Ordering SSL Certificates

TrustView supports the following certificate providers:

Entrust DigiCert GeoTrust Let’s Encrypt

It’s also possible to choose Manual to manually insert the certificate details or ADCS, if you have access to the ADCS module of TrustView. This will allow you to issue internal certificates from your PKI.

To order a SSL certificate, a certificate signing request (CSR) is required. More info about certificate signing requests can be found here: CSR Guide.

Once the order has been submitted, TrustSkills will process the order, which involves a verification of your organization and the validation of any domains included as common name or SANs in the certificate.

The billing will be handled by TrustSkills.

Important

From version v5.22.132 of TrustView, a new order page will be available.

Choose the method for issuing SSL certificates

Select certificate type

Let TrustView generate the certificate signing request (CSR) and store the private key - encrypted in the database, unless you want to provide your own CSR, which is also an option, after you have made a selection.

Method one is the recommended method to use and opens up the details page for editing the certificate before ordering

3 types of certificates are available:

  • Issue via Microsoft ADCS

  • Issue via other suppliers

  • Issue via Let’s Encrypt

Once a selection has been made, you will be prompted to enter the common name (CN) of your certificate, which is also where you can specify if the certificate should be a wildcard certificate, by adding *. in front of the name, like *.example.org.

The gray field, below the common name field, specifies all the information of the organization that the certificate should belong to. This information will also be part of the certificate details, once it has been issued.

Note

The organization details will automatically be retrieved from our backend, if the organization has been validated for Entrust, DigiCert or GeoTrust. Should any of the information be wrong, they can be adjusted manually, by clicking the edit icon in the top right corner of the gray field.

In the gray field, it is also possible to select your own prefilled organization templates.

Use a prefilled organisation template to fill out the information

Setup organisation templates

To set up your own prefilled organization templates to use when ordering certificates, go to Users, organizations and contacts in the left menu of TrustView.

Create your own prefilled organisation templates to use when ordering certificates

Create all the organizations you need and fill out the name field, as a minimum. Once at least one has been created, it will be able to be selected in the selection menu, in the gray field of the Ordering certificate page.

Providing your own CSR for the certificate order

Near the bottom of the certificate order page, is a link for adding your own CSR Use existing CSR (Certificate Signing Request) in ordering the certificate.

Important

If you provide your own CSR for the certificate order, TrustView will not generate a private key, and in the case you need it, you would have to provide your own. Which can be done by importing the private key, after the order has been placed and issued.

Bulk purchasing (depositing funds)

Important

It requires an account to use this feature in TrustView or TrustView Lite. Contact our to get an account setup.

This is optional for purchasing certificates, through TrustView and TrustView Lite. Certificates can still be purchased on an individual basis.

This can be done by clicking SSL certificates & Keys in the side menu and then Account details. Once the account has been set up, you will get an overview of the current funds and an overview of all the transactions you have performed through TrustView.

Purchasing certificates with the account for bulk purchasing, is done in the way you would do it without an account, by clicking Order SSL certificate. The price and remaining funds in the account will automatically be calculated, and shown at the end of the order page.

Certificate types

Domain validation (DV)

Domain Validated (DV) certificates are the cheapest and least-identity-validated SSL certificates and can be obtained quickly and easily-even by a malicious bot. These certificates are low-cost certificates that only require validation that a company or person can demonstrate control over, a web domain for which they want to secure a certificate.

DV certificates are typically used by websites that do not conduct business, credit card transactions or gather personal information.

Important

SSL certificates of the type DV (Domain Validation) can’t be prevalidated like the SSL certificate types OV and EV can. These types of SSL certificates must be validated on an individual basis, for each domain. This is also the only type of validation that the provider - Let’s Encrypt offers.

Organization validation (OV)

Organization Validated (OV) SSL certificates are authenticated with nine validation checks and are considered a mid-level business certificate. With OV certificates, CAs authenticate domain ownership similar to DV certificates.

What distinguishes OV from DV is the steps taken by CAs to authenticate that the business organization (i.e. Inc., Corp, LLC, Ltd, Pty Ltd, etc.) affiliated with the certificate is valid and remains in good standing.

Extended validation (EV)

Extended Validation (EV) certificates are authenticated with 18 validation checks, requiring the highest level of vetting by CAs. EV certificates protect a brand’s identity because of this rigorous process required in order to get them.

On top of all the authentication steps CAs take for DV and OV certificates, EV certificates require vetting of the business organization’s operational existence, physical address and a telephone call to verify the employment status of the requester.

SSL certificate providers

Providers

TrustView supports Entrust, DigiCert, GeoTrust and Let’s Encrypt as external certificate providers, but also supports using your ADCS to issue certificates internally from your PKI, as well as manually exporting the CSR from TrustView to a third-party provider and import the issued certificate back into TrustView.

Advanced SANs

When choosing any of the certificate provider options, it’s possible to expand the SANs options by clicking Advanced SANs located under the SANs field. This will enable the option to add IP SANs and URI SANs if needed for the certificate.

When choosing any of the certificate providers it's possible to open the advanced SANs field

Prevalidation

Prevalidation also known as prevetting is an optional feature, allowing validation of organizations and domains before ordering certificates. This allows near real-time issuance of certificates as orders are placed.

Important

Prevetting is free and no cost is associated with it, but takes time depending on the type of validation. Extended Validation (EV) takes the longest and can take up to several days, depending on response time of the Certificate Authority (CA).

Completed validations are not required before placing certificate orders, but an optional optimization for customers placing several orders.

Validations are valid for a certain period, at least 13 months per validation, and thus needs to renewed regularly.

Tip

You can see an overview of all your validated domains and organizations inside TrustView - under the Order certificate page, by clicking on the link List your validated organisations and domains.

We can mark both organizations and domains for automatic renewal of validations. In this case, we will contact you when your organization or domain is nearing validation expiry and start the renewal process in collaboration with you.

Contact our to have additional domains or organisations validated, or for any other changes to your registered organizations and domains.

Validation of domains from TrustView

You can now get a complete overview of validations and instructions on the selected DCV (Domain Control Validation) method for each domain, to get the ordered certificate issued.

Validation requirements for newly ordered certificate from TrustView

It is also possible to change the validation method from the dropdown menu, next to the listed domain(s). This can be done for each domain, if additional SANs were added when the certificate was ordered.

Its possible to choose another validation method from the dropdown menu

Once the validation has been completed, the Action required will change to Completed

Reissue previously issued SSL certificates

Note

When reissuing an SSL certificate, the expiry date will not be extended, as a reissue can be considered a copy of the original SSL certificate. Only be placing a new order for an SSL certificate, will the expiry date be extended.

SSL certificates can be reissued by opening the detail page of the certificate, you want to reissue and press Reissue. This will take you to the order page, which will be prefilled with the information of the SSL certificate.

Important

Only SSL certificates issued from Entrust, DigiCert or GeoTrust can be reissued. It’s not possible to do so with certificates issued from ADCS (internal PKI certificates) or Let’s Encrypt.

You now have the possibility to remove or add additional hostnames in the SANs field on the order page. Adding hostnames will automatically calculate the new cost, at the bottom of the order page.

Important

If the original hostname of the certificate that is being renewed is removed or the certificate type is changed, an error will appear: Price not available. Contact our support for more info. But you can still place the order, and we will contact you if necessary.