Frequently Asked Questions on SSL Certificates
- What does my SSL Status mean?
- How do I check my SSL Status?
- What is domain control validation?
- What happens when my certificate expires?
- What is a Wildcard SSL certificate?
- How do I know my secure certificate is safe from vulnerabilities?
- What does it mean to revoke an SSL certificate?
- Why does my CSR need to be 2048 bit length?
- Protecting My Site Against the SSL Vulnerability in Debian GNU/Linux
- What happens if I don't install intermediate certificates?
- Determining the Type of SSL Certificate a Website Is Using
- How do I get a Domain Authorization Letter?
- Which browsers and devices are your SSL certificates compatible with?
- Requesting a Domain Authorization Letter from Domains By Proxy
- Finding the SSL You Need
- Resolving Warnings About Allowing SSL v2?
- What is your criteria for accepting Domain Authorization Letters?
- HTTP vs. HTTPS
- What Is the encryption strength of your SSL certificates?
- Explaining What Information We Validate to Approve SSL Certificates
- About the Distinguished Name
What does my SSL Status mean?
An SSL certificate authenticates the identity of your website to visiting browsers and encrypts their information, so you can build trust with your customers. Your SSL Status represents the status of any Standard Single Domain SSL certificate that you have purchased and is displayed in the Account Summary section of the hosting Control Panel. For assistance checking your SSL Status, see
How do I check my SSL Status?
NOTE: Only Standard Single Domain SSL certificates are redeemable through the hosting Control Panel. For assistance redeeming other types of certificates, see:
Requesting Your SSL Certificate , Installing Your SSL Certificate
These are the different SSL Statuses that may display in your Account Summary:
- Credit Available This status is an active link that displays when you have purchased a Standard Single Domain SSL certificate, but have yet to apply it to your hosting account. Clicking this link directs you to the Activate SSL page in the hosting Control Panel where you can activate your SSL certificate.
- Purchase SSL Certificate This status is an active link that displays when you do not have any Standard Single Domain SSL certificate credits. Clicking this link directs you to the Secure Certificates page in your account where you can purchase a Standard Single Domain SSL certificate to apply to your hosting account.
- Active This status is an active link that displays when you have successfully applied a Standard Single Domain SSL certificate to a domain within this Hosting account. Clicking this link directs you to the Secure Certificates page in your account where you can log in to your Secure Certificate Services account.
- Install in Progress This status displays when you have activated a Standard Single Domain SSL certificate and the system is installing the certificate to your hosting account.
- Removal Pending This status displays when you have requested the removal of an SSL Certificate from your hosting account, and the system is processing the removal request.
- Install Failed This status displays when your request to install a Standard Single Domain SSL certificate to a domain in your hosting account failed. If you receive this status, contact customer support.
What is domain control validation?
Before we can issue an SSL certificate for a domain name, we must verify the person requesting the certificate controls the domain name. This process ensures we only issue certificates to the domain's controller. To validate domain control, we let you choose one of these methods: a domain authorization email, domain authorization letter, or a domain control email.
NOTE: Multiple Domain UCC SSLs automatically send out a domain authorization email. Contact customer support to request alternate validation methods.
If a private registration service protects your contact information in the Whois database, contact your domain registrar to set up email forwarding. If you cannot or do not receive the email, contact our customer support team to request an alternate validation method.
If we do not receive your approval, we deny the request.
What happens when my certificate expires?
If you allow a certificate to expire, the certificate becomes invalid, and you will no longer be able to run secure transactions on your website. The Certification Authority (CA) will prompt you to renew your SSL certificate prior to the expiration date.
NOTE: A certificate can only be renewed up to 120 days prior to and 30 days following the expiration date. You can apply the renewal credit 60 days before expiration or 30 days after expiration.
Protecting My Site Against the SSL Vulnerability in Debian GNU/Linux A recently exposed security flaw in the version of OpenSSL distributed with Debian GNU/Linux, released between September 17, 2006 and May 12, 2008, may require you to take immediate action to protect your site and customers against vulnerability. Affected operating systems include Ubuntu, Kubuntu, Knoppix, Grml, and Xandros.
If you are running one of these Debian versions or derivatives, and have SSL Certificates issued through us, you need to patch your server and then utilize the free re-key credit available for your SSL Certificates.
To Protect your Site from the SSL Vulnerability in Debian GNU/Linux
- Upgrade your Debian Operating System to a patched version.
NOTE: Your server must be patched before utilizing the re-key credit. Otherwise, the new key pairs and certificate may still be vulnerable and will be rejected. - Use the free re-key credit available from within your Secure Management account.
- Follow the instructions in Re-key an SSL Certificate.
The issue, caused by a flaw in the Debian-specific random number generation, results in relatively predictable key pair values that are highly exploitable and easily subjected to a brute-force attack. Key pairs are used to request an SSL certificate, therefore the affected key pairs and the corresponding certificate are vulnerable.
For more information on this Debian-specific vulnerability and to find a listing of the specific versions of the operating systems affected, refer to the announcements posted by Debian and Ubuntu.
What is a Wildcard SSL certificate?
A Wildcard SSL certificate secures your website URL, and an unlimited number of its subdomains. A single Wildcard certificate can secure bothwww.coolexample.com, and blog.coolexample.com.
Wildcard certificates secure all of the subdomains at the level you specify when you submit your request. Just add an asterisk (*) in the subdomain area of the common name where you want to specify the wildcard. For example:
If you configure *.coolexample.com, you can secure
- www.coolexample.com
- photos.coolexample.com
- blog.coolexample.com, etc.
- mail.www.coolexample.com
- photos.www.coolexample.com
- blog.www.coolexample.com, etc.
Wildcard certificates secure websites the same as a regular SSL certificate, and requests are processed using the same validation methods. However, some Web servers might require a unique IP address for each subdomain on the Wildcard certificate.
NOTE: A Wildcard certificate secures only the level of subdomain you specify. So, if a certificate is configured for *.www.coolexample.com, it will not securewww.coolexample.com.
How do I know my secure certificate is safe from vulnerabilities?
Our Certificate Authority validates the identity of an entity purchasing an SSL certificate. The Certificate Authority does so by validating documentation provided by the requestor. The Certificate Authority then digitally signs the certificate using a hash function.
A hash function, when combined with the certificate, creates a standard length digital signature that should be unique. Three common hash functions areMD5, MD2, and SHA-1. With the MD5 and MD2 functions, individuals with the appropriate knowledge and computing power can recreate another digital signature to match the original. If this happens, an unsuspecting user could unknowingly be redirected to another site.
Most Certificate Authorities realize the weakness in MD5 and MD2 and use the hash function called SHA-1 which, to date, no one has been able to break. As a user, you should be suspect of SSL enabled sites that use MD5 or MD2.
As a further security measure, we do not allow null bytes in common names and manually review all requests containing either "\" or "/" to prevent misuse.
To determine what type of SSL certificate a site is using, see Determining the type of SSL certificate a website is using.
What does it mean to revoke an SSL certificate?
Revoking is the process of canceling an SSL certificate. When you revoke, the SSL credit is canceled and HTTPS is immediately removed from the website. A revoked certificate cannot be re-keyed or renewed, and the process cannot be undone. If you need HTTPS for the website, you must repurchase and submit a new request.
Consider revoking your certificate if:
- The certificate contains the wrong common name.
- The certificate contains incorrect information.
- The secured site is no longer operational.
If you're switching certificate types, for example from a Standard to a Premium SSL, you can install the new certificate over the existing — you do not need to revoke the old certificate.
To learn how to revoke your SSL certificate, see Revoking an SSL Certificate.
Determining the Type of SSL Certificate a Website Is Using Two common hash functions are MD5 and SHA-1. With the MD5 function, individuals with the appropriate knowledge and computing power can recreate another digital signature to match the original. If this happens, an unsuspecting user could unknowingly be redirected to another site.
You can determine the type of SSL certificate a site is using by clicking the padlock icon in your browser.
To Determine the Certificate Type in Firefox
- Double-click the padlock icon in your browser.
- Click View Certificate.
- Go to the Details tab.
- In Certificate Fields, click Certificate Signature Algorithm.
- Read the value of the Certificate Signature Algorithm field. If it is PKCS #1 SHA-1 With RSA Encryption the site is using a SHA-1 certificate.
- Click the padlock icon in your browser.
- Click View certificates.
- Click Details.
- In the Show field, select <All>.
- Read the value of the Signature algorithm field. If it is a SHA-1 certificate, the value is sha1RSA.
Why does my CSR need to be 2048 bit length?
Computer power has lessened the time it takes to break the algorithms used by today's secure certificate private keys.
To avoid putting the Internet and e-commerce users at risk, the Certificate Authority Browser Forum has published new requirements for secure certificates. We are a member of this organization and are supporting this change by requiring 2048-bit length for all new and renewing SSLs.
The following are the requirements established by the Certificate Authority Browser Forum for Extended Validation Certificates:
- A minimum of 2048-bit RSA keys for root and subordinate CAs.
- A minimum of 2048-bit keys for entity certificates (the secure certificates issued to our customers) that expire after December 31st, 2010.
- All new root certificates must have a minimum of 2048-bit RSA keys.
- 1024-bit roots will be removed from the Microsoft Root Certificate Program by December 13th, 2013.
- All end entity certificates issued after December 31st, 2010 must have a minimum of 2048-bit RSA keys.
Protecting My Site Against the SSL Vulnerability in Debian GNU/Linux
A recently exposed security flaw in the version of OpenSSL distributed with Debian GNU/Linux, released between September 17, 2006 and May 12, 2008, may require you to take immediate action to protect your site and customers against vulnerability. Affected operating systems include Ubuntu, Kubuntu, Knoppix, Grml, and Xandros.
If you are running one of these Debian versions or derivatives, and have SSL Certificates issued through us, you need to patch your server and then utilize the free re-key credit available for your SSL Certificates.
To Protect your Site from the SSL Vulnerability in Debian GNU/Linux
- Upgrade your Debian Operating System to a patched version. NOTE: Your server must be patched before utilizing the re-key credit. Otherwise, the new key pairs and certificate may still be vulnerable and will be rejected.
- Use the free re-key credit available from within your Secure Management account.
- Follow the instructions in Re-key an SSL Certificate.
The issue, caused by a flaw in the Debian-specific random number generation, results in relatively predictable key pair values that are highly exploitable and easily subjected to a brute-force attack. Key pairs are used to request an SSL certificate, therefore the affected key pairs and the corresponding certificate are vulnerable.
For more information on this Debian-specific vulnerability and to find a listing of the specific versions of the operating systems affected, refer to the announcements posted by Debian and Ubuntu.
What happens if I don't install intermediate certificates?
If you don't install the intermediate certificates with your issued SSL certificate, the trusted-chain certificate might not be established. This means that when visitors attempt to access your site, they might receive a "Security Alert" error indicating "The security certificate was issued by a company you have not chosen to trust…" Faced with such a warning, potential customers will most likely take their business elsewhere.
You can fix the problem by installing the intermediate certificates on your Web server. Intermediate certificates are available as individual certificates and server-specific certificate bundles. Please refer to the Installing an SSL: Server Instructions to determine which intermediates you need.
Download the intermediate certificates by clicking the link in the email message you received when your certificate was issued, or you can download them from the repository.
Determining the Type of SSL Certificate a Website Is Using
Two common hash functions are MD5 and SHA-1. With the MD5 function, individuals with the appropriate knowledge and computing power can recreate another digital signature to match the original. If this happens, an unsuspecting user could unknowingly be redirected to another site. You can determine the type of SSL certificate a site is using by clicking the padlock icon in your browser.
To Determine the Certificate Type in Firefox
- Double-click the padlock icon in your browser.
- Click View Certificate.
- Go to the Details tab.
- In Certificate Fields, click Certificate Signature Algorithm.
- Read the value of the Certificate Signature Algorithm field. If it is PKCS #1 SHA-1 With RSA Encryption the site is using a SHA-1 certificate.
- Click the padlock icon in your browser.
- Click View certificates.
- Click Details.
- In the Show field, select <All>.
- Read the value of the Signature algorithm field. If it is a SHA-1 certificate, the value is sha1RSA.
How do I get a Domain Authorization Letter?
Certain business matters, such as requests for Secure Sockets Layer (SSL) certificates or merchant accounts, require verification of your domain name registration. For example, when you request an SSL certificate from us, we must verify your domain name registration in the Whois database. If we can't verify this information because you have private registration for your domain name, you must provide us with a Domain Authorization Letter from the private registration company.
To get a Domain Authorization Letter, consult your private registration company for specific instructions. If the company sends the letter directly to you, fax or scan and email it to us to prove you own the domain name. For more information, see What is your criteria for accepting Domain Authorization Letters?
If your domain name has private registration through our affiliate company, Domains By Proxy® (DBP), you can request a Domain Authorization Letter in your DBP account. For more information, see Requesting a Domain Authorization Letter from Domains By Proxy and Why does Domains By Proxy need to process my Domain Authorization Letter?
Which browsers and devices are your SSL certificates compatible with?
The following browsers and devices work with our SSL certificates. This means users accessing the site you secured can successfully send and receive encrypted information.
NOTE: This list of browsers and devices does not represent the browsers and devices that work with our applications. This list only represents the browsers and devices that work with our SSL certificates, although some browsers and devices appear on both lists. For the list of browser and devices our application support, see Which browsers work with your products?
Browsers
- AOL® — 5 and higher
- Google Chrome™ — All versions
- Firefox® — All versions
- Internet Explorer® — 5.01 and higher
- Konqueror® — All versions
- Mozilla® — All versions
- Netscape — 4.7 and higher
- Opera browser© — 7.5 and higher
- Safari® — Mac OS® 10.3.4 and higher
- ACCESS NetFront™ — 3.3 and higher
- Android™ — All versions
- AT&T WAP Gateways — All AT&T phones that use WAP version 1.X
- BlackBerry® — 4.1 and higher
- iPhone® — All versions
- iPad™ — All versions
- Kindle® — All versions
- Motorola® phones — Manufactured in 2009 and later
- Nokia® devices — Manufactured in 2007 and later
- Nook® — All Color and Tablet Versions
- Palm OS® — 6.1 and higher (also Treo 650)
- Sprint® devices — Manufactured in 2010 and later
- Sony PlayStation Portable® — 2.5 and higher
- Sun Java Runtime® (JRE) — 1.4.2_07 and higher and 1.5.0_02 and higher
- Windows Mobile® — 2005 AKU 2 and higher
If you use an older browser, you might receive a warning that the root certificate is not trusted. If that happens, simply install the root certificate. To do so, click "View Certificate." Then, when the certificate is displayed, click "Install Certificate." You can also download the root certificate directly from the Repository.
Technical Information These browsers and devices have our root certificates — the Valicert Class 2 Policy Validation Authority and the Starfield Class 2 Certification Authority — installed.
Requesting a Domain Authorization Letter from Domains By Proxy
When you request a Secure Sockets Layer (SSL) certificate from us, we must verify your domain name registration and control via the Whois database. If we can't verify this information because the domain name in the certificate request has Private Registration through our affiliate company, Domains By Proxy® (DBP), you can request a Domain Authorization Letter by logging in to your DBP account. DBP usually prepares and forwards the letter to us within two business days.
DBP charges a $15 service fee to prepare the Domain Authorization Letter. If you submit incorrect information in your request, you will have to request another letter and pay the fee again.
NOTE: If you are requesting an Extended Validation (EV) SSL from us, a Domain Authorization Letter is not sufficient to validate your registration. Instead of following the steps below, see Can you Request a Premium Extended Validation (EV) SSL Certificate for a Privately Registered Domain and Setting Email Forwarding Preferences for Domain Names with Privacy for more information.
To Request a Domain Authorization Letter from Domains By Proxy
- Go to DomainsByProxy.com, and log in to your account. NOTE: If you have trouble logging in to your DBP account, see Retrieving Your Domains By Proxy Login Information.
- Select SSL Authorization. The SSL Authorization page displays. NOTE: From Private Domains, you can select the domain name you want to request an authorization letter for, and then click (Request authorization letter).
- Complete the following fields:
- Domain name — Select the domain name you are requesting a domain authorization letter for.
- Customer name — Enter your name.
- Customer phone number — Enter your phone number.
- Certificate issuer — Select the company issuing your SSL certificate or merchant account.
- Issuer order number — Enter the order number your certificate issuer provided.
- Certificate applicant — Enter the name of the individual or organization applying for the SSL certificate or merchant account. Some issuers refer to the applicant as the Organization Applying/Enrolling or the Common Name.
- Select I understand and agree that ... to agree to the $15 service fee. NOTE: Starfield Technologies does not require a service fee. If you selected Starfield Technologies as your certificate issuer, this option does not display.
- Click Request Authorization Letter. The Submission Acknowledgement window displays.
- Click OK.
Finding the SSL You Need
Some websites or server configurations require a specific type of SSL. Use these questions as a guideline to help determine which SSL you should use.
- Where are you located? Our SSL certificates are issued to individuals and companies worldwide, but there are a few restrictions. For more information, see Which countries are currently supported for certificate issuance?
- Is this for a business or a personal website? How do you want to show visitors that your site is secure? Do you want visitors to see the SSL belongs to a verified organization, or is HTTPS in the address enough?
- All SSL-secured sites display HTTPS in the address. Premium Extended Validation (EV) SSLs also display a prominent indicator — usually a green address bar — to quickly assure visitors that the organization's legal and physical existence was verified according to strict industry standards. For more information, see What is a Premium Extended Validation (EV) SSL certificate?
- Which type of server or Web hosting do you use? Our SSL certificates work on all types of hosting and server configurations, but these specific servers must use the certificate listed:
- Quick Shopping Cart® stores must use a single-domain Standard or Premium SSL.
- Intel vPro servers must use a Deluxe High Assurance SSL (available only via call-in).
- Exchange Server 2007 and 2010 must use a Multiple Domain (UCC) SSL to secure multiple services (domains).
- How many unique domains do you want to secure with HTTPS? Do all of the sites have fully qualified domain names, or do you need to add a few subdomains (see What is a subdomain?) on the fly?
- Wildcard SSLs cover multiple subdomains. Wildcards are also ideal for intranet configurations. For example, you can secure your internal services using intranet.coolexample.com, and your public-facing website using www.coolexample.com.
- UCC SSLs can cover multiple subdomains, unique domain names, and websites. For example, you can secure www.coolexample.com, mail.coolexample.com, and www.awesomeexample.com.
Please see the following articles for more information about each SSL option:
Defining a Multiple Domain (UCC) SSL Certificate, What is a Premium Extended Validation (EV) SSL certificate?, What is a Wildcard SSL certificate?
Resolving Warnings About Allowing SSL v2?
If you run a PCI compliance scan or you're trying to configure your server, you may encounter a warning about allowing SSL v2.
SSL v2 is an older secure certificate protocol. Enabling this protocol allows people using older browsers to connect to your site, however, those transactions are less secure because it is an older technology.
For applications requiring higher security, or to achieve PCI compliance, the SSL v2 protocol must be disabled on the server. To disable SSL v2 protocol, consult your Web server documentation.
What is your criteria for accepting Domain Authorization Letters?
If we cannot verify the certificate requestor's domain control (i.e., we cannot find the registrant's name in Whois database or the registrant is a privacy company), the certificate requestor must obtain and submit a Domain Authorization Letter from the domain registrar.
Domain Authorization Letters must comply with the following criteria:
- We will only accept Domain Authorization Letters from the private, anonymous or proxy registration service company listed in the Whois database.
- The Domain Authorization Letter must be on the private, anonymous or proxy registration services company's letterhead and signed by the company's general manager or equivalent.
- The Domain Authorization Letter must contain the name of the organization applying for the certificate, the domain name included in the certificate request, the registrant's name (normally the private, anonymous or proxy registration services company) and a statement authorizing the certificate applicant the right to use the domain name in a digital certificate.
- A Domain Authorization Letter is required for any domain(s) that are registered through a private, anonymous or proxy registration service. It is the customer's responsibility to request the letter from his or her current domain registrar.
When receive the documents, an RA associate verifies the Domain Authorization Letter is in the acceptable format and that all required information is correct before manually completing the domain authorization process.
HTTP vs. HTTPS
HTTP, or hypertext transfer protocol, is the way a Web server communicates with browsers like Internet Explorer® and Mozilla Firefox®. HTTP lets visitors view a site and send information back to the Web server.
HTTPS, hypertext transfer protocol secure, is HTTP through a secured connection. Communications through an HTTPS server are encrypted by a secure certificate known as an SSL. The encryption prevents third-parties from eavesdropping on communications to and from the server.
NOTE: Only servers that have their own SSL can create HTTPS connections. A site's visitor cannot encrypt the connection.
Resolving Errors with Your CSR When you generate your certificate signing request (CSR) and put it into our online application, you may receive an error.
To eliminate any errors, make sure that your CSR:
- Begins and ends with the -----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST----- lines. Note the five dashes before and after.
- Contains no additional spaces at the end.
- Contains no line breaks within the CSR.
- Uses 2048-bit key length. Why does my CSR need to be 2048 bit length?
What Is the encryption strength of your SSL certificates?
All of our SSL certificates support high-grade 256-bit encryption.
The actual encryption strength on a secure connection using a digital certificate is determined by the level of encryption supported by the user's Web browser and the Web server that the website resides on. For example, the combination of a Firefox browser and an Apache server normally enables up to 256-bit AES encryption with our SSL certificates. This means that depending on the browser and server that combine to establish the secure connection through one of our SSL certificates, the encryption strength of the secure connection may be 40, 56, 128, or 256 bit.
Resolving an Invalid Key Length Error To help keep your site secure, we require a 2048 bit key length.
If you receive an Invalid Key Length error when you submit your certificate signing request (CSR) during your SSL application, re-generate your CSR using at least 2048 bit key length and resubmit your request.
If you need help generating a 2048 bit key length, see Generating a Certificate Signing Request.
Explaining What Information We Validate to Approve SSL Certificates
Our authentication process ensures the highest level of trust. Only through thorough validation of submitted data can the online customer rest assured that online businesses that display SSL certificates indeed are to be trusted. The specific authentication process depends on the type of SSL certificate requested:
Deluxe SSL Certificate — Corporate Authentication Process Before issuing a Deluxe SSL certificate, we authenticate that:
- The certificate is being issued to an organization that is currently registered with a government authority.
- The requesting entity controls the domain in the request.
- The individual requesting the certificate is associated with the organization named in the certificate.
If the submitted documentation is written in a language other than English, an English translation must be submitted along with a copy of the original document(s).
Deluxe SSL Certificate — Small Business/Sole Proprietor Authentication Process Before issuing an SSL certificate, we authenticate that:
- The individual who requested the certificate is who he/she claims to be.
- The individual requesting the certificate controls the domain in the request.
- The individual named in the certificate is the individual who requested the certificate.
If the submitted documentation is written in a language other than English, an English translation must be submitted along with a copy of the original document(s).
Standard SSL Certificate Before issuing an SSL certificate, we authenticate that:
- The requesting entity controls the domain in the request.
Our authentication process ensures the highest level of trust. Only through thorough validation of submitted data can the online customer rest assured that online businesses that display SSL certificates indeed are to be trusted.
About the Distinguished Name
During the creation of the CSR, you will be prompted to provide certain information about your organization. The Web server software will use this information to create your Web server certificate's Distinguished Name (DN). Distinguished names uniquely identify individual servers:
The distinguished name contains the following information:
- Country Code: The two-letter International Organization for Standardization (ISO-) format country code for the country in which your organization is legally registered. Click the link below for a complete list of ISO country codes. ISO Country Codes
- State/Province: Name of state, province, region, territory where your organization is located. Please enter the full name. Do not abbreviate
- City/Locality: Name of the city/locality in which your organization is registered/located. Please spell out the name of the city/locality. Do not abbreviate.
- Organization: The name under which your business is legally registered. The listed organization must be the legal registrant of the domain name in the certificate request. If you are enrolling as a small business/sole proprietor, please enter the certificate requester's name in the "Organization" field, and the DBA (doing business as) name in the "Organizational Unit" field.
- Organizational Unit: Optional. Use this field to differentiate between divisions within an organization. For example, "Engineering" or "Human Resources." If applicable, you may enter the DBA (doing business as) name in this field.
- Common name: The name entered in the "CN" (common name) field of the CSR MUST be the fully-qualified domain name for the website you will be using the certificate for (e.g., "www.domainnamegoeshere"). Do not include the "http://" or "https://" prefixes in your common name. Do NOT enter your personal name in this field.
NOTE: If you wish to apply your certificate to an intranet page, enter as the common name the name of the applicable intranet page (e.g., "intranet" or "web"). The name cannot contain periods. The absence of periods enables us to detect that the common name refers to an intranet page.
If you are requesting a Wild Card certificate, please add an asterisk (*) on the left side of the common name (e.g., "*.domainnamegoeshere.com"). This will secure all subdomains of the common name.
NOTE: If you enter "www.domainnamegoeshere.com" as the Common Name in your certificate signing request, the certificate will secure both "www.domainnamegoeshere.com" and "domainnamegoeshere.com." And vice versa.