SSL Certificates


Learn the basics

99.9% of all websites are compatible with our free SSL which we install by default and renew with all web hosting accounts. You can purchase most other types of SSL certificates right from inside your cPanel or any third-party SSL provider. If you use CloudFlare or a similar third partner filter/firewall like this, you will have to use our name servers until the SSL is live. These firewall systems block the verification process needed to add the SSL. Once the SSL is working, you can change to a third-party firewall if you choose.

We provide basic free SSL certificates from cPanel for all website builders, web hosting, reseller web hosting, cPanel-based VPS, and cPanel-based servers. New free SSL certificates require you to use our name servers with your domain registration. And to not have any hard redirects. The SSLCA has to verify the domains to give a free SSL and not using the default settings with your domain can block this process. Once the SSL is live, you can change the name servers if needed and add redirects. But when the SSL is up for renewal you'll need to change them back. Paid SSL allows you to have redirects, custom name servers, and proxies like CloudFlare. It also has added security options that might interest you.

What is SSL?

A Web Server Certificate, or Server ID, is a digital document containing unique codes that identify the holder of the certificate to the person accessing the site. On the Internet, website visitors usually have no reliable way to identify who owns the online store that they are doing business with. When customers visit a virtual store to make a purchase, their biggest concern is who they will be paying and if the payment is conducted securely. This is why you need SSL certificates to secure your server.

The Secure Sockets Layer (SSL) is a protocol originally developed by Netscape. It has become the universal standard on the Web for authenticating websites to Web browser users and for encrypting communications between browser users and web servers. SSL is built into all major browsers and web servers, which means no matter where the protocol is implemented, the same implementation is operated. After a digital certificate, or Server ID, is installed, SSL capabilities are then enabled.

A Web Server Certificate is issued by a trusted third party called a Certification Authority (CA). CAs must audit the identity of the people or organizations to whom they issue certificates. Once the CA establishes an organization's identity, it issues a certificate that contains the organization's public key and signs it with the CA's private Key. SSL certificates hold information about web servers. They contain information about the owners of the certificates, the server to which the certificate was sold when it was sold, and when it expired. By checking the details of the certificate, your customers can assure themselves that the website they are dealing with is the website they want to be dealing with. They also know that their credit card or personal details cannot be intercepted by a third party on the Internet.

Who needs SSL?

At this time it is recommended all websites use SSL per Google's new standards especially If your website has online ordering facilities and you want to assure customers that they are not exposed to any of the risks associated with sending data over the Internet, you should apply for an SSL certificate.

What type of Web Server Certificate does Web Host Pro offer?

Currently, Web Host Pro offers basic free SSL and SSL Certificate Authority Premium Server Certificates, a one-year certificate that is advanced next-generation technology. These certificates offer true 128-256bit SSL encryption that is compatible with 99.9% of all Internet browsers.

Features of a secure site

A page is secure if:

1)The URL changes from http:// to https://.

2)A lock symbol appears in the lower left-hand status bar in Netscape Navigator

3)A lock symbol appears in the lower right-hand status bar in Internet Explorer

Web Host Pro certificates support the following browsers:

All other commonly used browsers may connect securely with web servers using our QuickSSL Premium certificates. However, some older browsers may display a dialogue box indicating that the certificate is not trusted. This means that the certificate is not located in the browser certificate store and, in most cases, the user will be prompted to install it with a few clicks of their mouse.

Server compatibility

Web Host Pro certificate supports all current releases of commercial and freeware web servers that support SSL v.3. Supported servers include:

Certificate signing request

A CSR is a text file, generated through a web server that is submitted to the Certification Authority during the digital certificate application process and used to generate a signed digital certificate. It contains the following:

  1. Identifying information about the company applying for the digital certificate
  2. The company's public key
  3. The type of web server on which the certificate will be installed

It is usually transferred via email, but formatted so that is unreadable (although it is not encrypted).

A CSR should look similar to the following example:

-----BEGIN CERTIFICATE REQUEST-----MI711iCWRAwgZIxCzAJBgNVBNiiWlVTMREwDwYDItqIEwhOZXcgWW9yazERMA8GW1UEBxMITmVZBgNVBWoTElJlZ2lzdwyLmNwgSW5jLjEZaWzQHJlZ2lzdGVyLmqhkiG9w0lAQEYEWzMrdydBoI8K+5LEj/yLZ8YVsGasKIJ2rod8anVty9pzPKGxmWiUb2h2ixd3d3LqGSIb3DQc3lzYWRtVvzWHkfMDq6q0jXQGI4yJKLFg8WMAcjJgzE5bopWybKeofWL0ZNGcsImfy3WeR9cydfwrJ05mgPUzAwEMBsGCSqGSIbBzELEwl0ZXzdQADgY EAgvJs5PTvo3O2OaUSdm+/58fG3Wcsy/OKivjPIVQ+Mot3HSchd04D++zBWn5Ih2/ QMCxzlq7oXQFwSFe0IDXPRhCLWcWkz991+CdGdmw25g= -----END CERTIFICATE REQUEST-----

When entering the CSR in the appropriate field to copy and paste the entire CSR, the user should include the beginning and ending dash marks.

Reminder: Please do not set a password for the CSR. If you encrypt the Certificate Signing Request, we will email you to re-create the CSR since we will be unable to process the order.

Distinguished name

A user will be asked to enter the server's distinguished name when generating CSR. Distinguished names uniquely identify individual servers, and contain the following information:

1) Common Name: The Common Name is the fully qualified domain name used for DNS lookups of a server (such as This information is used by browsers to identify the website. Client browsers connecting to your host will check for a match between the certificate's common name and the URL. Do not include the "http://" or "https://" in the Common Name.

2) Organization or Company: This should be the organization that owns the domain name. The organization name (corporation, limited partnership, university, or government agency) must be registered with some authority at the national, state, or city level. Use the legal name under which your organization is registered. Do not abbreviate or use any of these symbols:! @ # $ % ^ * ( ) ~ ? > < /

3) Organizational Unit: This is an optional field used to differentiate between divisions within an organization, for example, " Marketing" or " Research and Development." If the organization is doing business as ("dba") a trade name, you may specify the trade or dba name in this field.

4) City/Locality: This is optional in most situations. Do not use abbreviations. For example, spell " New Orleans," instead of " N.O." If the organization is registered locally only, for example by having a business license registered with the City Clerk, the Locality/City field must contain the name of the city where registered. In this case, the State/Province field is required.

5) State/Province: U.S. and Canadian customers must enter a State or Province name. In the United States, if your organization is incorporated in the state of Washington, but is operating within Louisiana, use Louisiana. Do not abbreviate. International customers must enter either a State/Province or a City/Locality. Do not abbreviate.

6) Country: This is the 2-character ISO format country code. For example, AU is the code for Australia, and BR is the valid code for Brazil.

More on the Common Name

When generating a Certificate Signing Request (CSR) from the web server, a user will be required to enter a Common Name.

The Common Name is typically composed of Host + Domain Name and will look like "" or "" Our Server IDs are specific to the Common Name that they have been issued to at the Host level. The Common Name must be the same as the Web address you will be accessing when connecting to a secure site. So please be careful when you decide on the Common Name. This information cannot be changed after the certificate is issued. For example: If the user types in Common Name as and is directing visitors to or, as and are different from, the visitors will see the Certificate Name Check alert box when using their browser until the user either redirect or purchase a new certificate for the common name or

When the Server ID will be used on an Intranet (or internal network), the Common Name may be one word, and it can also be the name of the server.

We do not offer Wild Card Certificates such as: *

Troubleshooting FAQs

Can I use symbols when generating CSR?
The following characters can not be accepted: < > ~ ! @ # $ % ^ * / ( ) ?.

My CSR has been rejected during the application process. How can I proceed?
To apply for your Web Server Certificate, you must have a CSR that is valid and properly formatted. If your CSR has been rejected, please be sure that you have cut and pasted the entire CSR into the appropriate field, including the dash marks at the beginning and end of the text area. If your CSR is still rejected, you will need to regenerate it using the web server on which you plan to host your secure website.

What should I do if the WHOIS information doesn't match the information generated by the CSR?
If the WHOIS information for your domain name doesn't match the information generated by the CSR, you can either change the WHOIS information or regenerate your CSR with the correct information.

What can I do if my application has been rejected?
The most common reason for a certificate application to be rejected is inconsistency with the WHOIS information, CSR information, and contact information that you provided during the application process. If your application has been rejected, you can contact our Customer Support Department and we will assist you to find out what caused the application failure. When you resubmit your certificate request, please ensure that all of the information provided is correct and consistent.

I can't install my certificate. What do I do?
First of all, please check the web server software-specific installation FAQs listed on our website. If you've lost your key or password, and don't have a backup, then you will have to purchase a new certificate.

I am receiving an error "CA Unrecognized" What does this mean? The reason for this error is that you did not complete the installation process. Please install the root certificate.

The security padlock is not displayed in my browser when accessing my secure page. What's wrong? If your site is set up in a frame, then this can be the problem. Frames are usually located in a non-secure http directory on your server. When you access an SSL page, with non-secure frames, you will not see a padlock, even though the page is encrypted and secure. You can check the page information for details about that page. If you want the padlock displayed on your secure page, you can decide not to use frames.

How can I specify the frames I use on my website to be secure? Please make sure that you have scoured the frames from https in your HTML.

Managing certificates

Check the size of the certificate

After you have installed your certificate, connect to a secure page on your server using a Web browser.

1) If you are using Internet Explorer, click on File > Properties.

2) If you have OpenSSL, you can use the following command to check: opens x509 -noout -text -in

3) Some web servers will display key size information in the properties of your key/cert.

Keep the private key secret

Your digital private key is the critical portion of your online identity. Once you receive your digital signing certificates, keep your private key as secure as possible. If another person got a hold of your private key, they would have the potential to distribute information on the Internet or intranet in your name. Specifically, do not place your private key on removable media, on shared drives, or send it in e-mail.

If your key was compromised, you could be held legally responsible for the actions of someone else. If the private key of your digital certificate has been compromised you should notify us and revoke the certificate at once. Web Host Pro provides certificates, but you are the person who is responsible for key management.