1. What you should pay attention to when applying for an SSL certificate?

When applying for an SSL certificate, it is crucial to enter the domain accurately and provide relevant company information that matches the details provided in the CSR.

2. If I selected email validation during the application submission, can I change it to a different validation method?

Yes. Simply click on "Modify Validation Method" on the corresponding order application page.

3. How should I fill in the DNS validation record type?

For Sectigo: CNAME

For GeoTrust/Digicert/Symantec: @ or _dnsauth

4. What is telephone validation?

Telephone validation is a process where the CA contacts the applying organization to verify the authenticity of the certificate application and company information. Inconsistencies between the application information and telephone validation may result in delays or rejection of the certificate issuance.

5. Where can I obtain the SSL certificate after it is issued?

After the certificate is issued, we will send you the certificate files via email. Alternatively, you can log in to NicSRS console and download the certificate files for your application.

6. Do I need to merge the received certificates regardless of the type of server?

Yes. The server certificate should come first, followed by any intermediate certificate, and finally the root certificate.

7. Do I need to convert the certificate format after merging?

No conversion is needed for Apache and Nginx. After merging, you can directly install the certificate. However, for Tomcat and IIS, format conversion is required. You can use NicSRS SSL Converter.

8. When does the certificate come into effect? Can the issued certificate have a validity period longer than 365 days?

The validity period of the certificate starts counting from the day it is issued. Starting from September 1, 2020, all certificates are valid for one year. Different CAs may consider time zones or renewal issues and may provide a few additional days. (For example, Sectigo takes the time zones into consideration and issues certificates with a validity period of 366 days.)

9. If I lose the private key, do I need to reissue for the certificate?

Yes, if you lose or delete the private key, the certificate will need to be reissued. In a case like this, you can contact NicSRS, and we will assist you in reissuing for the certificate.

10. If I migrate or reinstall my server, do I need to reissue my SSL certificate?

No. Even if you have migrated servers, as long as you have the certificate key file and certificate file saved, simply reinstall the certificate to use it normally.

11. Can I continue to use the same certificate after renewing it?

No. SSL certificates are related to website security, so every renewal requires a new application, validation, issuance, and deployment process.

The above are the corresponding answers to the most frequently asked questions about SSL certificates. We hope they are helpful to you. If you have any other questions that haven't been addressed, please contact us for assistance.