates require a more stringent verification process than OV certificates. To understand the basis of this procedure, please refer to the above question about OV certificate verification. Please note that EV certificates require you to complete a few extra steps, including proving both physical and operational existence as well as completing a simple telephone call with the Certificate Authority (CA) directly.

There are two different types of validation procedures, those types being a certificate for an individual or an organization. If you apply under an organization name, please refer to the OV requirements mentioned above. If you apply as an individual developer, the Certificate Authority (CA) will require you to complete a simple form to verify your identity. This form has to be notarized by a lawyer, CPA, or public notary and you also need to provide a scan of a government issued ID and may be required to provide additional documents depending on the CA.

There are a few reasons why this might be the case. First, verify what email address you have chosen for the Doman Control Validation email (please note: this is different from the contact information provided during the generation process). If you need to change your DCV email, you can use any email on the Whois registration for that domain or one of the five following pre-approved alias email: Admin@domain.com Administrator@domain.com Hostmaster@domain.com Postmaster@domain.com Webmaster@domain.com Also, make sure to check the Spam or Junk Mail folder of your email provider.

If the common name needs to be changed, the only way to do so is by cancelling and reordering the certificate.

Please upload your file to the correct directory. To make sure the authorization is successful make sure the file is viewable at both yourdomain.com/file and subdomain.yourdomain.com/file.

In order to reschedule this, please contact your SSL provider and provide them with your availability. Please note, not all telephone numbers are suitable. The number must be verified by the Certificate Authority (CA), so please confirm the number that the CA will be calling.

This largely depends on the type of certificate that you purchased and your response times. No matter which type of certificate that you purchase, the Certificate Authority (CA) will be contacting you directly and will only proceed with next steps upon your response. For Domain Validated (DV) certificates, these can typically be issued in a matter of minutes to one business day. For Organization Validated (OV) certificates, these tend to take around 2-3 business days to be issued. And for Extended Validation (EV) certificates, these usually take between 3-5 business days to be issued.

For this, we would recommend contacting your SSL provider directly. They should have a list of email addresses and other contact information for the Certificate Authorities (CAs) directly, depending on your region and what type of certificate you purchased.

Certificate Authorities (CA’s) randomly pull certificates aside for additional review from time to time. This does not mean you did anything wrong or that your certificate is invalid. This could also be due to an issue with your domain name. We would advise you to contact your SSL provider, who can contact the CA directly and help get this resolved quickly.

After completing validation, the Certificate Authority (CA) will send the certificate to the email address you provided as your technical contact. If, for whatever reason, the technical contact does not receive the email, please contact your SSL provider after checking your Spam and Junk Mail folders.

Yes, you can do this for DV, OV, and EV certificates.

If you still have the order number they can use the automated password reminder system or if not then, an email must be sent from the administrative email address on the account to admin@tremhost.com. Concluding the original domain name it was purchased for, or the original order number.

First check your backups and see if you can re-install the “private key”. If you don’t know how to re-install the key from your backups, contact your systems administrator. Failing that, contact your web server software vendor for technical support. The only alternative course of action available is a re-issuance of the certificate following the re-submitting of a replacement CSR..

The easiest way is to create a new CSR on the new machine and have the certificate re-issued.

A CSR stands for Certificate Signing Request and is necessary for all SSL certificates in order to complete the generation process. A CSR is generated from your server.

Please consult official documentation for your server, operating system, or control panel. Most documentation can be found online through a simple Google search.

It is impossible to edit any fields once the CSR has been created. You will simply need to generate a new CSR with the correct details?

Make sure you have the correct file copied and not your self-signed certificate, your previous SSL, or if it is bundled as a PKCS7 or PKCS12. Or, you could have a pass-phrase that does not have alpha-numeric characters or disallowed characters. If this is the case, you will need to generate a new CSR without the disallowed characters or in the proper form. Please only use the English alphabet and numbers 0-9. For example, if the “&” symbol is included in your Organization Name, please type out “and” instead.

If this happens, your common name is not appropriately formatted for your type of certificate (wildcard certificates should use *.domain.com, for example) or you could also have disallowed characters in other fields. Please create a new CSR that only use the English alphabet and numbers 0-9. For example, if the “&” symbol is included in your Organization Name, please type out “and” instead.

The private key is used on the server-side exchange for creating the secure connection. It should never be exposed to your SSL provider or outside users, unless specifically requested by your web host for installation. Please note if the private key is lost or deleted, you will have to make a new CSR and private key on your server. Your private key is not provided by the Certificate Authority (CA) or your SSL provider.

This is because it is missing one or more required fields or the CSR contains non-alphanumeric characters in the required fields.

You can add additional domains to an active certificate by reissuing it.

You will need to cancel & reorder your certificate and generate a new CSR with the correct common name.

If you have the original private key on the active certificate, you can install it on the new server or provide it to your new web host. If you do not have the original private key, you will have to reissue your certificate with a new CSR.

For all technical support matters regarding your SSL certificate, you can contact your SSL provider, if needed. The CA does not provide direct support, but we will be able to help you right away, as we are more specialized. However, you can contact the CA directly for questions and support related to the actual validation process of the SSL certificate.

When the certificate is issued, the Certificate Authority (CA) will send an email to the Technical Contact listed on the order. That email will contain the certificate files.

First, check your certificate license. There are two methods to install your certificate on multiple servers. The first method is to import the certificate, private key, and intermediate files on server #2, #3, etc. Or, create a new CSR and key file on server #2, #3, etc. and reissue the active certificate.

The issue is that your visitors’ browsers are unable to properly identify who issued your certificate. First, confirm that your visitors are not seeing an incorrect or outdated certificate. Once you have made sure that your visitors are seeing the correct certificate, the issue is most likely solved by installing the intermediate certificates. Below are the links that you can use to download your intermediate certificate from the vendor website: https://knowledge.digicert.com/generalinformation/INFO4331.html https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=AR1421 https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=AR1384 https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=AR1548 https://support.comodo.com/index.php?/Default/Knowledgebase/List/Index/108/sha-2

Yes, you must have a static IP address for an SSL certificate. If you do not have one, you may be able to assign one via your webserver or you may need to purchase one from your web host if you own/operate your webserver (usually only a few dollars a month).

There are several reasons why this could be occurring or a combination of several. The four most common reasons are: Insecure content, which means there are HTML elements on your site being explicitly linked by http. This would need to be updated via your system administrator. Missing or invalid intermediate chain. Your certificate is issued from an intermediate file. Make sure that you install this alongside your certificate on your server. If you do not have this file please contact your SSL provider. Your certificate is issued with the SHA-1 hashing algorithm. Browsers no longer trust this algorithm. You will need to reissue with SHA-2. It is the incorrect certificate. Sometimes your old expired certificate or a certificate provided by your hosting company or a self-signed certificate is installed on your site. You will need to identify the source of the incorrect certificate and contact that party to resolve the issue.

There are actually many reasons why this could be happening, some of which could be entirely unrelated to your certificate. So, unfortunately, we can’t give specific advice. But, we would recommend clicking on the “Details” button to get more specific information about this error from the browser.

This means that URL in the browser and the common name in the certificate are not an EXACT match (for instance, the www. is missing). Another common reason for this is the web host’s certificate is incorrectly assigned to your domain name. Or, you purchased a certificate that does not cover the specific subdomain you are looking at.

This is more than likely because the intermediate certificates were never installed. Installing them should resolve this error. Below you will find links on where to locate and install your intermediate certificate, depending on the Certificate Authority that issued the cert. Or you can always contact your SSL provider. https://knowledge.digicert.com/generalinformation/INFO4331.html https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=AR1421 https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=AR1384 https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=AR1548 https://support.comodo.com/index.php?/Default/Knowledgebase/List/Index/108/sha-2

You can use the SSL checker tool from Cert Logik to test whether or not your SSL certificate has been installed properly. The link is: https://certlogik.com/ssl-checker/.

A renewal is basically the same as buying a brand new certificate, “renewal” is simply an industry term that is used by all providers. So, you can go through the exact same purchasing process to renew your certificate. However, if you have access to a “renewal” option when purchasing your SSL certificate, be sure and use that so you get the remaining time rolled over from your expiring certificate to your new renewal certificate.

We recommend that you generate a new CSR to renew your certificate; however, if generating a new CSR proves to be challenging, you can use the original CSR and it will work. The drawback of using the original CSR is that it will be the exact same private key, so it’s a little less secure.

Depending on the certificate details submitted with your renewal, the Certificate Authority (CA) may be able to use some previously validated information/documents. If this is an EV order, certificates validated more than 13 months are required to complete full business validation again, including providing new documentation. For OV orders, the CA can reuse previous validated information up to 39 months from the original order. Please note that if any details of your organization change, you may be required to provide additional documents.

Most likely, you did not generate or apply for your renewal certificate. Think of SSL like a passport – when the old one expires you must toss it out and apply for a new one. You should be able to see in your account or via an email how to generate or apply for your new order. If you have generated, make sure that the new certificate was approved and installed in place of the old expiring certificate.

Most likely, you did not generate or apply for your renewal certificate. Think of SSL like a passport – when the old one expires you must toss it out and apply for a new one. You should be able to see in your account or via an email how to generate or apply for your new order. If you have generated, make sure that the new certificate was approved and installed in place of the old expiring certificate. If the new certificate is installed, then the issue is with the configuration. Common solutions to this problem are to restart your webserver (http server), also to uninstall/delete the incorrect/old certificate(s).

A code signing certificate is technically not an SSL certificate. It is a certificate-based digital signature algorithm that verifies a piece of code has not been altered or corrupted since it was signed by the author. You can think of it as “digital shrink-wrap” that verifies code is authentic, increasing customer trust and willingness to download and install it. All major operating systems like Windows, Apple OS X, and Linux support code signing and use it themselves to ensure malicious code can’t be distributed through the patch system.

In order to utilize the in-browser controls provided by the CA, all applicants who are attempting to generate a code signing certificate must use Firefox as their default browser. If this browser is not properly used, the applicant will receive an Error Message. Due to the amazing in-browser controls provided by the CA, applicants who use Firefox as their browser will be able to automatically generate the CSR and store the private key within Firefox’s file system. This unique private key will automatically be pulled by the corresponding certificate during the installation/download process.

After completing the validation process, the CA will release the certificate from their system and send a ‘collection’ or ‘pick-up’ link to the verified email address. Using the same PC which generated the order and Firefox as the browser, follow the link and download the certificate. Firefox will automatically pull the previous stored private key and install the code signing certificate. After downloading is completed, we recommend exporting the code signing certificate and private key from the browser into a PFX (.p12) file.

The issue lies with either one, two or a combination of both things. First, make sure you are using Firefox as your default browser. If this browser is not used properly, you will receive an error message. Second, please make sure you are using the same PC which generated the order. If you are using a different PC, the certificate will not be able to download because the corresponding private key is missing.

First, it is important to note that a Code Signing Certificate can only be generated and exported from Firefox. The steps for exporting your code signing certificate and private key in Firefox are as follows: Click the “Open” menu Select “Options” Click on “Advanced” or “Encryption” Under the certificate tab, select “View Certificates” Under Your Certificates, click your certificate name Once highlighted, select “back up all” and enter in your passphrase

The platforms that can be signed for are as follows: Windows 8 Any Microsoft format (32 and 64 bit), EXE, OCX, MSI, CAB, DLL, and kernel software Adobe AIR applications JAVA applets Mozilla Object files MS Office Macro or VBA (Visual Basic for Applications) files Apple Mac software for MacOS 9 and OSX Microsoft Silverlight applications or XAF files