Common Questions
What is a CSR?
A CSR stands for Certificate Signing Request and is necessary for all SSL certificates in order to complete the generation process. It is usually generated from your web server / web hosting control panel.
It is created based on the following parameters:
Country Name (C): Use only the two-letter country ISO code without punctuation. For example: “US” or “IN”.
State or Province (S): Spell out the state or province name completely. Do not abbreviate. For example: “California” or “Maharashtra”.
Locality or City (L): This field is for the City or Town name. For example: “Washington” or “Mumbai”.
Organization (O): Company or business name needs to be entered here. For example: “XYZ Corporation”.
Organizational Unit (OU): This field is the name of the department or organization unit making the request such as “Sales” or “Marketing”.
Common Name (CN): Enter the hostname / domain name for your website i.e. “www.example.com” or “example.com” or “server2.example.com”.
What do I need to keep in mind while generating the CSR?
* To secure both www & non-www versions of domain.com enter Common Name as www.domain.com
* While filling details, only use the English alphabet and numbers 0-9. Ensure no spaces in the Common Name.
* If the “&” symbol is included in your Organization / Organisation Unit name, type out “and” instead.
How to generate the CSR?
Please consult official documentation for your web server to know how to generate a CSR with a 2048-bit key. Most documentation can be found online through a simple Google search. If you use a web hosting service for your website, check with your web hosting support team on how to generate it from their system. Some common scenarios for generating CSR on various server platforms are listed here.
Alternately, if your web server or web hosting control panel allows you to import an externally generated CSR & Private key, you can generate the CSR online (with a 2048-bit Private key) using our free online CSR generator.
How do I check / decode the CSR generated? What can I do if I noticed something incorrect in my CSR?
You can use our online CSR decoder tool to verify the CSR generated. Once the CSR is generated it is impossible to edit any fields. To modify the details in the CSR, you will need to re-generate a new CSR with the modified details.
The CSR cannot be decoded. What does that mean and what should I do?
Make sure you have the correct file copied and not your self-signed certificate, your previous SSL, or if it is bundled as a PKCS7 or PKCS12. Or, you could have a pass-phrase that does not have alpha-numeric characters or disallowed characters. If this is the case, you will need to generate a new CSR without the disallowed characters or in the proper form. Please only use the English alphabet and numbers 0-9. For example, if the “&” symbol is included in your Organization Name, please type out “and” instead.
What is a Private key used for?
The Private key is used on the server-side exchange for creating the secure connection and is generated with the CSR. A Private key is not provided by the Certificate Authority (CA) or your SSL provider. The Private key is linked to the CSR with which it was generated. If the Private key is lost or deleted, and you need to setup the certificate again, you will have to once again generate a CSR and private key pair on your server, and then re-issue the certificate with the new CSR.
What should I do with my Private key?
Your Private key should always remain private. Your Private key should never be exposed to your SSL provider or outside users, unless specifically requested by your web host for certificate setup. Never delete your private key after certificate setup, as it is required for your certificate to work.
What is Domain Control Validation (DCV) / Domain Validation (DV)? Why is it necessary?
DCV or DV is the method by which the Certifying Authority (CA) verifies that you are authorised to request a certificate for that hostname by the domain owner.
The DCV/DV check is compulsorily done by the CA for every new certificate purchase/request, certificate re-issue request, or certificate renewal request.
You are asked to select the DCV option when you fill the certificate enrollment form.
The DCV/DV validation can be done in any ONE way:
* Email with verification link to the domain owner know more about Email DCV
* Adding a custom DNS entry (CNAME or TXT based on the certificate) know more about DNS DCV
* Upload a text file with custom text content to a website folder know more about File DCV
Which document(s) do I need to provide for validation?
You do not need to provide any documentation in order to request a certificate. All you will need to do is confirm that you own the domain you wish to cover, either through a simple email or file or DNS-based validation.
If your website uses Privacy Protection services for your domain name, we recommend you do NOT use Email-based validation as it will delay the domain validation and certificate issue process.
How long will Domain validation take?
This largely depends on your response times. The Certificate Authority (CA) will be contacting you directly and will only proceed with next steps upon your response.
Certificates can typically be issued in a matter of minutes.
Email-based DCV is completed as soon as you click the link and enter the verification code from the CA's email. This is the easiest method.
DNS-based DCV is completed when the CA detects the correct CNAME entry after it has propagated globally and depending on the TTL value could take from 5 minutes to 4 hours in rare cases. Delays can be caused by adding record in the wrong control panel or using a high TTL value for the record.
File-based DCV is completed when the CA detects the correct file, with correct text content, at the correct location, and could take from a few minutes upto 4 hours. Delays can be caused by website’s redirection, incorrect file content/location, or File validation queue/problems at CA’s issuing server.
Selected orders may be flagged for an additional Brand Validation procedure by the CA. That means that the CA’s executives will review your order as it requires manual check.
Possible reasons for manual review:
* Some countries may be reviewed manually, for example: South Korea, North Korea, Sudan, Afghanistan and some others.
* Your domain name includes a popular Brand name, for example: facebook-app.com, sony-shop.net and others.
* Your domain name has similar brand name, for example you have domain name “sibmama.com”, but validation system may flag your order as “sIBMama”, so “IBM” brand was found in your name, so managers must check order manually.
* Your domain name has special words: “pay, online, secure, booking, shop, bank, transfer, money, e-payment, payment, protection and others”, in that case validation also will be manual.
In most cases after the manual review the hold on order processing is removed. Manual review may take up to 24-48 business hours.
The Domain validation requirements are completed, but status is still PENDING and I never received the certificate. What should I do?
Possible issues you can check before contacting us are:
* For File-based DCV, there may be extra space(s) in the text file content, or a firewall setting may be blocking http/https requests from CA server IPs since they are located outside the country.
* For DNS-based DCV, the DNS record may not have been correctly created, or may need more time to propagate globally depending on the initial TTL value. Use the lowest possible TTL value for quickest validation.
After completing validation, the Certificate Authority (CA) will send the certificate to the email address that was used for Domain Control Validation.
If, for whatever reason, the email address does not receive the email, you can download the files from the Certificate Info page after clicking the certificate status on this page.
If you face any difficulty, please Contact Support with the transaction (txn) ID so we can resolve your case.
Can I use the email address listed in the domain WHOIS info to complete Domain Control Validation (DCV)?
Yes, you can do this if your domain’s domain registrar shares this info publicly. To know which email addresses are authorised to be DCV Approvers for your domain use this free DCV Email Approver Check tool.
Can I switch my method of Domain Control Validation (DCV) from Email to File or DNS, or vice versa?
Yes. You can switch your DCV method after you have selected it during Certificate Enrollment. Click on the PENDING status link next to the domain name on this page, select the other DCV method you want to use.
How can I renew my SSL certificate?
A renewal is basically the same as getting a brand new certificate, “renewal” is simply an industry term that is used by all providers. So, you go through the exact same process to renew your certificate.
Simply place a fresh certificate request to replace your expiring one. During certificate enrollment select order type as Renew. Then select the number of days you are ordering in advance for extra days to be added to your new certificate’s validity.
Do I need to create a new CSR to renew my certificate?
We recommend that you generate a new CSR to renew your certificate for security reasons. However, if generating a new CSR proves to be challenging, you can use the original CSR to place the order.
My certificate is showing as Active on your website, but why is my site not secure? Why does my website still display the old certificate?
Think of your certificate as a ticket – when the old one expires you must toss it out and get a new one. When you have received the new certificate files, you need to setup/install the new certificate files to secure your website.
For your website to display the new certificate make sure that the new certificate files have replaced the old expiring certificate files. Also make sure any certificate-related settings on the web server are updated and restart the web server, if required.
What are third-party SSL certificates?
A third-party SSL certificate is a certificate that is issued by an external certificate authority, and not by your web hosting service provider. They have the same level of security and also give the user the option to buy at a lower price than that offered by the web hosting service provider.
Why are you offering certificate credits for only PositiveSSL certificate with one-year validity?
PositiveSSL certificate from Sectigo is the most popular SSL certificate globally, and it's one-year validity option is the most popular option with website owners.
From 1st September 2020, one-year validity will be anyway be forced on all SSL certificates by Google's Chrome and Apple's Safari browser more...
Do you offer training on SSL certificates?
No. The Bulk Buy Reseller website is meant for users who already know how to order and work with SSL certificates.
What are the payment options available?
For INR payments, you can use several Indian online payment options: Credit/Debit cards, Net Banking, BHIM/UPI, Google Pay. Digital wallet payment options include PhonePe, Paytm, Amazon Pay, and PayPal.
For USD payments, you can use Credit/Debit cards or your PayPal account.
Can I use the SSL certificate to cover an internal domain?
You can use the SSL certificate to cover an internal domain if it is an officially registered domain (a publically available FQDN).
If the internal domain is not a delegated and registered domain, the certificate will not be issued.
What is an Intermediate certificate?
An intermediate certificate is a file that helps the web browser identify who issued your SSL certificate. It is not required, but it is HIGHLY recommended that you install it along with your server SSL certificate in order to have full compatibility with all desktop & mobile browsers and mobile devices.
Where do I get my Intermediate certificate?
An intermediate certificate will be emailed to you along with the SSL certificate. You can also download the bundle of certificate files including the intermediate certificate from this website, which is something that can be done if you didn’t receive the certificate files via email. This is also sometimes referred to as the “CA Bundle.” It is also important to note that some certificates have multiple intermediate certificates.
What if I can only use one certificate file?
If your hosting platform or company tells you that you can only use one certificate file, then you can combine your server certificate text with the intermediate file text.
Publish your website to a local drive, FTP or host on Amazon S3, Google Cloud, Github Pages. Don't be a hostage to just one platform or service provider.
Just drop the blocks into the page, edit content inline and publish - no technical skills required.
