The knowledge base of SSL-certificates, articles and answers to common questions
You ask — we answer!
Wildcard EV-certificates: which options exist?
EV certificate – a great way to protect your website from theft of user data. Many online stores use these certificates to gain a high level of trust from their clients. After all, these certificates help to achieve a green line in the browser, which clearly indicates the highest level of security.
Today, many website owners are willing to buy a Wildcard EV certificate which protects an unlimited number of subdomains with a green line in the browser, but it is worth remembering that such SSL certificates do not exist. Let’s look at the reasons why this happens, and what the alternatives are.
Why don’t Wildcard EV certificates exist?
EV certificates provide the highest level of trust among all types of SSL certificates. To prevent incorrect use of EV SSL certificates, SSL industry regulator, responsible for setting the rules for the SSL certificate issuance (known as the CA/B Forum), requires validation of each host associated with a certificate. For this reason buying a Wildcard EV-certificate is not possible because “wildcard” type of certificates, by definition, implies an unlimited number of subdomains contained by an asterisk (eg, * .domain.com) and are not listed explicitly.
In practice, for the protection of subdomains using EV certificate, you can do the following:
- Buy several separate EV SSL-certificates.
This option is ideal if you have only a couple of sub-domains that you want to protect. In this case you can issue single EV-certificates for each of them. The disadvantage of this option is that you will most likely (depending on where you make the order) enter the necessary data separately for each certificate. It is not always convenient for the users. You can order the EV certificate on the Fast SSL website.
- Buy EV multi-domain certificate.
This option is more convenient, because the multi-domain certificate covers a sufficiently large number of domains (including subdomains). It is very profitable to buy this when you have many domains/sub-domains that you want to protect with the certificate. The more domain names you add, the more efficient the multi-domain certificate becomes, compared with the standard EV certificate. In addition, the user can submit only one request for a certificate, containing all the domain names at once, and this is a good time-saver.
Additional domain names can be added to the certificate even after it has been issued. This is extremely convenient if one of your domain names is still unknown. You can order the EV multi-domain certificate on the Fast SSL website.
Another advantage of the multi-domain certificate before separate EV certificates is ease of administration. It is much easier to manage a single Multi-domain certificate than managing many individual certificates. Also, multi-domain certificates can save money (more sites, more savings). For these reasons website owners are increasingly looking to buying multi-domain EV certificates. You can always order an EV multi-domain certificate with a good discount on the Fast SSL site.
Order SSL-certificate for FATCA and the IRS
FATCA (Foreign Account Tax Compliance Act) is a US law that regulates the taxation of foreign accounts. The main purpose of the law is to prevent tax evasion by US citizens who live outside the United States. All banks and other financial institutions are obliged to transmit to the US Internal Revenue Service (IRS) via FATCA all data on their foreign customers (their account numbers, amount of cash and the turnover on the accounts).
The transfer of customer data to the IRS is done through a special web application called IDES (International Data Exchange Service), created to protect transmitted information. The application works in all modern browsers.
To access the IDES environment, you have to register on the official IDES site. Users must enter a valid GIIN and provide a certificate for registration. On the Enrollment tab, you can also find a link to a web application IDES Gateway, which allows financial institutions to download and upload FATCA data for HTTPS and SFTP.
The registration process in the IDES consists of the following steps:
1.Go to the site https://www.ides-support.com.
2.Go to the tab Enrollment.
3.Click on the link «Begin Enrollment» to register administrator (the name of the user first time registered in the IDES will always be an administrator). As an institution, you can choose the HCTA (the tax authority of the host country) or FI (financial institution).
5.In the field HCTA Username enter your user name assigned to the IRS.
7.Affirms information and check the data GIIN, Financial Institution / HCTA and Country.
8.Click Next and set control questions and answers
9.Create a user profile
10.Set up notification
11.Upload the SSL-certificate, which must be in DER or PEM format.
A similar process is required to create an administrator FI.
What FI and HCTA admins can do:
- •Add users
- •Delete users
- •Update certificate
- •Download a public key IRS
- •Reset passwords
- •Create files with metadata
Transfer FATCA report to IRS
IDES supports data transfer only in zip-archives. Usually archives contain 3 or 4 files. First, all data is transferred from the financial institution to the tax authority. Second, the tax authority receives the files and approves or rejects the transfer to the IRS. The tax authority cannot make any changes to these files. Transferring files occurs either via a web-based application (IDES Gateway), or through an SFTP-server. For more information, you can read the official guide.
To send reports to FATCA IRS, you must order a special SSL-certificate that is trusted by the IRS. LeaderTelecom offers the following SSL-certificates, which have been authorised by the IRS:
- Comodo EV SSL
- Thawte SSL Web Server
- DigiCert Secure Site
- GlobalSign OrganizationSSL
You can always use these certificates to send the finalised report to the US Internal Revenue Service.
The difference between OV and EV SSL-certificates
Nowadays, SSL-certificates are an essential requisite for e-commerce. It is difficult to imagine that a credible business site would not be secure. Users simply will not enter confidential information on sites, even if they need to make a purchase. For this reason, the owner of any credible online business should be considering an SSL-certificate from a proven company. There is however, one question that needs to be considered first: what type of certificate is best to choose – OV or EV? What is the difference between these two SSL certificates?
OV-certificate (Organisation Validation) is a certificate that confirms the existence of the organisation. To get an OV certificate, the company must complete the validation process. During validation, the certification centre must ensure legal (reference to the state resource) and physical (reference to the trusted online catalogue) existence of the company. As a result, if the site is protected by an OV-certificate, the visitors will see a lock in the browser’s address bar, which ensures that the site is protected from hackers.
Example of an OV certificate:
EV-certificate (Extended Validation). This is the most trusted and secure solution that is actively used by the world’s leading online businesses. This certificate displays a green browser bar guaranteeing security and reliability. Also, EV-certified websites display the company name in the browser address bar, as shown in the screenshot below. Visitors can easily see that you are a legitimate organisation. Getting an EV certificate is not much more complicated than getting an OV certificate, but it is a lot more trusted and secure. EV-certificates provide users with the confidence that your website is secure and this increased trust helps boost sales.
Example of an EV-certificate:
- EV-certificates include a visual signal (green bar in the browser), which is a sign of credibility even for the most inexperienced user
- EV-certificates include the name of the company (displayed in the browser’s address bar) and some additional information about it
- EV-Certificates are not much more expensive than the OV-certificates, but have more benefits
- EV-certificates are used by most large organisations worldwide
If you are thinking of getting an EV certificate but think that the validation process is too complicated or too long, then look no further! Allow our professionals at Fast SSL to do this work for you. Our knowledge, experience and streamlined processes will help you easily acquire an EV certificate.
The difference between DV and OV certificates
We know that the SSL-certificates can be divided into three types: DV, OV and EV. In this article, we will focus on the first two types of certificates, DV and OV. We will explain how they differ and when you should choose DV over OV.
DV-certificates (Domain Validation). This is the most basic level of SSL validation. The Certification Authority (CA) only ensure that you are the owner of a specific domain using the information contained in the WHOIS. Naturally, this type of certificate enables secure data encryption on your site, but it does not verify that you are the owner of a legitimate business. It is legitimate, and, most importantly, it is a very quick solution to protect your site using HTTPS. Customers seeing the padlock in your browser will have more trust in your site than before, because the padlock is a recognised sign of legitimacy.
Example of a DV certificate:
A DV certificate is fine where security is not a concern: however, attackers can also use DV-certificates on phishing sites. Unsuspecting users see the trusted pad lock and enter their personal data on the site which can then fall into the hands of fraudsters. The fact that the data channel is secured does not necessarily mean that the data will go to the right people. A user needs to be sure that the site belongs to a legitimate company if they are to make a purchase or input important information.
For this reason, if security is a necessity for your site, we recommend an OV-certificate.
OV-certificates (Organisation Validation) are required for companies and organisations where users must enter sensitive information (credit card numbers, contact information, etc.).In particular, they are useful for e-commerce sites or online sales. An OV-certificate authenticates the owner of the site and requires legitimate business information for that company. The validation process for these certificates is longer and more detailed. The Certification Authority not only verifies the fact that you own the domain, but also the fact that you are the owner of the company. The company must be in a business registry database and in a trusted online directory (for example, dnb.com). Fraudsters cannot get an OV certificate because their organisation cannot be validated. The main advantage of getting an OV-certificate is that your company will be listed on the certificate.
Example of an OV-certificate:
You should think about switching from a DV-certificate to an OV-certificate, if:
- You need to protect sensitive user data
- You want to display your company name on a certificate (provides more trust amongst users)
- You are planning to expand the business and grow it to a new level
- You want people to know that the site is a legitimate organisation, and not a phishing site
If you want to switch from a DV-certificate to an OV-certificate, be sure to contact our experts at Fast SSL. Our knowledge, experience and streamlined process for dealing with the CAs will make issuing an OV-certificate easy and convenient.
Best practices for securing web sites for banks
Banks, credit organisations, as well as many other financial institutions very often become a target for a variety of malicious attacks, including phishing used to steal personal information of customers. Phishing is a type of online fraud that aims to obtain confidential user information (logins, passwords, credit card data, etc.). In recent years, given the rampant growth of phishing methods and social engineering, security has become a major factor to be taken into consideration in online business management. Fraudsters are becoming smarter every day, creating fake pages of banks and credit institutions, which are very difficult to distinguish from the genuine sites.
To ensure your customers are not affected by these malicious acts, you should definitely commit to purchasing EV SSL-certificate. The owners of phishing sites will not be able to obtain an EV certificate, because they have no connections to the official bank. For this type of certificate an extended review of your organisation’s data is required to gain authentication.
If the site is protected by an EV SSL-certificate, the browser address bar is highlighted in green. This is the easiest way to tell the client that the Web site has passed strict authentication (“extended validation”), which is required for the issue of EV-certificate.
Accordingly, your customers will know that you are who you say you are and not an attacker preying on gullible users.
Examples of banks, which already used an EV certificate:
Why you should buy an EV certificate from Fast SSL?
The reasons are simple:
- Display name of the bank in your browser’s address bar. Only an EV SSL-certificate allows you to view the name of the bank in the browser’s address bar, which is an important confidence signal for users. If you protect your site by using an EV-certificate, you will be able to increase your sales – people will trust you!
- Fast SSL – a global company. We provide all the necessary documents for accounting. All prices listed on our website already include VAT. We accept a variety of payment methods, including electronic currencies.
- We offer certificates required by FATCA. To transmit reports to the IRS by FATCA requires a special trusted SSL certificate. Fast SSL offer SSL-certificates Thawte SSL Web Server and Symantec Secure Site, which are both authorised by the IRS.
- We are trusted by thousands of customers! Our clients range from small start-ups to major corporations.
- We are a partner of HSD. The Hague Security Delta (HSD) is the largest security cluster in Europe. Fast SSL is a partner of HSD. It allows us to develop new products, ensure we keep abreast of the latest innovations in the world of security, and offer our clients a top quality service – keeping them safe and secure.
- Friendly customer support. We guide you through all the steps from the purchase of the certificate to its installation on the site. We will help you to solve any technical and administrative issues.
- Fast SSL – a strategic partner of leading certification authorities. The company is a strategic partner of Comodo and Symantec CA’s. This emphasises that Fast SSL is a reliable and trusted supplier of SSL-certificates.
What is SSL?
SSL is an acronym for Secure Sockets Layer. SSL provides a secure connection, allowing you to transmit private data online. Sites secured with SSL display a padlock in the browsers URL and possibly a green address bar if secured by an EV SSL certificate.
The SSL protocol is used by millions of e-Business providers to protect their customers ensuring their online transactions remain confidential. In order to be able to use the SSL protocol, a web server requires the use of an SSL certificate.
Sites will get SSL encryption to cover any area that involves an exchange of data including login boxes, credit card payments, or any personal information. All web browsers have the ability to interact with SSL secured sites so long as the sites SSL is from a recognized Certificate Authority, such as Comodo.
Why do I need SSL on My Site
The Internet has successfully created many new global business opportunities for enterprises conducting online commerce. However, that growth has also attracted fraudsters and cyber criminals.
The increasing awareness of online fraudsters and cyber criminals has presented an opportunity for ecommerce providers to capitalize on consumer fears by displaying trust indicators. Just like the real world, people need to be confident before they proceed down an unknown path.
How Does SSL Work?
When a SSL Digital Certificate is installed on a web site, users can see a padlock icon at the bottom area of the navigator. When an Extended Validation Certificates is installed on a web site, users with the latest versions of Firefox, Internet Explorer or Opera will see the green address bar at the URL area of the navigator.
Users on sites with SSL Certificates will also see https:// in the address bar during an ecommerce transaction.
Free certificates: why you should not use them
Free SSL-certificates are seemingly very profitable and easy way to protect your site. Indeed, why buy something when you can get it all for free from a variety of certification authorities? Free certificates attract business owners, but in the end its lead to losses. Why? Let’s look further.
Free SSL-certificates are rarely trusted by major companies
In order for large corporations to include the root key of the CA (certificate authority) in own products, the CA must meet numerous conditions, the implementation of which requires significant financial investment. To attract such investments without the offer of paid products is virtually impossible. For this reason, the certification authorities that provide free certificates often have paid solutions in their product line, which differ in additional advantages: speed of issue, the possibility of including sub-domains, enhanced authentication, etc.
Free certificates are not suitable for sites which take payments
Free SSL-certificates rarely used to protect online stores, banks, websites, microfinance institutions, or any other sites accepting payments, because it is completely unclear who owns the site. People have less trust in sites protected by free certificates, which can have a negative impact on sales. In addition, you should take into account that many of the free SSL-certificates (for example, StartSSL) cannot be used for commercial purposes.
Free SSL-certificates are available mostly only as a DV (Domain Validation)
Free certificates are issued often only to verification by domain. Such certificates are not available for Code Signing, EV, etc. which vastly limits their use.
The re-issue of free certificates is paid
Despite the general availability of free certificates, some services are still paid. For example, in StartSSL reissuance of free SSL-certificate is paid (to revoke the certificate you will have to pay $24). The re-issue procedure is needed to make any changes to the certificate.
Comparison SSL-certificates by brands
Cost of issue
Cost of reissue
Protection of the primary domain (one)
Yes + all sub-domains
Additional protection domain with «www»
Green address bar with company name
Display padlock icon
Increase site positions in Google SERP
Non-commercial websites, blogs
Non-commercial websites, blogs
Non-commercial websites, blogs
Site network of companies, organizations
Websites of banks, online stores
Type of validation
Support by browsers
Only major browsers
Only major browsers
All browsers (99.9%)
All browsers (99.9%)
All browsers (99.9%)
Length of the key
Protection of pages from changes
Recommended for individuals
Recommended for organisations
** If the certificate is compromised, the certificate authority will compensate any expenses by the company and losses on the part of customers. With free certificates there are no guarantees and any losses will be taken up by you yourself.
All of this suggests that free SSL-certificates are “cheese in a mousetrap”. It is best to use proven paid solutions by known CAs. Prices on SSL-certificates are now available to all customers, which you can see on the Fast SSL site.
Cloud services: how to increase sales with an SSL-certificate
Did you know that the absence of an SSL-certificate for a cloud provider can cost €820,000?
According to the Council or the European Union, from 1 January 2016 all companies must protect the personal data of users. If the company accidentally leaks personal data and does not notify the relevant authorities in a timely manner, it faces a fine of €820,000 or 10% of turnover.
Do you really need such expenses?
Of course not.
It’s better to protect yourself from unnecessary problems.
How can this be done? Easy – just buy an SSL-certificate.
SSL-certificates are not only protection, but also a way to increase ARPU for cloud providers by SSL-certificate sales.
SSL has a lot of advantages for cloud services:
- if users see a padlock in the address bar of the browser, they agree more readily to the transfer of their personal data;
- the lack of an SSL-Certificate leads to users going to competitors who are already using an SSL;
- a green address bar with the name of the organisation is a guarantee that data will transferred to the company that owns the service. This increases users’ confidence and enables the company to significantly expand the audience;
- corporate clients refuse to work with cloud services without an SSL-certificate because they do not want to jeopardise their company’s valuable data. These clients are the most solvent, losing them is an unnecessary waste;
- SSL prevents the inadvertent disclosure of private or protected data during transmission. Thus, you will be able to guarantee the security of users’ data (and avoid any costly court cases).
- Sites protected by an SSL-certificate receive specific benefits in search rankings, as repeatedly mentioned by major search giants such as Google. The SSL-certificate is an important factor in SEO.
EV SSL-certificate allows a green bar to be displayed in the browser – a sign of trust for most users. Today, many large companies have moved to a secure connection and actively support SSL distribution (including companies such Automattic, Mozilla, Chrome, Cisco, etc.). Search engine giant Google has repeatedly signaled that HTTPS pages will receive priority in indexing compared to unprotected HTTP versions. This is another argument in favour of the transition to SSL.
Fast SSL – a global reseller of SSL-certificates
If you are interested in expanding and further-developing your cloud service, be sure to think about the purchase and installation of SSL-certificates. We recommend installing the EV SSL-certificate, which gives maximum benefits compared to all other certificates: the displaying of the company name in the address bar of your browser.
We offer special solutions for cloud providers:
- Smart API for automatic issue and installation SSL-certificates
- Profitable partner programme that will allow you to get SSL-certificates at an affordable price
- Module for WHMCS & cPanel
- Easy control panel
Fast SSL is a strategic partner of the well-known certificate authority Comodo, which currently holds a leading position in terms of volume of issued SSL-certificates. You can always order SSL-Certificate Comodo EV for the best price from our company.
So hurry, before your competitors get there first. Try our partner programme right now!
SSL-certificates for online stores: a necessary addition for online businesses
You have opened the online shop of your dreams, which already brings you some income, but you are trying to find ways to make it more profitable. What opportunities are there to increase the revenue that you’re receiving? One of the most popular solutions is an SSL-certificate, which will allow you to sell more by increasing the confidence of potential buyers. An SSL-certificate brings three advantages:
- It increases your income due to growing trust to your Web site;
- it protects from theft the personal information of your customers;
- it prevents the emergence of site-clones (or, as they are otherwise known, phishing sites) *.
* True only for SSL-certificate with a green address bar (EV-certificates).
SSL is a modern standard for virtually all online financial transactions.
Online stores are very difficult to imagine without using SSL, because they conduct various financial transactions that require entering sensitive user data. These sites are very vulnerable to theft of passwords, so they must be always be protected by SSL.
Professionals recommend protecting the entire online store, not just its individual pages with important data. This approach gives a lot of advantages:
- Users immediately see that your site is protected – your browser has a lock and/or the green bar with the company’s name
- No one can steal valuable information from your customers (credit card numbers, postage addresses, user’s personal data, etc.)
- Access to visitor statistics for analytical services will be closed (no one will know which pages your customer visited, what they bought, etc.)
Which SSL-certificate to choose?
Today there is a wide range of SSL-providers: Symantec, Comodo, Thawte, etc. If you are selling premium products, you might want to take advantage of Symantec Secure Site Pro with EV SSL-certificate. In addition to it you will get a special Norton Secured Seal trust logo, which is a sign of quality and security for any online store. It should be placed on all pages of the online store, as well as next to the login form, in order that the visitor understands that the site is under perfect protection.
Why is it so important to display the trust logo?
The main advantages of displaying trust logo on site:
- Users see that your site is secure, and therefore enter their personal information and make purchases.
- Norton – a recognisable brand, which in the minds of many people is associated with security software. The «Norton Secured» logo attracts additional trust from users.
- If a user hovers the mouse cursor over the logo, he will be able to see all the information about your company and the protective tools used on your website.
If you need a cheaper solution, then in that case you can have the Thawte EV-certificate or a Comodo EV-certificate. This EV-certificate allows the site to display a padlock, a green address bar in the browser, as well as the company name in it. The user will immediately notice a visual signal and realise that the site can be trusted, because it is protected.
OV SSL-certificate (Organisation Validation) is not recommended for use in online shops. This type of certificate allows you to put a padlock in the address bar of your browser, clicking on which will display information about the company. However, not all users are technically savvy enough to browse information about the company. Therefore, they might simply refuse to purchase on your site.
DV SSL-certificates allow you to display the lock in your browser, but do not contain data about your company. Thus, you will achieve the security of transactions on the site, but cannot defend against data theft via phishing sites. Hackers can get quite the same DV-certificate and create a fake copy of the online store, directing users to it and obtaining their data.
For these reasons, we strongly recommend to all owners of online stores to purchase EV SSL-certificate, which bears numerous marketing benefits and can reliably protect a site from intruders.
With this, the visitor receives a non-verbal sign saying that the site should be trusted (green is always associated with a permit). The user can immediately see who owns the site, because the company name is displayed in the address bar of their browser. The trust of visitors to the site will grow, and so the site’s sales grows too. Statistics show that sales growth could be up to 10-40%.
Now some maths. Let’ say your website sales reach 100,000 euros a month. We assume that sales growth will be 1% (minimum percentage). EV-certificates cost from 90 euros per year. We get the increase in sales for the year:
100,000 x 12 x 0.01 = 12,000 euros.
Subtract the certificate cost of 90 euro. Net profit amounts to 11,910 euros.
All of this indicates that the SSL-certificates are a very profitable investment which quickly pay for themselves.
Another important factor in sales growth is brand awareness. The Baymard study showed that people are more likely trust the VeriSign (Now Symantec).
Using standard EV-certificate, we have a profit of 11,910 euros.
Now let’s look how to change the situation with the using of Symantec certificate. The initial conditions are the same. The difference is that Symantec is more prestigious and recognisable brand in comparison with many other certification authorities, and this EV-certificate costs 630 euro/year. In this case we get more visitors trust and higher likelihood that a person will complete their purchase.
In the case of Symantec with an increase in sales of at least 3%, we get the following:
100,000 x 12 x 0.03 = 36,000 euros.
Subtract certificate costs – 630 euro. As a result, we have increased sales by 35,370 euros.
|Calculation of efficiency of use of EV SSL-certificates for online stores|
|Sales in the store (in euros).||100,000|
|With an installed SSL-certificate from a standard authority|
|Minimum certificate price (in euros/year)||90|
|Minimum sales growth||1%|
|Sales growth (in euros)||12,000|
|Sales growth minus the SSL-certificate price (in euros)||11,910|
|With SSL-certificate Symantec EV|
|Minimum certificate price (in euros/year)||630|
|Minimum sales growth||3%|
|Sales growth (in euros)||36,000|
|Sales growth minus the SSL-certificate price (in euros)||35,370|
|Profit growth in the transition from standard EV to Symantec EV|
|Sales growth (in euros)||23,460|
|Sales growth (in %)||197%|
Increase sales using Symantec EV-certificates almost 3 times higher than in the case of standard EV SSL certificates.
For this reason, in Germany and United States many companies prefer the Symantec brand.
Additional arguments in favor of the SSL-certificate:
- People often think that the site is secure only if it has a lock bar in the browser. This axiom is prescribed in many books and articles on security. Many people will leave the site, if they don’t see a small padlock or green line. Thus, if you do not enable SSL for the entire site, you may lose a percentage of users. They simply think that your site is dangerous and will not buy anything on it.
- In August 2014, Google reported that the availability of SSL on each page of the site allows the growth of SEO ranking in search results. This was done as part of a campaign for Internet protection following some major data breaches. This is another plus in the arguments for SSL-certificate installation.
- Studies have shown that the percentage of purchases in online stores, protected with SSL, increases to about 40%. Users have a negative attitude towards sites with no padlock or company name in the address bar of the browser, and therefore go to competitors who have installed the SSL-certificate. As seen in a recent user survey, conducted by Symantec Certification Authority, approximately 78% of the respondents are willing to shop online, if they see a padlock in the browser bar.
It is best to order the SSL-certificate from proven companies such as Fast SSL. We are a strategic partner of Comodo and offer SSL-certificates from this certificate authority at the best prices.
Also, you can order DigiCert SSL-certificates which are ideal for doing serious business online.