Email Hosting Plans
Small Office Home Office Hosting Plans
Small Business Hosting Plans
Ecommerce Hosting Plans

Free domain parking with ever domain name registration or transfer.

Get a GeoTrust QuickSSL Digital Certificate for only $129.00.

Add EasyChatLive to your website. Available with all Web hosting plans.

Free Advanced Template Gallery with selected Web hosting plans

Vote for us in the Web Hosting Directory

Credit Card Processing

We're a preferred vendor in the New York Web Hosting section of Marketingtool.com.

This site is Web Related.

No-Nonsense Hosting is a service brought to you by Nolan Interactive, Ltd.
All major credit cards accepted.

Best Web Hosting

Resource Planet

SSL Frequently Asked Questions

Secure Socket Layer (SSL)

Web Hosting FAQ

Return to EcommerceReturn to the main Web Hosting FAQ page.

How to OrderNo-Nonsense Hosting Digital SSL Certificates.

Secure Socket Layer (SSL)

What is SSL?

The SSL (secure socket layer) protocol is the web standard for encrypting communications between users and web sites. Data sent via an SSL connection is protected by encryption, a mechanism that prevents eavesdropping and tampering with any transmitted data. SSL provides businesses and consumers with the confidence that private data sent to a web site, such as credit card numbers, are kept confidential. Web server certificates are required to initialize an SSL session.

Top of pageBack to Top

What is QuickSSL?

QuickSSL is a web server certificate that allows consumers and web sites to conduct safe e-commerce with encrypted SSL connections. QuickSSL web server certificates are compatible with 99% of all browsers.

Historically, most SSL certificates can cost $250 or more, Quick SSL relies on GeoTrust’s fully automated systems to verify that a certificate purchaser has appropriate administrative rights to a web server's domain – all within ten minutes. With QuickSSL, you can assure your customers that their transactions and information are secure on the Internet without having to pay an unreasonable price.

Top of pageBack to Top

What is the difference between QuickSSL and QuickSSL Premium?

QuickSSL Premium comes with all the features and benefits of QuickSSL, but also includes the QuickSSL Premium smart seal with dynamic date/time stamp. The smart seal is dynamically generated by GeoTrust and ensures that GeoTrust has authenticated the domain. Visitors to your site will also be able to click on the smart seal to verify that your certificate is still valid with GeoTrust, giving your customers and extra piece of mind.

Top of pageBack to Top

What is True BusinessID?

True BusinessID provides a simple way for your customers to view your validated organization information via a trusted third party. True BusinessID will increase transactions and revenue by giving your customers the confidence and assurance to trust the identity of your web site. The result- a substantial increase in consumer confidence regarding your web site information, services, and/or products. Even if you don't have a web site brand name, True BusinessID will let your customers know you are legitimate.

Top of pageBack to Top

How does a server certificate work?

The end-user's browser requests a secure channel (via "https:") from the server, and then - if the server has a cert - the browser and the server negotiate their highest common encryption strength (e.g., 128-bits), and then exchange the corresponding encryption keys (this exchange is normally done using 1024-bit encryption strength).

The 128-bit encryption key is then used for this particular instance of SSL, for all from-to exchanges between the browser and the server. The next https session will have a new session key. The certificate guarantees the security of the connection between the browser and the server. Once data is in the server, it is up to the server admin to make sure the data remains protected.

Top of pageBack to Top

What is a Dun and Bradstreet Number (DUNS)?

DUNS stands for "Data Universal Numbering System." It is a unique nine-digit numbering system that is used to identify a business. To find your DUNS number, please go to http://smallbusiness.dnb.com.

If you do not have a DUNS number, you can get one for free by either calling toll free 1-800-333-0505 or registering online at: http://www.dnb.com/eupdate/dunsform/.

If you complete the online DUNS application, it takes approximately one week before the information is reflected in the Dun and Bradstreet web site. You can usually get your DUNS number faster if you call the toll free number.

Top of pageBack to Top

Which Web browsers and e-mail programs are compatible with GeoTrust certificates?

GeoTrust certificates are compatible with 99% of all web browsers including:

Web Browsers (SSL enabled)

  • Microsoft IE 5.01+
  • Netscape Communicator 4.7+
  • Mozilla 1.0+
  • AOL 5+
  • Opera 7+
  • Apple Safari 1.0+
  • Red Hat Linux Konqeror

Email Clients (S/Mime)

  • Microsoft Outlook 99+
  • Netscape Communicator 4.51+
  • Mozilla 1.0+
  • Qualcomm Eudora 6.2+

Application Clients and Servers

  • Sun J2SE 1.4.2_02
  • Sun J2EE 1.4.2_02
  • IBM Web Sphere Micro Environment (WME)
  • IBM Web Sphere Custom Environment (WCE)

Top of pageBack to Top

What is browser ubiquity or browser recognition?

Browser ubiquity is the term used in the industry to describe the estimated percentage of Internet users that will inherently trust an SSL certificate. The lower the browser ubiquity, the less people will trust your certificate - clearly, if you are operating a commercial site you require as many people as possible to trust your SSL certificate. As a general rule, any SSL certificate with over 95% browser ubiquity is acceptable for a commercial site.

Ubiquity is however not the only consideration in deciding whether one SSL certificate is better than another. Businesses that need to maximize customer confidence buy certificates from well known, long time security vendors e.g. GeoTrust who is WebTrust compliant.

Top of pageBack to Top

What is the encryption strength of GeoTrust certificates?

All GeoTrust certificates are 128-bit. For each and every session, the server and browser negotiate and choose the highest common encryption strength between them. So if a 40-bit browser user hits your SSL-secured site, the resulting connection will automatically become a 40-bit strength encryption.

GeoTrust recommends that end-user Subscribers select the 1024-bit encryption strength or the equivalent descriptor option when generating their certificate requests. When the certificate's key length is 1024 or longer, the SSL session key will be 128 bit. If the certificate key length is 512, the SSL session key will be 40 bit or 56 bit.

If you are running Windows, see Microsoft's bulletin Q300398: "You install a 128-bit high encryption certificate onto Internet Information Server (IIS) version 4.0 or 5.0, then browse with a 128-bit enabled Web browser to IIS by using https://. However, the Web browser only makes a 40-bit or 56-bit Secure Sockets Layer (SSL) session with IIS (size 7927 bytes, updated 6/13/2001 12:54:00 PM GMT)"

Top of pageBack to Top

Why are static IP addresses required for the certificate to work?

You need to have a separate IP address for each domain you want to secure. The reason for this is because a certificate is bound only to a domain name but, the SSL protocol is bound to static IP addresses; therefore, any certificate-enabled web site must have its own unique IP address. The IP can be real (routable) or internal (RFC 1918 non-routable address) but, it must be unique on a server.

Top of pageBack to Top

How to I move a certificate from one ISP to another ISP?

You may be able to move your certificate from one ISP to another. Per our certificate licensing agreement, you must purchase a new certificate if you plan on continuing to use the certificate on its current location. Otherwise, it largely depends on the server compatibility and the willingness of your current ISP to assist you.

Your current ISP will need to export your key pair file from the server hosting your web site. Once you have the complete key pair file, you can provide it to your new ISP to import on their server. If your current ISP will not provide you with the key pair file, you will need to purchase a new certificate to use with your new ISP.

If you have to purchase another certificate, please let us know and we will expedite the processing of the new request. In addition, you will not have to resubmit your business documentation as long as nothing has changed.

Note: Please be aware that if the two ISP's are running different server types, you may not be able to import the key pair file due to server compatibility issues. If this happens, a new certificate will have to be purchased.

Top of pageBack to Top

What type of Web Servers does GeoTrust support?

GeoTrust supports all current releases of commercial and freeware web servers supporting SSL v.3. Supported servers include:

  • Apache + MOD SSL
  • Apache + Raven
  • Apache + Raven 1.5x
  • Apache + SSLeay
  • C2Net Stronghold
  • Cobalt RaQ3/RaQ4 "Main Site"
  • Cobalt RaQ3 "Virtual Site"
  • Cobalt RaQ4 "Virtual Site"
  • IBM HTTP
  • iPlanet Enterprise Server 4.1
  • Lotus Domino Go 4.6.2.6 and higher
  • Lotus Domino 4.6 and higher
  • Microsoft Internet Information Server 4.0
  • Microsoft Internet Information Server 5.0
  • Microsoft Internet Information Server 6.0
  • Netscape Enterprise/Fast Track
  • O'Reilly Web Site Professional 2.X
  • Stronghold 3
  • WebSTAR 4.0 and higher
  • Zeus Web Server v3

Top of pageBack to Top

What is a Single Root SSL Certificate?

When connecting to a web server over SSL, the visitor's browser decides whether or not to trust the web site's SSL certificate based on which Certification Authority has issued the actual SSL certificate. To determine this, the browser looks at its list of trusted issuing authorities - represented by a collection of Trusted Root CA certificates added into the browser by the browser vendor (such as Microsoft and Netscape.)

Most SSL certificates are issued by CA's who own and use their own Trusted Root CA certificates, such as those issued by GeoTrust. As GeoTrust is known to browser vendors as a trusted issuing authority, its Trusted Root CA certificate has already been added to all popular browsers, and hence is already trusted. These SSL certificates are known as "single root" SSL certificates. GeoTrust owns the Equifax Secure eBusiness CA-1 root used to issue its certificates.

Some Certification Authorities, like Comodo, do not have a Trusted Root CA certificate present in browsers, therefore they need a "chained root" in order for their certificates to be trusted - essentially a CA with a Trusted Root CA certificate issues a "chained" certificate which "inherits" the browser recognition of the Trusted Root CA. These SSL certificates are known as "chained root" SSL certificates.

Installation of chained root certificates are more complex and some web servers are not compatible with chained root certificates.

For a Certification Authority to have its own Trusted Root CA certificate already present in browsers is a clear sign that they are long-time, stable and credible organizations who have long term relationships with the browser vendors (such as Microsoft and Netscape) for the inclusion of their Trusted Root CA certificates. For this reason, such CA's are seen as being considerably more credible and stable than chained root certificate providers who do not have a direct relationship with the browser vendors.

You can view the Certification Authorities who have their own root certificates by viewing the list in your browser.

Top of pageBack to Top

Can I see which Certification Authorities have their own Trusted CA root present in browsers?

Yes. Your browser contains a Trusted CA root certificate store. You can access this by opening Internet Explorer, then go to Tools, select Internet Options, select the Content tab, click Certificates, select the Trusted Root Certification Authorities tab. You will then see a dialog box presenting a list of all Certification Authorities who own their own Trusted CA roots (you can examine the root certificate by double clicking it):

Sample of Trusted Root certificate store in Windows

GeoTrust owns the Equifax root (Equifax Digital Certificate services became GeoTrust in 2001.)

Top of pageBack to Top

What validation process do SSL certificates use?

Companies that issue digital certificates such as GeoTrust provide consumers with confidence that the companies they secure are who they claim to be.

With physical companies, identification documents like photo ids and papers of incorporation are used to tell consumers who they are so if their products or services are defective, buyers can seek recourse. Online companies rely on digital certificates to promote their legitimacy and to protect their customer's information. To apply for a digital certificate they must prove to the certificate authority (in this case GeoTrust) that they have the credentials to present themselves as who they are online.

There are different levels of documentation which a corporation will need to provide depending on the type of certificate they wish to purchase—from proof of domain ownership to letters of incorporation.

Customers wishing to purchase QuickSSL certificates need to prove that they are the owner of that domain. This tells online visitors that the URL "owners" are who they claim to be. This form of validation is a quicker, lower cost alternative to the True Business validation model.

Customers wishing to purchase True BusinessID and True Business Wildcard certificates must fax in their articles of incorporation or provide a DUNS number as part of the provisioning process. They will then be assigned a ChoicePoint Unique Identifier (CUI)—equivalent to a DUNS number. The CUI adds a corporate profile to the information embedded in the digital certificate which can be viewed by your visitors.

Top of pageBack to Top

What is a Certification Authority (CA)?

Not just anybody can issue trusted SSL Certificates. If they could then there would be no trust in SSL - and it could no longer be used commercially. Instead only Certification Authorities, or CA's as they are commonly known, can issue trusted SSL Certificates.

CA's have generally invested in establishing the technology, support, legal and commercial infrastructures associated with providing SSL certificates. Even though CA's are essentially self-regulated, the nearest to a regulatory body is the WebTrust compliancy program operated by AICPA/CICA. The majority of CA's comply to the WebTrust principles, however some CA's do not have WebTrust compliance.

Those CA's who are WebTrust compliant display the WebTrust Seal, as seen below.

Sample WebTrust Seal

The WebTrust Seal of assurance for Certification Authorities symbolizes to potential relying parties [e.g. to the end customer] that a qualified practitioner has evaluated the CA's business practices and controls to determine whether they are in conformity with the AICPA/CICA WebTrust for Certification Authorities Principles and Criteria.

An unqualified opinion from the practitioner indicates that such principles are being followed in conformity with the WebTrust for Certification Authorities Criteria. These principles and criteria reflect fundamental standards for the establishment and on-going operation of a Certification Authority organization or function.

Top of pageBack to Top

Web Hosting Plans  |  Ecommerce  |  SSL Certificates  | Web Site Tools  |  FAQ  |  Support
Compare Hosting Plans  |  Home Page  |  About Us  |  Legal Stuff  |  Contact Us  |  Whois Search

Trademark noticeNo-Nonsense Hosting™ is a service provided by, and a trademark of, Nolan Interactive, Ltd.