What is SSL?
The SSL (and TLS) protocol is the Web standard for encrypting communications between users and SSL (secure sockets layer) e-commerce sites. Data sent via an SSL connection is protected by encryption, a mechanism that prevents eavesdropping and tampering with any transmitted data. SSL provides businesses and consumers with the confidence that private data sent to a Web site, such as credit card numbers, are kept confidential. Web server certificates (also known as secure server certificates or SSL certificates) are required to initialize an SSL session.
Customers know when they have an SSL session with a website when their browser displays the little gold padlock and the address bar begins with a https rather than http. SSL certificates can be used on webservers for Internet security and mailservers such as imap, pop3 and smtp for mail collection / sending security.
What is a RapidSSL Certificate?
RapidSSL Certificates uniquely enable businesses to obtain low cost 1 year fully functional chained root SSL certificates and are ideal for websites conducting lite levels of ecommerce.
RapidSSL lowers the barrier of entry for companies that want chained root SSL security by providing immediately issued certificates at the lowest cost available.
What is a RapidSSL Wildcard Certificate?
RapidSSL Wildcard is a chained root SSL certificate that can be used to secure multiple sub domains on a single domain name. RapidSSL Wildcard allows web sites to conduct secure e-commerce with an encrypted SSL connection and is ideal for low volume, low transaction value websites.
Why is stability important for SSL certificates?
All SSL certificates issued by RapidSSL.com are issued from a trusted CA root certificate that is owned by RapidSSL.com. This means that all our certificates are stable.
Owning and using our own root certificate means that RapidSSL.com is always in control of its pricing. This gives us the ability to change pricing depending on market dynamics ensuring that we will always offer our resellers the lowest cost SSL certificate available in the market!
What do you consider low volume, low transaction?
If you have a low volume website and you decide that your customer's confidence is not affected at all by the brand behind the SSL certificate or the volume of customers that would have an issue are insignificant in number then RapidSSL is the perfect answer.
It is all about customer confidence. Whilst RapidSSL technology is production grade, only you can really determine whether your customers confidence will improve significantly if you purchase an established brand like GeoTrust.
As a guide, typical customer transaction value is sub 50 USD, and volumes of transactions are less than 50 per week.
Note: The 50 per week example figure is simply a commercial guide and not a technical restriction. Technically the RapidSSL certificate will not be restricted from conducting more transactions than 50 - they are still industry standard 128 / 256 bit SSL certificates. However it is our opinion that sites conducting more than 50 transactions will require a Professional Level SSL certificate due to the increased likelihood that the website's customers will expect SSL from a highly credible and established SSL provider and well known internationally accepted SSL brand.
What is a FreeSSL Certificate?
FreeSSL is a FULLY FUNCTIONAL chained root trial certificate valid for 30 days. It is the only fully trusted chained root trial certificate available. If you need to test your server, or would like to test our support and issuance speed then FreeSSL is an ideal solution.
FreeSSL certificates have the same browser recognition rates as both our RapidSSL and RapidSSL Wildcard, and upgrading to either one of these certificate is easy.
What browser versions are compatible with RapidSSL, RapidSSL Wildcard and FreeSSL?
RapidSSL.com certificates are compatible with IE 5.01+, Netscape 4.7+, Mozilla 1+, AOL 5+, Firefox, Safari and many newer Windows and Mac based browsers, meaning that they are compatible with SSLv2 and SSLv3.
Why are you providing RapidSSL and RapidSSL Wildcard secure server certificates?
By providing RapidSSL and RapidSSL Wildcard certificates, we are lowering the barrier of entry for companies and websites wishing to secure their low volume and low value online transactions and data with the lowest cost chained root install certificates available.
How long are your SSL certificates valid for?
RapidSSL certificates are valid for 1 to 4 years.
FreeSSL certificates are valid for 30 days.
When your SSL certificate expires, we will give you instructions on how to renew.
How long does it take to issue my Certificate?
If you need an SSL certificate right away, you have options. If you can wait 3-5 days, you can get certificates from established vendors that use slow traditional validation methods. However, immediate issuance certificates use alternate validation methods. Please review our information on validation to familiarize yourself with standard methods and question your vendors when in doubt.
Is there a limit to the number of certificates I can order?
We do not limit the amount of RapidSSL or RapidSSL Wildcard certificates that can be ordered. Go ahead and get as many as you need!
We limit one FreeSSL certificate to a domain name - FreeSSL is only a trial certificate designed to help you test your system and evaluate using RapidSSL.com for your production certificates.
What is browser ubiquity or browser recognition?
Browser ubiquity is the term used in the industry to describe the estimated percentage of Internet users that will inherently trust an SSL certificate. The lower the browser ubiquity, the less people will trust your certificate - clearly, if you are operating a commercial site you require as many people as possible to trust your SSL certificate. As a general rule, any SSL certificate with over 95% browser ubiquity is acceptable for a commercial site.
Ubiquity is however not the only consideration in deciding whether one SSL certificate is better than another. Many companies running high transaction volume web sites need to maximize customer confidence and therefore buy certificates from well known, long time security vendors and mostly use the major players e.g. GeoTrust and Symantec who are all WebTrust compliant.
If you have a low volume web site and you decide that your customers confidence is not effected at all by the brand behind the SSL certificate, or the volume of customers that would have an issue are insignificant in number, then RapidSSL or RapidSSL Wildcard certificates are ideal.
Can I see which Certification Authorities have their own Trusted CA root present in browsers?
Yes. Your browser contains a Trusted CA root certificate store. You can access this by opening Internet Explorer, then go to Tools, select Internet Options, select the Content tab, click Certificates, select the Trusted Root Certification Authorities tab. You will then see a dialog box presenting a list of all Certification Authorities who own their own Trusted CA roots (you can examine the root certificate by double clicking it).
GeoTrust owns the Equifax root (Equifax Digital Certificate services became GeoTrust in 2001).
RapidSSL.com's RapidSSL product owns its own root.
Can I secure multiple subdomains with a single Certificate?
An SSL certificate is issued to a fully qualified domain name (FQDN). This means that an SSL certificate issued to "secure.RapidSSL.com" cannot be used on different subdomains, such as "www.RapidSSL.com". To get around this restriction we have available RapidSSL Wildcard Certificates. Wildcard Certificates allow you to secure multiple subdomains on the same domain name, thereby saving you time and money, and of course you do not need to manage multiple certificates on the same server.
So with a single certificate issued to *.yourdomain.com you could protect:
What validation processes does RapidSSL.com use?
Trust hierarchy demands that entities "vouch" for each other. Companies that issue SSL certificates are in the business of establishing that entities on the web are, in fact, who they claim to be. The potential for criminal activity on the web (in relevance to SSL anyway), is in online ‘hijacking’ of sites or connections to siphon encrypted data. Persons so inclined can easily "copy" web site interfaces and pose as well known vendors, simply to collect these data.
SSL certificates work to prevent this through ensuring that www.abc.com is, in fact, ABC Co. In the “real world”, we use identification procedures like photo ids, telephone calls and papers of incorporation to know with whom we’re dealing. If products or services are defective, buyers can seek recourse. In the “online world”, companies wishing to use SSL certificates must prove to the certificate authority that they have the right to present themselves online as ABC Co.
This is done through a variety of means in different SSL products. For simplicity’s sake, consider the method started and championed by Symantec, as the ‘traditional’ model. The process involves certificate petitioners faxing in their articles of incorporation, and then waiting several days to be granted a certificate to do business online under that name. There is a fair amount of overhead related to this task, as these credentials are examined and reviewed, and full-service products in this arena can cost hundreds of dollars.
There are newer, lower-cost alternatives in which certificates are issued more quickly. These certificates verify that the certificate holder is the owner of that domain, ensuring customers that URL “owners” are who they claim to be.
There are also other validation options, like two-way, real-time telephony. Certificate applicants are required to provide telephone numbers, and certificate authorities call to verify basic information, yet another way to seek recourse in the event of problems.
What is the Warranty?
We value our customers, so we provide a $10,000 warranty on our RapidSSL and RapidSSL Wildcard certificates. The warranty protects the end user if we mis-issue a certificate.
It is worth noting that other SSL Providers use warranty as a means of adding perceived value to their offerings, as such will offer the same certificate with higher warranties and then charge more for the certificate! We want to make it clear that warranty has not been collected on any SSL Certificate, ever! The inclusion of a $10,000 warranty on RapidSSL makes RapidSSL.com the lowest cost provider of highly trusted, fully warrantied SSL certificates!