There have been some significant changes to the SSL certificates supplied via ServerTastic. The most important point to make is that these changes do not affect any certificates already issued and installed.

SSL invite URLs
All invite URLs issued from today now have a validity of 365 days from purchase. This means you must use the invite URL to generate your SSL certificate within 365 days of placing your order. This also applies to bulk purchases. Failure to use the invite URL within 365 days will result in the invite expiring and becoming invalid. No refunds or replacements will be issued for expired invite URLs.

Geotrust certificates now use intermediate
Geotrust certificates such as the QuickSSL Premium used to be issued from a root CA certificate. This meant that when installing your certificate there was no additional "CA Bundle" to install. However Geotrust certificates issued from today will require an intermediate certificate. This intermediate certificate will be supplied with your certificate during purchase.

The installation process may have changed slightly depending on the certificate and server OS. Please make sure you read the fulfilment email completely before commencing installation.

2048Bit minimum key size
From 2013 all SSL certificates must have a minimum 2048bit key size. Therefore if you order a certificate that extends beyond this then the CSR must be generated with a key size of at least 2048bit. You can order certificates using a smaller key size that expire before this date however you will receive a warning during the order process.

Root migration
Many SSL certificates are being migrated to alternative root certificates with a minimum 2048bit key size. This does not affect any existing SSL certificates. However re-issues and new certificates will be issued from the new root. There is no action required by customers during the root migration.

PKCS7 downloads
Certificates can now be downloaded as PKCS7 (which will include the intermediate CA) from the SSL control panel. 

Plesk/Apache bundle downloads
Certificates can now be downloaded as Plesk/Apache bundles from the SSL control panel. 

RapidSSL Certificates
RapidSSL and RapidSSL wildcard certificates will continue to be issued from a root certificate until 23 September 2010. 

Questions
If you have any questions/concerns about these changes please let us know in the comments or contact us. 

Please give it a try and let us know your comments. (You can also provide feedback via FaceBook, Twitter and LinkedIn).

Last month the approver email address options for domain validated SSL certificates were restricted. This was due to a number of security problems which arose. (Someone was able to register the ssladmin@ account at a number of webmail accounts).

This prompted a review of the email addresses available to select for domain approval. This affects RapidSSL, QuickSSL Premium and SSL123 products.

The following email addresses can be used for domain approval:

• admin@
• administrator@
• hostmaster@
• root@
• webmaster@
• postmaster@
• The current whois admin contact
• The current whois technical contact

You must have access to one of these email accounts on the SSL domain to be able to receive the SSL certificate.

When you purchase an SSL Certificate such as RapidSSL, QuickSSL Premium or SSL123 you have to complete an approver email process. 

During the second half of 2010 VeriSign, Thawte, Geotrust and RapidSSL certificates will transition to use a 2048-bit root.

The latest update to the SSL order system means that RapidSSL and Geotrust certificates now automatically secure the WWW and non-WWW domain in a single certificate.

Over the last few months there has been a steady increase in support requests about re-issuing RapidSSL certificates and insurance.

RapidSSL certificates without insurance can be re-issued an unlimited number of times for the first 7 days after the certificate has been issued. This is not the day it was purchased from ServerTastic but the issuance date stated within the certificate.

This 7 day period is provided in case you have problems with installation and need to re-issue the certificate.

After these 7 days have passed it is not possible to re-issue the certificate unless you have insurance. If it is day 8 and you need to re-issue the certificate then sorry but you can't!

It is therefore important that if you are having installation problems during the first week that you seek assistance. If it is coming to the end of the first 7 days and you have not yet got the installation completed contact us and we can cancel the order and you can then start again. We are only able to cancel orders without charge within the first 7 days.

If you purchased your certificate without insurance it is possible to purchase re-issuance insurance directly from RapidSSL at a later date but this will cost more than purchasing a new RapidSSL from ServerTastic.

If you purchase your certificate with insurance then you can re-issue the certificate as many times as you want for the life of the certificate. You do not have to worry about server crashes, corruption or having to move server.

So it is important to note the following points when purchasing your certificate without insurance:

Customers purchasing their RapidSSL, Geotrust, thawte or Verisign SSL certificate from ServerTastic are now able to manage their SSL certificate orders and perform the following actions: