Important update 1: Email Support is being transitioned to Webforms. Click here for more information.
Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Understanding SSL Certificates

            An SSL (Secure Sockets Layer) certificate is a digital credential that encrypts traffic between a browser and a web server and verifies the identity of the site the visitor is connecting to. This article explains what SSL certificates do, how the handshake works, and how to choose between single-domain and multi-domain coverage. Use it as a primer before selecting a certificate product to resell.

            Note: The industry has largely moved from SSL to TLS (Transport Layer Security), but "SSL certificate" remains the common term and is what you will see across the OpenSRS catalog.

            What SSL certificates do

            SSL certificates serve two roles for any system that uses them:

            • Encryption — SSL certificates encrypt data exchanged between the browser and the web server. Encryption is essential for financial transactions and any page that collects sensitive information. The padlock icon in the address bar signals to visitors that the connection is secured by a valid certificate.
            • Identity verification — Certificates confirm that a site belongs to who it claims to belong to. Only the verified owner of a domain can purchase a certificate for it. For Organization Validation (OV) certificates, only verified, approved representatives of an organization can purchase a certificate for that organization's domains. Extended Validation (EV) certificates go further and verify both the organization and the individual requesting the certificate.

            Both roles matter for building the trust that visitors need before they share personal or payment information.

            How the SSL handshake works

            When a browser connects to a secure site, the SSL handshake runs in the background before any page content is exchanged:

            1. The browser requests the digital certificate from the web server.
            2. The server returns its certificate, which contains the hostname, the expiration date, the server's public key, and a signature from a Certificate Authority (CA).
            3. The browser validates the hostname, expiration, and CA signature. It cannot independently verify the server's public key, so it trusts it because the CA has signed the certificate.
            4. If validation succeeds, the browser uses the server's public key to encrypt a session key it generates, and sends it back to the server.
            5. Both sides now share an encrypted session and can exchange data securely.

            Coverage options

            OpenSRS offers two coverage types:

            • Single-domain certificates — cover one fully qualified domain (for example, www.example.com). Choose this when you only need to secure one site.
            • Multi-domain certificates — cover several domains or subdomains under a single certificate. Choose this when you manage multiple properties and want to consolidate renewals.

            Next steps

            • Choose a validation level — review to compare DV, OV, and EV.
            • Learn how the underlying cryptography works — see for the role of asymmetric keys in the SSL handshake.
            • Prepare for upcoming changes — see for the new 199-day validity rules taking effect February 24, 2026.

            Questions? Contact OpenSRS Support.

            How helpful was this article?

            Thanks for your feedback!

            Do you still need help? If so please submit a request here.