FAQ : SSL
Frequently asked questions about SSL certificates
How do I know if a site is secure?
The HTTPS protocol manages these security measures. On the Internet, you're browsing an "unsecured" site if it uses the HTTP protocol (URL header), and a secure site if it uses the HTTPS protocol. For example:
Unsecured: http://www.gandi.net.
Secure: https://www.gandi.net.
Internet browsers recognize SSL certificates and establish an encrypted connection between the website hosted on the secure web server and the website user.
How long does verification (DCV) take?
In most cases, the verification process takes less than 24 business hours from receipt of proof of identification to certificate validation. Extended Validation, on the other hand, may take longer, due to additional verifications or if Sectigo requests additional information or documents.
How often should I renew my SSL Certificates?
SSL Certificates must be renewed every year. Automatic" SSL Certificates will also be renewed automatically every year.
What is an intermediate SSL certificate?
SSL certificates work on the basis of a chain of trust, from a Root certificate held by a certification authority to the certificate installed on your server.
Without an intermediate certificate, some older browsers, such as Firefox, may "misinterpret" the certificate.
Gandi provides its certificates from an "intermediate" certificate, or an inheritor of the "trust" of the Certification Authority's "root" certificate.
This allows us to reduce security risks, as all certificates supplied by Gandi can be revoked and revalidated without revoking the root certificate, should the security of the intermediate certificate be compromised. Most online merchants use intermediate certificates for this reason.
You can find more information on Root certificates on Wikipedia's dedicated article.
You can download and install Gandi's intermediate certificate (also known as the Operational Certificate Authority) at the same time as your SSL Certificate, so that visitors to your site (or at least their browser) can download it automatically and validate it from the chain of trust. Instructions for downloading the intermediate certificate are provided with those for downloading your certificate (it can be downloaded directly from the same page as the SSL Certificate itself).
How many servers can be secured with one certificate?
Our certificates are linked to one (or more) domain names or subdomains, and not to a specific IP address of a server hosting the security service.
In fact, if the protected sites are spread over several servers, or if you have the same site on several web servers (failover, load balancing, etc.), only one certificate is needed, so you can install the same certificate on several servers. Just check that the certificate you install covers the addresses protected by the certificate on the server in question.
You'll need a "Wildcard" or "Multi-domain" certificate if you want to secure several domains / subdomains.
Can I use my Gandi SSL certificate on another provider's hosting server?
Yes, you can install your certificate on the server of your choice (with the exception of Gandi Web Hosting's automatic, free certificates), since the certificate is linked to the domain name and not to a specific host.
For it to be validated, however, the DNS must be up to date, and the corresponding domain name must point to the host on which it is installed.
Generally speaking, you'll need root or administrator rights on the server in question to install an SSL certificate.
What does the SSL Certificate Financial Guarantee mean?
To protect your visitors, you have the option (from the Pro level of certification and up) of adding additional insurance in the event that the certificate's security should be compromised.
This insurance will cover any financial losses caused by the breach.
This additional service, which you can make known to your visitors by displaying the certification logo on your site, gives your customers the assurance that the transaction is secure and guaranteed.
Offering secure and insured transactions makes your business more user-friendly to your customers, and generates added value.
Please note, however, that this guarantee only covers a flaw in the certificate, not the site itself.
How can I export my SSL certificate and private key to a pfx file?
To export your certificate, your private key and our intermediate certificate to a pfx file, use this conversion page :
https://www.sslshopper.com/ssl-converter.html
Or use the following command on a Terminal:
openssl pkcs12 -export -in my.crt -inkey my.key -certfile my.pem -out my.pfx
You can replace "my" with the required file name. You can also rename your .pfx file after export.
- my.crt is the certificate issued by Gandi
- my.key is the private key generated with the CSR
- my.pem is Gandi's intermediate certificate (GandiStandardSSLCA2.pem for example)
- my.pfx will be the name of your pfx file
Gandi cannot do this for you, as we do not (and should not!) have access to your private key.