| ALMAT Computers - About Us
SSL Certificates
ALMAT Web Design is a department within ALMAT Computers (UK). Over the years,
ALMAT Computer staff and their team have grown. With a wide range of knowledge,
we channelled our staffed into certain skills and specialities, hence ALMAT Web
Design, consisting of staff, with Multimedia, Graphical and Programming
Knowledge. Theres very little our team don't know about the internet, its
requirements and its running, and what they don't know, they can find out
through their many resources at hand to them.
Top
ALMAT Computers is a
privately held business based in the United Kingdom, we provide IT services to
the Retail and Trade sectors. Full details about ALMAT
Computers can be found on our website.
Top
The SSL (and TLS) protocol is the Web standard for encrypting communications
between users and SSL (secure sockets layer) e-commerce sites. Data sent via an
SSL connection is protected by encryption, a mechanism that prevents
eavesdropping and tampering with any transmitted data. SSL provides businesses
and consumers with the confidence that private data sent to a Web site, such as
credit card numbers, are kept confidential. Web server certificates (also known
as secure server certificates or SSL certificates) are required to initialise an
SSL session.
Customers know when they have an SSL session with a website when their browser
displays the little gold padlock and the address bar begins with a https rather
than http. SSL certificates can be used on web servers for Internet security and
mail servers such as imap, pop3 and SMTP for mail collection / sending security.
Top
RapidSSL Certificates uniquely enable businesses to obtain low cost 1 year
fully functional single root trusted SSL certificates and are
ideal for websites conducting lite levels of ecommerce. RapidSSL.com owns the
root used to issue the certificates, making RapidSSL both
stable and far easier to install than a chained root install certificate.
RapidSSL lowers the barrier of entry for companies that want single root SSL
security by providing immediately issued certificates at the lowest cost available.
Top
When connecting to a webserver over SSL, the visitor's browser decides whether
or not to trust the website's SSL certificate based on which Certification
Authority has issued the actual SSL certificate. To determine this, the browser
looks at its list of trusted issuing authorities - represented by a collection
of Trusted Root CA certificates added into the browser by the browser vendor
(such as Microsoft and Netscape).
Most SSL certificates are issued by CAs who own and use their own Trusted Root
CA certificates, such as those issued by GeoTrust and RapidSSL.com. As GeoTrust
and RapidSSL.com is known to browser vendors as a trusted issuing authority, its
Trusted Root CA certificate has already been added to all popular browsers, and
hence is already trusted. These SSL certificates are known as "single root" SSL
certificates. RapidSSL.com, a subsidiary of GeoTrust, owns the Equifax Secure
eBusiness CA-1 root used to issue its certificates.
Some Certification Authorities, like Comodo, do not have a Trusted Root CA
certificate present in browsers, therefore they need a "chained root" in order
for their certificates to be trusted - essentially a CA with a Trusted Root CA
certificate issues a "chained" certificate which "inherits" the browser
recognition of the Trusted Root CA. These SSL certificates are known as "chained
root" SSL certificates.
Installation of chained root certificates are more complex and some web servers
are not compatible with chained root certificates.
For a Certification Authority to have its own Trusted Root CA certificate
already present in browsers is a clear sign that they are long-time, stable and
credible organizations who have long term relationships with the browser vendors
(such as Microsoft and Netscape) for the inclusion of their Trusted Root CA
certificates. For this reason, such CAs are seen as being considerably more
credible and stable than chained root certificate providers who do not have a
direct relationship with the browser vendors.
You can view the Certification Authorities who have their own root certificates
by viewing the list in your browser.
Click here for
instructions.
Chained root certificates require additional effort to install as the webserver
must also have the chained root installed. This is not necessary for single root
certificates.
Top
All SSL certificates issued by RapidSSL.com are issued from a trusted CA root
certificate that is owned by RapidSSL.com. This means that all our certificates
are stable.
Some SSL certificate providers cannot offer this stability. For example, Comodo
InstantSSL do not own their own trusted root, which means that they can only
offer chained root certificates chained to a trusted root certificate that they
do not own. They rely on the trusted root certificate owner to allow them to
issue certificates and have no control over what the owner of the certificate
does with the certificate - as has recently been shown when Baltimore has
decided to sell its root certificate. The only way to offer a stable chained
root product is to own the root being used to issue the chained root
certificates.
Top
RapidSSL and QuickSSL Premium Certificates are compatible with IE 5.01+, Netscape 4.7+,
Mozilla 1+, AOL 5+ and many newer Windows and Mac based browsres and are single
root install certificates (they do not use chaining technology), meaning that
they are compatible with SSLv2 and SSLv3. Single root certificates are also more
widely accepted by web servers with some web servers not accepting chained root
technology. ChainedSSL certificates use chaining technology and requires the
webserver to be SSL v3 or above compatible.
Top
By providing RapidSSL and QuickSSL Premium Certificates we are lowering
the barrier of entry for companies and websites wishing to secure their low
volume and low value online transactions and data with the lowest cost single root certificates available.
Top
RapidSSL certificates are valid for 1 year. QuickSSL Premium certificates are valid for
1 year.
When your SSL certificate is about to expire we will contact you to advise you. We send reminder notices at 90, 60, 30, 14 and 7 days prior to the expiration of the certificate and on the day of expiry.
Top
You may renew your certificate up to 90 days prior to expiry, the time left on your certificate will be
rolled over to the new certificate. To renew your certificate you will only need to paste in the new CSR and confirm the details.
Top
RapidSSL, QuickSSL Premium and RapidSSL Wildcard Certificates are issued same day, generally within 2 hours of your request being submitted. If you have not
received an Authorisation email at the address you specified within 12 Hours of submitting an order please advise the Sales
Staff so that we can follow up your order.
When you receive the Authorisation email and approve the issuing of the certificate there may be an additional delay in processing your order if the automatic system can not verify your details with your domain registrar. This additional
delay has come about due to some domain registrars blocking our access to their lookup systems, if the system can not perform the lookup the order will be held for manual review. Manual reviews are only completed during normal business hours by the GeoTrust staff.
The following registrars are known to be blocking automatic lookups: Godaddy (godaddy.com), Network Solutions (networksolutions.com). If your domain is registered through one of thes domain Registrars then the order may be held for manual review.
Top
We do not limit the amount of RapidSSL or QuickSSL Premium Certificates that can be ordered. Go ahead and get as many as you need!
Top
Browser ubiquity is the term used in the industry to describe the estimated
percentage of Internet users that will inherently trust an SSL certificate. The
lower the browser ubiquity, the less people will trust your certificate -
clearly, if you are operating a commercial site you require as many people as
possible to trust your SSL certificate. As a general rule, any SSL certificate
with over 95% browser ubiquity is acceptable for a commercial site.
Ubiquity is however not the only consideration in deciding whether one SSL
certificate is better than another. Many companies running high transaction
volume web sites need to maximize customer confidence and therefore buy
certificates from well known, long time security vendors and mostly use the
major players e.g. GeoTrust and Verisign who are all WebTrust compliant.
If you have a low volume web site and you decide that your customers confidence
is not effected at all by the brand behind the SSL certificate, or the volume of
customers that would have an issue are insignificant in number, then RapidSSL
or RapidSSL Wildcard certificates are ideal.
Top
Yes. Your browser contains a Trusted CA root certificate store. You can access
this by opening Internet Explorer, then go to Tools, select Internet
Options, select the Content tab, click Certificates, select
the Trusted Root Certification Authorities tab. You will then see a
dialog box presenting a list of all Certification Authorities who own their own
Trusted CA roots (you can examine the root certificate by double clicking it):
GeoTrust owns the Equifax root (Equifax Digital Certificate services became GeoTrust in 2001).
RapidSSL.com's RapidSSL product owns its own root. RapidSSL.com uses a different Equifax root (Equifax Secure eBusiness CA-1).
Top
An SSL certificate is issued to a fully qualified domain name (FQDN). This means
that an SSL certificate issued to "secure.RapidSSL.com" cannot be used on
different subdomains, such as "www.RapidSSL.com".
Top
A trust hierarchy demands that entities "vouch" for each other. Companies that
issue SSL certificates are in the business of establishing that entities on the
web are, in fact, who they claim to be. The potential for criminal activity on
the web (in relevance to SSL anyway), is in online ‘hijacking’ of sites or
connections to siphon encrypted data. Persons so inclined can easily "copy" web
site interfaces and pose as well known vendors, simply to collect these data.
SSL certificates work to prevent this through ensuring that www.abc.com is, in
fact, ABC Co. In the “real world”, we use identification procedures like photo
ids, telephone calls and papers of incorporation to know with whom we’re
dealing. If products or services are defective, buyers can seek recourse. In the
“online world”, companies wishing to use SSL certificates must prove to the
certificate authority that they have the right to present themselves online as
ABC Co.
This is done through a variety of means in different SSL products. For
simplicity’s sake, consider the method started and championed by Verisign, as
the ‘traditional’ model. The process involves certificate petitioners faxing in
their articles of incorporation, and then waiting several days to be granted a
certificate to do business online under that name. There is a fair amount of
overhead related to this task, as these credentials are examined and reviewed,
and full-service products in this arena can cost hundreds of dollars.
There are newer, lower-cost alternatives in which certificates are issued more
quickly. These certificates verify that the certificate holder is the owner of
that domain, ensuring customers that URL “owners” are who they claim to be.
There are also other validation options, like two-way, real-time telephony.
Certificate applicants are required to provide telephone numbers, and
certificate authorities call to verify basic information, yet another way to
seek recourse in the event of problems.
As part of the provisioning process with RapidSSL and QuickSSL Premium Certificates, your business will be registered with ChoicePoint* and assigned a
ChoicePoint Unique Identifier (CUI) — equivalent to a DUNS number. The CUI
provides a corporate profile to your Internet users through information imbedded
in your certificate. The business registration profile initially contains the
basic self-reported information from your CSR — your Domain, Company Name,
Division, Country, State and City. ChoicePoint will allow relying parties to
view and purchase additional data about your company. With the ChoicePoint
Unique Identifier, industry-recognized domain control authentication, and
two-factor telephony authentication, both of these products add further
validation to forge the strongest real-time authentication process on the market
today.
*ChoicePoint is the nation's leading provider of identification and credential
verification services. For more info about Choicepoint go to
www.choicepoint.com.
Top
We offer email and web support to our RapidSSL and QuickSSL Premium Certificate customers. Our support staff are highly
experienced in supporting SSL and webservers and will be happy to help you with
technical or sales inquiries.
Top
RapidSSL provides a $10,000 warranty on RapidSSL and QuickSSL Premium Certificates. The warranty protects the end user if we mis-issue a certificate.
It is worth noting that other SSL Providers use warranty as a means of adding
perceived value to their offerings, as such will offer the same certificate with
higher warranties and then charge more for the certificate! We want to make it
clear that warranty has not been collected on any SSL Certificate, ever! The
inclusion of a $10,000 warranty on RapidSSL and QuickSSL Premium Certificates makes RapidSSL.com
the lowest cost provider of highly trusted, fully warrantied SSL certificates!
Top
In most cases Yes, as long as both hosts are using the same platform (ie. Linux or windows) it is possible to move your certificate from one to the other.
You will need the Certificate and RSA Private Key to install the certificate, if you saved the RSA Private Key with us when you ordered then all the information you need will be in the Certificate details in your account, otherwise you will have to find the original email or you may be able to copy the information from your existing host before you move. We save the Certificate for you.
Installation is the same as for a new install just use the existing .crt and .key data. | 
