There have been some significant changes to the SSL certificates supplied via ServerTastic. The most important point to make is that these changes do not affect any certificates already issued and installed.

SSL invite URLs
All invite URLs issued from today now have a validity of 365 days from purchase. This means you must use the invite URL to generate your SSL certificate within 365 days of placing your order. This also applies to bulk purchases. Failure to use the invite URL within 365 days will result in the invite expiring and becoming invalid. No refunds or replacements will be issued for expired invite URLs.

Geotrust certificates now use intermediate
Geotrust certificates such as the QuickSSL Premium used to be issued from a root CA certificate. This meant that when installing your certificate there was no additional "CA Bundle" to install. However Geotrust certificates issued from today will require an intermediate certificate. This intermediate certificate will be supplied with your certificate during purchase.

The installation process may have changed slightly depending on the certificate and server OS. Please make sure you read the fulfilment email completely before commencing installation.

2048Bit minimum key size
From 2013 all SSL certificates must have a minimum 2048bit key size. Therefore if you order a certificate that extends beyond this then the CSR must be generated with a key size of at least 2048bit. You can order certificates using a smaller key size that expire before this date however you will receive a warning during the order process.

Root migration
Many SSL certificates are being migrated to alternative root certificates with a minimum 2048bit key size. This does not affect any existing SSL certificates. However re-issues and new certificates will be issued from the new root. There is no action required by customers during the root migration.

PKCS7 downloads
Certificates can now be downloaded as PKCS7 (which will include the intermediate CA) from the SSL control panel. 

Plesk/Apache bundle downloads
Certificates can now be downloaded as Plesk/Apache bundles from the SSL control panel. 

RapidSSL Certificates
RapidSSL and RapidSSL wildcard certificates will continue to be issued from a root certificate until 23 September 2010. 

Questions
If you have any questions/concerns about these changes please let us know in the comments or contact us. 

Last month the approver email address options for domain validated SSL certificates were restricted. This was due to a number of security problems which arose. (Someone was able to register the ssladmin@ account at a number of webmail accounts).

This prompted a review of the email addresses available to select for domain approval. This affects RapidSSL, QuickSSL Premium and SSL123 products.

The following email addresses can be used for domain approval:

• admin@
• administrator@
• hostmaster@
• root@
• webmaster@
• postmaster@
• The current whois admin contact
• The current whois technical contact

You must have access to one of these email accounts on the SSL domain to be able to receive the SSL certificate.

When you purchase an SSL Certificate such as RapidSSL, QuickSSL Premium or SSL123 you have to complete an approver email process. 

The latest update to the SSL order system means that RapidSSL and Geotrust certificates now automatically secure the WWW and non-WWW domain in a single certificate.

The QuickSSL Premium SSL certificate from Geotrust can now be used to secure both the www and the non-www part of a domain with just a single certificate.

NOTE: This has now changed. The QuickSSL Premium now automatically secures the www and non-www portion of the SSL domain. You do not need to follow the instructions any further.

In fact the certificate can secure the main domain and up to 3 sub-domains. Those of you with an understanding of SSL certificates will see that this is done by providing 3 SANs within the SSL certificate.

If that wasn't good news on it's own the even better news is that this does not cost any extra with ServerTastic.

But there is some bad news. To enable this on the certificate is a little bit fiddley. I will do my best to describe how to do it (we hope to make this much easier in the future).

Just one other point before we continue this can not be applied to certificates already issued but you can use this with any QuickSSL Premium invites you have not yet used.

When you order a QuickSSL Premium certificate from ServerTastic you will get an enrolment URL sent to you via email like the one below

Do not click on the URL. Instead copy and paste this into your browsers address bar. Then you must add &SAN=True onto the end of the URL as per the example below.

Hit enter and you will then be taken to the QuickSSL Premium enrolment screen. The second page of this process is where you would paste your CSR. But you should also see some additional options at the bottom of the page were you can enter up to 3 domains

Firstly you should completely ignore the Microsoft Small Business Server 2003 text. This is now redundant and we are trying to get this changed.

In the 3 boxes Domain 1, Domain 2 and Domain 3 you can enter the domains you want to secure with this certificate. They must however be part of the main domain.

Here are some examples

CSR: www. servertastic.com
Domain 1: servertastic.com
Domain 2: checkout.servertastic.com
Domain 3: support.servertastic.com

 

CSR: servertastic.com
Domain 1: www. servertastic.com
Domain 2: checkout.servertastic.com
Domain 3: support.servertastic.com

As you can see you can either include the www element of your domain in the CSR or as one of the extra domains.

The QuickSSL Premium certificate is available at ServerTastic from just $55.00 a year.

Be sure to leave your questions or comments below if you have any!

One of our most popular certificates is the QuickSSL Premium.