A Guide to RapidSSL Certificate
1. What is SSL?
The SSL protocol is the Web standard for encrypting
communications between users and SSL (secure
sockets layer) sites where Ecommerce or sensitive
data is exchanged. Data sent via a SSL connection
is protected by encryption, a mechanism that
prevents eavesdropping and tampering with any
transmitted data. SSL provides businesses and
consumers with the confidence that private data
sent to a Website, such as credit card numbers,
will be kept confidential. Web server certificates
(also known as secure server certificates or
SSL certificates) are required to initialize
an SSL session.
Customers can easily detect when they have
a SSL session established with a Website because
their browser displays the little gold padlock
and the address bar begins with an “https” rather
than “http.” SSL certificates can
be used on Web servers for Internet security
and mailservers such as imap, pop3 and smtp for
mail collection / sending security.
is a RapidSSL Certificate?
RapidSSL Certificates uniquely enable businesses
to obtain low cost fully functional single root
trusted SSL certificates.They are ideal for
Websites conducting light levels of Ecommerce
or sites that provide a secure login area. RapidSSL.com
owns the root used to issue the certificates,
making RapidSSL both stable and far easier to
install than a chained root install certificate.
RapidSSL lowers the barrier of entry for companies
that want single root SSL security by providing
immediately issued certificates at the lowest
See a RapidSSL Certificate in action - click
a Secured by RapidSSL test page.
is a Single Root SSL Certificate?
When connecting to a Web server over SSL, the
visitor's browser decides whether or not to trust
the Website's SSL certificate based on which
Certification Authority has issued the actual
SSL certificate. To determine this, the browser
looks at its list of trusted issuing authorities--represented
by a collection of Trusted Root CA certificates
added into the browser by the browser vendor
(such as Microsoft and Netscape).
Most SSL certificates are issued by CAs who
own and use their own Trusted Root CA certificates,
such as those issued by GeoTrust and RapidSSL.com.
Since GeoTrust and RapidSSL.com are known to
browser vendors as trusted issuing authorities,
their Trusted Root CA certificate has already
been added to all popular browsers. These
SSL certificates are known as "single
root" SSL certificates. RapidSSL.com, a
subsidiary of GeoTrust, owns the Equifax Secure
eBusiness CA-1 root used to issue its certificates.
Some Certification Authorities, like Comodo,
do not have a Trusted Root CA certificate present
in browsers, therefore they need a "chained
root" in order for their certificates to
be trusted - essentially a CA with a Trusted
Root CA certificate issues a "chained" certificate
which "inherits" the browser recognition
of the Trusted Root CA. These SSL certificates
are known as "chained root" SSL certificates.
Installations of chained root certificates are
more complex and some Web servers are not compatible
with chained root certificates.
For a Certification Authority to have its own
Trusted Root CA certificate already present in
browsers is a clear sign that they are long-time,
stable and credible organizations who have established
relationships with the browser vendors (such
as Microsoft and Netscape) for the inclusion
in their Trusted Root CA certificates. For this
reason, such CAs are seen as being considerably
more credible and stable than chained root certificate
providers who do not have a direct relationship
with the browser vendors.
Chained root certificates require additional
effort to install as the Web server must also
have the chained root installed. This is not
necessary for single root certificates.
browser versions are compatible with RapidSSL?
RapidSSL.com certificates are compatible with
IE 5.01+, Netscape 4.7+, Mozilla 1+, AOL 5+,
Firefox, Safari and many newer Windows and Mac
based browsers and are single root install certificates
(they do not use chaining technology), meaning
that they are compatible with SSLv2 and SSLv3.
Single root certificates are also more widely
accepted by Web servers with some Web servers
not accepting chained root technology.
5. Why is
Asia Pacific IT providing RapidSSL secure
By providing RapidSSL certificates, Asia Pacific IT
is lowering the barrier of entry for companies
and Websites wishing to secure their low volume
and low value online transactions and data with
the lowest cost single root install certificates
6. How long
are the SSL Certificates valid?
RapidSSL certificates are valid for 1 to 5 years.
FreeSSL certificates are valid for 30 days.
When your SSL certificate expires, Asia Pacific IT
will automatically provide you with renewing
7. How long
does it take to issue a SSL Certificate?
If you need a SSL certificate right away, you
have options. If you can wait 3-5 days, you can
get certificates from established vendors that
use traditional validation methods. However,
immediate issuance certificates use alternate
validation methods. Please review our information
on validation to familiarize yourself with standard
methods and question your vendors when in doubt.
RapidSSL and FreeSSL are issued immediately.
Can I secure multiple subdomains with
a single SSL Certificate?
A SSL certificate is issued to a fully qualified
domain name (FQDN). This means that a SSL certificate
issued to "www.yourdomain.com" cannot
be used on different subdomains, such as "secure.yourdomain.com".
processes does RapidSSL.com use?
Trust hierarchy demands that entities "vouch" for
each other. Companies that issue SSL certificates
are in the business of establishing that entities
on the Web are, in fact, who they claim to be.
The potential for criminal activity on the Web
(in relevance to SSL anyway), is in online "hijacking"
of sites or connections to siphon encrypted data.
Persons so inclined can easily "copy" Web
site interfaces and pose as well known vendors,
simply to collect data.
SSL certificates work to prevent hijacking by
ensuring that www.abc.com is, in fact, ABC Co.
In the “real world”, we use identification
procedures like photo ids, telephone calls and
papers of incorporation to know with whom we’re
dealing. If products or services are defective,
buyers can seek recourse. In the “online
world”, companies wishing to use SSL certificates
must prove to the Certificate Authority that
they have the right to present themselves online
as a particular company.
This verification is done through a variety
of means in different SSL products. For simplicity’s
sake, consider the method started and championed
by Verisign, as the "traditional" model.
The process involves certificate petitioners
faxing in their articles of incorporation, and
then waiting several days to be granted a certificate
to do business online under that name. There
is a fair amount of overhead related to this
task, as these credentials are examined and reviewed,
and full-service products in this arena can cost
hundreds of dollars.
There are newer, lower-cost alternatives in
which certificates are issued more quickly. These
certificates verify that the certificate holder
is the owner of that domain, ensuring customers
that URL “owners” are who they claim
There are also other validation options, like
two-way, real-time telephony. Certificate applicants
are required to provide telephone numbers, and
certificate authorities call to verify basic
information, which is yet another way to seek
recourse in the event of problems.
As part of the provisioning process with RapidSSL,
your business will be assigned a Unique Business
Identifier — equivalent to a DUNS number.
The Unique Business Identifier provides a corporate
profile to your Internet users through information
imbedded in your certificate. The business registration
profile initially contains the basic self-reported
information from your CSR — your Domain,
Company Name, Division, Country, State and City.
Your Unique Business Identifier will allow relying
parties to view and purchase additional data
about your company. With the Unique Business
Identifier, industry-recognized domain control
authentication, and two-factor telephony authentication,
both of these products add further validation
to forge the strongest real-time authentication
process on the market today.
is the warranty on my Certificate?
RapidSSL provides a $10,000 warranty on
certificates. The warranty protects the
end user if RapidSSL misuses a certificate.
It is worth noting that other SSL Providers
use warranties as a means of adding perceived
value to their offerings.They then,
offer the same certificate with higher warranties
and charge more for the certificate! RapidSSL
wants to make it clear that warranty has not
been collected on any SSL Certificate, ever.
The inclusion of a $10,000 warranty on RapidSSL
makes RapidSSL.com the lowest cost provider of
highly trusted, fully warrantied SSL certificates.
submitted my order, how do I get my RapidSSL
RapidSSL employs a two-level automated vetting
process. You must complete both stages of the
vetting process before your SSL certificate can
Stage 1: Telephone Authentication
As part of the enrollment process you will be
prompted to complete the Telephone Authentication.
This is where RapidSSL will place an automated
call to your telephone number and ask you to
enter a PIN they display on screen, so ensure
you have access to a telephone when you enroll.
If you do not have access, or experience any
difficulty in completing the Telephone Authentication
during enrollment do not worry. RapidSSL will
also send you an email specifying how you can
attempt the process again. If you still have
problems, please call RapidSSL technical support
immediately at (720)-359-1590 or +44 870 4325190
and they will assist you in completing the process
Stage 2: Approver Email
When you have successfully completed the Telephone
Authentication, RapidSSL will send an Approver
email to the designated Approver email address.
You must select the Approver email
address during enrollment. Your Approver email
address would either be:
The email address associated with your WHOIS
contact (if you are unsure you can check this
address by searching the WHOIS database at www.internic.com),
or a generic email address such as:
Unless the Approver receives this email and
approves the application by clicking on the link
within the email, your certificate cannot be
issued. If you are the administrator of the Approver
email address please check any spam filters and
virus protection folders in case the email has
If you experience any difficulties, contact
RapidSSL technical support team at:
|In the US:
600 17th Street, Suite 2800 South
Denver, Colorado, USA 80202
Tel: 720 359 1590
Fax: 720 528 8160
Office hours: 1 AM to 9 PM EST
155 Regents Park Road
London, England, NW18BB
Tel: +44 870 4325190
Fax: +44 870 4325191
Office hours: 6 AM to 2 PM
do I need to enroll for an SSL Certificate
for my Web server?
You need the following:
• A Web server that is capable of running
• Access to the SSL configuration functions
of your Web server (you may need to speak to your
Web host if you cannot readily identify where these
• A Certificate Signing Request (CSR)|(see
is a CSR and how do I generate one?
A CSR is a Certificate Signing Request.
It is a block of encoded data that is
generated by your Web server and contains
the necessary details about your domain
and organization. For instructions on
how to generate a CSR on your Web server
do I do if the enrollment form says my
CSR is invalid?
There are a number of common issues that would
cause the CSR to be invalid. When you created
the CSR you will have been asked for several
pieces of information.
• Check the common name field. You may
have specified an IP address (e.g. 22.214.171.124)
or a server name (e.g. myWebserver) instead of
a Fully Qualified Domain Name such as www.mydomain.com
or domain name such as mydomain.com. You must
specify a Fully Qualified Domain Name or domain
name to enroll for a RapidSSL certificate.
• Make sure you do not have any illegal
characters in any of the fields in the CSR. Illegal
characters include: ! @ # $ % ^ ( ) ~ ? > < & / \ , . " '
• Check the country field. If you are located
in the United Kingdom, do not specify your country
code when generating the CSR as "UK." It must
• Make sure you have included the header
and footer of the CSR into the enrollment form.
The header and footer look like:
----BEGIN CERTIFICATE REQUEST -----
-----END CERTIFICATE REQUEST------
Make sure that there are 5 dashes on each side of Begin and End certificate
request. There should also be no trailing spaces in the CSR.
is the enrollment process?
The enrollment process is online and immediate
and includes telephony based validation. You
must be near, or have access to, a telephone
or cell phone to complete the enrollment process
in one step, which takes about 5 minutes.
If you do not have access to a telephone when the enrollment is taking
place you can complete the telephony validation
at a later time. RapidSSL will send you an email
containing a link you will be able to process
at any time. It is very important that you do
not lose this email, doing so will delay the issuance of your certificate.
If you do lose your email please contact RapidSSL immediately.
Please note that until the telephony validation
is complete RapidSSL will not be able to issue
I am not based in the US or Europe, will
the Phone Authentication still work?
Yes, just remember to enter your current country
have not received any emails from RapidSSL.com
since enrolling, how should I proceed?
Please ensure that you have access to the email
address used in the application process. Also,
as RapidSSL sends unique URLs in the issued emails,
be sure that your mailserver has not separated
or quarantined the emails. They will be from
have not received the "Approval"
email from RapidSSL.com,
how should I
The Approval email will be sent to the authorized
domain name owner or administrative contact.
When you apply for your certificate, you'll
obtain the authorized domain contacts for your
domain name. You may then choose
to have the approval email sent to either the
authorized domain contact, or alternatively you
will be able to choose a generic domain contact
In order to receive the approval email, make
sure that you have set up the email addresses
you specify during the application process. If
you need to change the approver email address,
please contact RapidSSL.
do I install my certificate?
Please refer to the RapidSSL
installation pages of our support section.