Asia Pacific IT - Hong Kong Web Solutions
Hong Kong Sales: 817-00211   China Sales: 75533-329400   Worldwide Sales: +1 310-492-9682
Asia FREE Domain Name - Offshore Hosting in Hong Kong & Asia Pacific

Website Monitoring by WebSitePulse

  Home > Domain Names > Domain FAQs > RapidSSL



A Guide to RapidSSL Certificate

1. What is SSL?
The SSL protocol is the Web standard for encrypting communications between users and SSL (secure sockets layer) sites where Ecommerce or sensitive data is exchanged. Data sent via a SSL connection is protected by encryption, a mechanism that prevents eavesdropping and tampering with any transmitted data. SSL provides businesses and consumers with the confidence that private data sent to a Website, such as credit card numbers, will be kept confidential. Web server certificates (also known as secure server certificates or SSL certificates) are required to initialize an SSL session.

Customers can easily detect when they have a SSL session established with a Website because their browser displays the little gold padlock and the address bar begins with an “https” rather than “http.” SSL certificates can be used on Web servers for Internet security and mailservers such as imap, pop3 and smtp for mail collection / sending security.

2. What is a RapidSSL Certificate?
RapidSSL Certificates uniquely enable businesses to obtain low cost fully functional single root trusted SSL certificates.They are ideal for Websites conducting light levels of Ecommerce or sites that provide a secure login area. owns the root used to issue the certificates, making RapidSSL both stable and far easier to install than a chained root install certificate.

RapidSSL lowers the barrier of entry for companies that want single root SSL security by providing immediately issued certificates at the lowest cost available.

See a RapidSSL Certificate in action - click here for a Secured by RapidSSL test page.

3. What is a Single Root SSL Certificate?
When connecting to a Web server over SSL, the visitor's browser decides whether or not to trust the Website's SSL certificate based on which Certification Authority has issued the actual SSL certificate. To determine this, the browser looks at its list of trusted issuing authorities--represented by a collection of Trusted Root CA certificates added into the browser by the browser vendor (such as Microsoft and Netscape).

Most SSL certificates are issued by CAs who own and use their own Trusted Root CA certificates, such as those issued by GeoTrust and Since GeoTrust and are known to browser vendors as trusted issuing authorities, their Trusted Root CA certificate has already been added to all popular browsers. These SSL certificates are known as "single root" SSL certificates., a subsidiary of GeoTrust, owns the Equifax Secure eBusiness CA-1 root used to issue its certificates.

Some Certification Authorities, like Comodo, do not have a Trusted Root CA certificate present in browsers, therefore they need a "chained root" in order for their certificates to be trusted - essentially a CA with a Trusted Root CA certificate issues a "chained" certificate which "inherits" the browser recognition of the Trusted Root CA. These SSL certificates are known as "chained root" SSL certificates. Installations of chained root certificates are more complex and some Web servers are not compatible with chained root certificates.

For a Certification Authority to have its own Trusted Root CA certificate already present in browsers is a clear sign that they are long-time, stable and credible organizations who have established relationships with the browser vendors (such as Microsoft and Netscape) for the inclusion in their Trusted Root CA certificates. For this reason, such CAs are seen as being considerably more credible and stable than chained root certificate providers who do not have a direct relationship with the browser vendors.

Chained root certificates require additional effort to install as the Web server must also have the chained root installed. This is not necessary for single root certificates.

4. What browser versions are compatible with RapidSSL? certificates are compatible with IE 5.01+, Netscape 4.7+, Mozilla 1+, AOL 5+, Firefox, Safari and many newer Windows and Mac based browsers and are single root install certificates (they do not use chaining technology), meaning that they are compatible with SSLv2 and SSLv3. Single root certificates are also more widely accepted by Web servers with some Web servers not accepting chained root technology.

5. Why is Asia Pacific IT providing RapidSSL secure server certificates?
By providing RapidSSL certificates, Asia Pacific IT is lowering the barrier of entry for companies and Websites wishing to secure their low volume and low value online transactions and data with the lowest cost single root install certificates available.

6. How long are the SSL Certificates valid?
RapidSSL certificates are valid for 1 to 5 years.
FreeSSL certificates are valid for 30 days.

When your SSL certificate expires, Asia Pacific IT will automatically provide you with renewing instructions.

7. How long does it take to issue a SSL Certificate?
If you need a SSL certificate right away, you have options. If you can wait 3-5 days, you can get certificates from established vendors that use traditional validation methods. However, immediate issuance certificates use alternate validation methods. Please review our information on validation to familiarize yourself with standard methods and question your vendors when in doubt.

RapidSSL and FreeSSL are issued immediately.

8. Can I secure multiple subdomains with a single SSL Certificate?
A SSL certificate is issued to a fully qualified domain name (FQDN). This means that a SSL certificate issued to "" cannot be used on different subdomains, such as "".

9.What validation processes does use?
Trust hierarchy demands that entities "vouch" for each other. Companies that issue SSL certificates are in the business of establishing that entities on the Web are, in fact, who they claim to be. The potential for criminal activity on the Web (in relevance to SSL anyway), is in online "hijacking" of sites or connections to siphon encrypted data. Persons so inclined can easily "copy" Web site interfaces and pose as well known vendors, simply to collect data.

SSL certificates work to prevent hijacking by ensuring that is, in fact, ABC Co. In the “real world”, we use identification procedures like photo ids, telephone calls and papers of incorporation to know with whom we’re dealing. If products or services are defective, buyers can seek recourse. In the “online world”, companies wishing to use SSL certificates must prove to the Certificate Authority that they have the right to present themselves online as a particular company.

This verification is done through a variety of means in different SSL products. For simplicity’s sake, consider the method started and championed by Verisign, as the "traditional" model. The process involves certificate petitioners faxing in their articles of incorporation, and then waiting several days to be granted a certificate to do business online under that name. There is a fair amount of overhead related to this task, as these credentials are examined and reviewed, and full-service products in this arena can cost hundreds of dollars.

There are newer, lower-cost alternatives in which certificates are issued more quickly. These certificates verify that the certificate holder is the owner of that domain, ensuring customers that URL “owners” are who they claim to be.

There are also other validation options, like two-way, real-time telephony. Certificate applicants are required to provide telephone numbers, and certificate authorities call to verify basic information, which is yet another way to seek recourse in the event of problems.

As part of the provisioning process with RapidSSL, your business will be assigned a Unique Business Identifier — equivalent to a DUNS number. The Unique Business Identifier provides a corporate profile to your Internet users through information imbedded in your certificate. The business registration profile initially contains the basic self-reported information from your CSR — your Domain, Company Name, Division, Country, State and City. Your Unique Business Identifier will allow relying parties to view and purchase additional data about your company. With the Unique Business Identifier, industry-recognized domain control authentication, and two-factor telephony authentication, both of these products add further validation to forge the strongest real-time authentication process on the market today.

10.What is the warranty on my Certificate?
RapidSSL provides a $10,000 warranty on certificates. The warranty protects the end user if RapidSSL misuses a certificate.

It is worth noting that other SSL Providers use warranties as a means of adding perceived value to their offerings.They then, offer the same certificate with higher warranties and charge more for the certificate! RapidSSL wants to make it clear that warranty has not been collected on any SSL Certificate, ever. The inclusion of a $10,000 warranty on RapidSSL makes the lowest cost provider of highly trusted, fully warrantied SSL certificates.

11.I've submitted my order, how do I get my RapidSSL Certificate?

RapidSSL employs a two-level automated vetting process. You must complete both stages of the vetting process before your SSL certificate can be issued.

Stage 1: Telephone Authentication
As part of the enrollment process you will be prompted to complete the Telephone Authentication. This is where RapidSSL will place an automated call to your telephone number and ask you to enter a PIN they display on screen, so ensure you have access to a telephone when you enroll.

If you do not have access, or experience any difficulty in completing the Telephone Authentication during enrollment do not worry. RapidSSL will also send you an email specifying how you can attempt the process again. If you still have problems, please call RapidSSL technical support immediately at (720)-359-1590 or +44 870 4325190 and they will assist you in completing the process manually.

Stage 2: Approver Email
When you have successfully completed the Telephone Authentication, RapidSSL will send an Approver email to the designated Approver email address. You must select the Approver email address during enrollment. Your Approver email address would either be:

The email address associated with your WHOIS contact (if you are unsure you can check this address by searching the WHOIS database at, or a generic email address such as:

Unless the Approver receives this email and approves the application by clicking on the link within the email, your certificate cannot be issued. If you are the administrator of the Approver email address please check any spam filters and virus protection folders in case the email has been quarantined.

If you experience any difficulties, contact RapidSSL technical support team at:

In the US: US
600 17th Street, Suite 2800 South
Denver, Colorado, USA 80202
Tel: 720 359 1590
Fax: 720 528 8160
Office hours: 1 AM to 9 PM EST
In Europe: Europe
155 Regents Park Road
London, England, NW18BB
Tel: +44 870 4325190
Fax: +44 870 4325191
Office hours: 6 AM to 2 PM

12.What do I need to enroll for an SSL Certificate for my Web server?
You need the following:

• A Web server that is capable of running SSL
• Access to the SSL configuration functions of your Web server (you may need to speak to your Web host if you cannot readily identify where these functions are)
• A Certificate Signing Request (CSR)|(see below)

13.What is a CSR and how do I generate one?
A CSR is a Certificate Signing Request. It is a block of encoded data that is generated by your Web server and contains the necessary details about your domain and organization. For instructions on how to generate a CSR on your Web server click here.

14. What do I do if the enrollment form says my CSR is invalid?

There are a number of common issues that would cause the CSR to be invalid. When you created the CSR you will have been asked for several pieces of information.

• Check the common name field. You may have specified an IP address (e.g. or a server name (e.g. myWebserver) instead of a Fully Qualified Domain Name such as or domain name such as You must specify a Fully Qualified Domain Name or domain name to enroll for a RapidSSL certificate.

• Make sure you do not have any illegal characters in any of the fields in the CSR. Illegal characters include: ! @ # $ % ^ ( ) ~ ? > < & / \ , . " '

• Check the country field. If you are located in the United Kingdom, do not specify your country code when generating the CSR as "UK." It must be "GB".

• Make sure you have included the header and footer of the CSR into the enrollment form. The header and footer look like:

encoded data

Make sure that there are 5 dashes on each side of Begin and End certificate request. There should also be no trailing spaces in the CSR.

15. What is the enrollment process?
The enrollment process is online and immediate and includes telephony based validation. You must be near, or have access to, a telephone or cell phone to complete the enrollment process in one step, which takes about 5 minutes.

If you do not have access to a telephone when the enrollment is taking place you can complete the telephony validation at a later time. RapidSSL will send you an email containing a link you will be able to process at any time. It is very important that you do not lose this email, doing so will delay the issuance of your certificate. If you do lose your email please contact RapidSSL immediately. Please note that until the telephony validation is complete RapidSSL will not be able to issue your certificate.

16. I am not based in the US or Europe, will the Phone Authentication still work?
Yes, just remember to enter your current country code.

17. I have not received any emails from since enrolling, how should I proceed?
Please ensure that you have access to the email address used in the application process. Also, as RapidSSL sends unique URLs in the issued emails, be sure that your mailserver has not separated or quarantined the emails. They will be from

18. I have not received the "Approval" email from, how should I proceed?
The Approval email will be sent to the authorized domain name owner or administrative contact. When you apply for your certificate, you'll obtain the authorized domain contacts for your domain name. You may then choose to have the approval email sent to either the authorized domain contact, or alternatively you will be able to choose a generic domain contact such as:

In order to receive the approval email, make sure that you have set up the email addresses you specify during the application process. If you need to change the approver email address, please contact RapidSSL.

19.How do I install my certificate?
Please refer to the RapidSSL installation pages of our support section.

Web Design
Web Hosting
Telecom Solutions


Information Centre


Account Manager

   © 2004-2012 Asia Pacific IT. All rights reserved. Terms and Conditions | Legal

.Asia Domain Registration

Servers in Hong Kong, Malaysia, Singapore, Asia Pacific

Get 5 GB of full featured Online Backup for free. Features include 
Automatic Backup, True Archiving, Versioning, Continuous Backup, 
Mapped Drive Backup and more.