Technical

Frequently Asked Questions

We have put the following information together based on common technical questions we are asked. Please Contact Us if you have a question which has not been answered on this page.

Trustico® Parked Support Image

What Is A CSR & How Do I Generate One

A CSR is a Certificate Signing Request. It is a block of encoded data that is generated by your web server and contains the necessary details about your domain and organization. For instructions on how to generate a CSR on your web server or hosting account, please follow our detailed instructions or the instructions provided by your software provider. Find Out More

The Ordering System Says My CSR Is Invalid

There are a number of common issues that would cause the CSR to be invalid. When you created the CSR you will have been asked for several pieces of information, now :

Check the common name field. You may have specified an IP address (e.g. 178.0.1.23) or a server name (e.g. mywebserver) instead of a Fully Qualified Domain Name such as www.mydomain.com or domain name such as mydomain.com. You must specify a Fully Qualified Domain Name or domain name to apply for most SSL Certificates.

Make sure you do not have any illegal characters in any of the fields in the CSR. Illegal characters are [! @ # $ % ^ ( ) ~ ? > < & / \ , . " ']

Check the country field. If you are located in the United Kingdom, do not specify your country code when generating the CSR as "UK" - it must be "GB".

Make sure you have included the header and footer of the CSR into the application form. The header and footer will look like :

-----BEGIN CERTIFICATE REQUEST -----
encoded data
-----END CERTIFICATE REQUEST-----

Make sure that there are 5 dashes on each side of Begin and End certificate request. There should also be no trailing spaces in the CSR.

Can I Change My CSR

Yes, you can change or correct your CSR at a number of stages during the ordering process. You will be asked in the final steps to confirm the details provided. When you have confirmed then you will no longer be able to change details or your CSR.

Once your certificate has been issued you cannot change the common name (e.g. the domain name) of your SSL Certificate.

I Have Not Received Any E-Mails

Please ensure that you have access to the e-mail addresses used in the ordering process. Also, as we send unique URLs in the issued e-mails, be sure that your mail server has not separated or quarantined the e-mails. You may use the Tracking area of our website to resend important e-mails.

I Have Not Received An Approver E-Mail

When ordering a Domain Validated SSL Certificate (DV) the Approver E-Mail will be sent to the authorized domain name owner or controller. When you apply for your SSL Certificate we will attempt to obtain the authorized domain contacts for your domain name. You may then choose to have the Approver E-Mail sent to either the authorized domain contact, or alternatively you will be able to choose a generic domain contact. Make sure that you have set up the e-mail addresses chosen at this point in the application otherwise the Approver E-Mail will not be delivered.

How Do I Install My Certificate

You will need to refer to the documentation provided by your hosting company or software vendor. We have some guides that may assist. Click Here.

Common SSL Errors & Solutions

PROBLEM :"The Security Certificate Is From A Trusted Certifying Authority"

SOLUTION : This usually indicates that the certificate has not been installed correctly or the server requires a physical reboot. First try reinstalling the certificate and physically restarting your server.

PROBLEM : "The Security Certificate Date Is Valid"

SOLUTION : This indicates that the certificates has expired, or is not yet valid. It may also indicate that the time/date is incorrect on the computer being used to visit the website over https.

PROBLEM : "The Name On The Security Certificate Is Invalid Or Does Not Match The Name Of The Site"

SOLUTION : An SSL Certificate is issued to a Fully Qualified Domain Name (FQDN). The actual FQDN is digitally signed and sealed within the issued certificate. The SSL Certificate can only be used on this FQDN and nothing else - otherwise a name mismatch occurs. For example :

An SSL Certificate issued to www.yourdomain.com can only be used on www.yourdomain.com. It cannot be used on secure.yourdomain.com or even just yourdomain.com (with no sub domain). If you require a single SSL Certificate that can be used on multiple sub domains then you may want to consider a wildcard certificate.

PROBLEM : "This Page Contains Both Secure & Non-Secure Items"

SOLUTION : This error occurs when you are trying to reference files from your (or somebody else's) web server over http when you have a https session. Either change the file references, e.g. graphics, style sheets, etc, in your HTML web-page code to https or use relative links.

I Can Not View Pages Over SSL

This error will occur when your web server, firewall or network has not been correctly configured to serve pages over SSL.

Check that your SSL Certificate has been installed for the correct website. Ensure your Private Key is not corrupt or has not been accidentally deleted. Check you have assigned port 443 as the SSL port on your web server. Ensure port 443 is not blocked on your firewall or router. Ensure you have correctly configured your DNS settings on your network.

I May Need To Change My IP Address

An SSL Certificate is usually issued to a domain name and not an IP address. So long as your web server is hosting the domain name for which your SSL Certificate has been issued, the IP address doesn't matter.

Is An IP Address Required

The SSL protocol encrypts the domain name when an SSL session is being established. If you are hosting many websites each with their own SSL Certificate on the same web server, each website must have a unique IP to ensure that the web server knows which domain the SSL session should be for. If you only host a single domain then you can use name based hosting. However if you host multiple domains on the same server then you must use IP based hosting.

Please note that host headers on Internet Information Server (IIS) will cause SSL errors if you install multiple SSL Certificates for multiple domains on a single IP address.

I Have Deleted Or Lost The Private Key

First check your backups and see if you can find the Private Key. If you have purchased Issuance Insurance you may have your SSL Certificate re-issued free of charge, otherwise you must purchase a new SSL Certificate.

How To Move The SSL Certificate To A New Server

You will need to export your current SSL Certificate and import it into the new server. You must contact your systems administrator, hosting company or server provider for assistance. The most important part of your SSL Certificate is the Private Key and SSL Certificate as they work together.

Error : Pending Request Not Found

If you are attempting to install a certificate that does not match the Private Key (Pending Request) you will receive this error. Internet Information Server (IIS) only allows you to make one request per site. If you create a new CSR for the same website your original request (and Private Key) will be overwritten.

If you have a backup of the Private Key, you can install the certificate via the MMC if you can restore the request to the REQUEST folder. If you lose your Private Key you may need to complete a new order or use Issuance Insurance.

Intermediate Certificate - CA Bundle

To successfully install your SSL Certificate you may be required to install an Intermediate CA Certificate. Please review your fulfillment e-mail carefully to determine if an Intermediate CA Certificate is required, how to obtain it and correctly import it into your system.