Frequently Asked Questions (SSL Certificate FAQ)

SSL certificates enable HTTPS for websites, encrypting data transmission between users and servers, displaying a security lock icon in browsers, and enhancing trust and conversion rates.

DV (Domain Validation) has the fastest issuance, suitable for personal sites and startups; OV (Organization Validation) displays company information, suitable for corporate websites and e-commerce; EV (Extended Validation) is the strictest with the highest trust level, suitable for finance, government, and other high-compliance industries.

Single domain covers one FQDN; wildcard like *.example.com covers all second-level subdomains; multi-domain supports binding multiple different domains or subdomains in the same certificate, flexible and easy to manage.

ECC (such as P-256) has shorter keys and better performance at the same security level; RSA (2048-bit and above) has wider compatibility. ECC is recommended first, choose RSA when compatibility with very old environments is needed.

DV takes about 5-10 minutes; OV usually takes 1-3 business days; EV takes about 3-7 business days, depending on the authenticity of materials and cooperation.

DNS verification adds a specified TXT record to domain resolution, most stable; HTTP verification places a verification file in the site root directory, fast deployment; email verification requires receiving an authentication email and clicking confirm.

CSR (Certificate Signing Request) contains public key and subject information. Can be generated on the server using tools like openssl, IIS, Baota, etc. Note to properly save the corresponding private key.

Yes. After placing an order, complete DNS/HTTP/email verification according to the instructions. The system will automatically enter the issuance process after verification passes.

Download certificate files and intermediate certificates, configure certificate path and chain file according to server type, restart service to take effect. If you encounter problems, refer to the installation guide or contact us for assistance.

Common reasons include: incomplete certificate chain, domain mismatch, expired certificate, mixed content (HTTP resources). Please confirm the certificate chain is complete, enable forced HTTPS, and change resources to HTTPS.

Configure 301 redirect policy on the server or implement forced HTTPS through web gateway, note to exclude special paths such as health checks and callback addresses.

We will send email reminders before expiration. You can renew with one click in the user center. Some scenarios support automatic renewal notifications and guidance to ensure no interruption.

It is recommended to revoke and reissue immediately to avoid risk expansion. Most brands support free reissuance within the validity period (limited times), private key replacement requires regenerating CSR.

Multi-domain certificates can add SAN (price difference required) or adjust bindings within the validity period. After changes, re-verification and issuance of a new certificate are required.

Mainstream trusted CA certificates are compatible with 99.9% of browsers and mobile terminals. Very old systems (such as early XP/IE) may need to use RSA and complete chain to improve compatibility.

Compatible with certificates. Specific depends on server and CDN configuration. It is recommended to enable TLS 1.2+/1.3, properly configure HSTS and OCSP Stapling to improve security and performance.

Base price is charged by certificate type; multi-domain is charged additionally based on SAN quantity; wildcard is priced per "each wildcard" unit, specific as marked on the product page.

Support VAT special invoice/general invoice; if issuance fails due to material review failure or force majeure, refunds will be processed according to policy. Details can be consulted with customer service.