An SSL Certificate secures the connection between your website and the people who visit it, however the SSL Certificate is only one part of operating a secure website. Responsibility for running that website lawfully and securely rests with you as the website operator, and that responsibility cannot be passed to Trustico® or to the Certificate Authority (CA).
This page explains what is expected of every customer who holds an SSL Certificate license. It covers the issuance process, the validation you must complete, the management of your license over time, and the regulations that apply to you because you operate a secure website. The guides linked throughout are worth reading before and during the life of your SSL Certificate.
Understanding the SSL Certificate Issuance Process
An SSL Certificate is issued as a benefit of holding a license, and issuance only completes once validation has been satisfied. Knowing what happens between placing your order and receiving your SSL Certificate helps you avoid the delays that catch most customers out. Find Out More About SSL Certificate Issuance Speeds 🔗
Most orders begin with a Certificate Signing Request (CSR), which you generate on your own server and which contains the details that will appear on your SSL Certificate. Understanding what a Certificate Signing Request (CSR) is, and keeping the matching files your server creates, is your responsibility. Learn About Certificate Signing Requests (CSR) 🔗
If you are unable to generate a Certificate Signing Request (CSR) yourself, the AutoCSR service can create one for you and deliver its output once inside a password-protected archive file. Keeping that archive file and its unlock code safe is then your responsibility. Discover the AutoCSR Service 🔗
Installing your issued SSL Certificate on your server is also your responsibility. Trustico® provides instructions for common platforms, however the configuration of your own server remains in your hands. View Our Installation Instructions 🔗
Tip : If you would prefer not to handle installation yourself, Trustico® offers a Premium Installation service where a technician completes the work for you on a supported platform.
That service is a practical option for customers who are not comfortable working with server configuration, and it can save considerable time. Explore Our Premium Installation Service 🔗
Completing the Validation You Are Responsible For
No SSL Certificate is issued until the Certificate Authority (CA) has confirmed that you control the domain, and for higher validation levels that your organization is genuine. Completing these checks promptly is your responsibility, and an incomplete validation is the most common reason an order stalls. Learn About The Validation Procedure 🔗
Domain Control Validation (DCV) Methods
Domain Control Validation (DCV) can be completed by e-mail, by a Domain Name System (DNS) record, or by placing a file on your web server. Each method has strict rules set by the Certificate Authority (CA). E-Mail validation only accepts five pre-approved addresses at your domain, and file based validation cannot be used for Wildcard SSL Certificates.
Once completed, Domain Control Validation (DCV) can be reused for a limited period before it must be performed again. If you manage several domains it is worth knowing when each validation will need repeating. Learn About Domain Control Validation (DCV) Reuse Periods 🔗
Domain Name System (DNS) Readiness
A Certification Authority Authorization (CAA) lookup occurs for every issuance request, whether or not your domain publishes Certification Authority Authorization (CAA) records. If your Domain Name System (DNS) servers are unreachable or block that lookup, your SSL Certificate cannot be issued. Learn About Certification Authority Authorization (CAA) Records 🔗
Validation is also performed from several network locations around the world under Multi-Perspective Issuance Corroboration (MPIC). You should confirm that your Domain Name System (DNS) and web servers respond consistently from every region, not only from your own. Learn About Multi-Perspective Issuance Corroboration (MPIC) 🔗
Higher Validation Levels
Domain Validation (DV), Organization Validation (OV), and Extended Validation (EV) each carry different requirements. Organization Validation (OV) and Extended Validation (EV) involve verification of your business, so you must be ready to supply the records the Certificate Authority (CA) requests. Learn About Extended Validation (EV) Requirements 🔗
Managing Your SSL Certificate License
Your SSL Certificate is collected, reissued, and managed through the tracking system, which is accessed using the details from your order. The tracking system shows both your license validity dates and the validity details of the SSL Certificate last issued to you. Visit the Tracking System 🔗
An SSL Certificate license can run for a period of up to five years, however each issued SSL Certificate currently has a maximum validity of 200 days under industry regulations. During a multi-year license you must reissue your SSL Certificate before each expiry, at no additional cost, to keep your website protected. Learn About Reissuing Your SSL Certificate 🔗
Important : You are responsible for monitoring the expiry date of your SSL Certificate. If it expires before you reissue it, visitors will see security warnings in their browser, even when your license period is still active.
Because issued validity periods are now short, a reminder in a diary is no longer a reliable way to track expiry across multiple websites. Keeping a clear record of every SSL Certificate you operate, and acting well ahead of each expiry, is part of running a secure website. Learn About Maintaining Your SSL Certificate Protection 🔗
A renewal is a separate action from a reissue. It is the purchase of a new license once your existing license period ends, and placing that order in good time avoids any gap in coverage. Learn About License Renewals 🔗
These obligations rest with you as the license holder. Trustico® sends reminder e-mails as a courtesy, however acting on expiry, reissue, and renewal always remains your responsibility. View Your Obligations as a License Holder 🔗
Regulations That Apply to You as a Website Operator
Operating a secure website places you under rules that exist independently of your SSL Certificate. These regulations apply to you directly, and they cannot be ignored on the basis that an SSL Certificate is installed. Carrying out your own due diligence on the rules relevant to your website is an essential part of operating it.
The technical rules governing SSL Certificate issuance are set by the Certificate Authority (CA)/Browser Forum and apply worldwide. Trustico® did not create these rules and cannot waive them, so staying aware of changes that affect you is part of your responsibility as a license holder.
The most significant current change is the reduction in maximum validity, falling from 200 days now to 100 days in 2027 and 47 days from 2029, with Domain Control Validation (DCV) reuse periods shortening alongside. Planning for shorter validity now will spare you repeated last minute reissues later. Read About The 200 Day Validity Period Change 🔗
Beyond the technical rules, your website may fall under data protection and payment security regulations. If you handle personal data from visitors, frameworks such as the General Data Protection Regulation (GDPR) impose obligations on how that data is secured. Read About GDPR and SSL Certificates 🔗
If you accept card payments, the Payment Card Industry Data Security Standard (PCI DSS) sets requirements that go well beyond simply holding an SSL Certificate. Meeting those requirements is your responsibility as the operator of the website. Read About PCI DSS Compliance Requirements 🔗
Warning : An SSL Certificate encrypts data in transit, however it does not by itself make a website compliant with any regulation. Treating an SSL Certificate as proof of compliance is a common and serious mistake.
If you are unsure which regulations apply to your website, you should seek advice that is specific to your circumstances and the regions in which you operate. The right time to understand your obligations is before a problem arises, not after.
Support and Keeping in Touch
Trustico® provides support for matters relating to your order, your validation, and the management of your license. Reaching out early when something is unclear is always better than waiting until an SSL Certificate has already expired. Explore Our Support Options 🔗
Much of what Trustico® sends you arrives by e-mail, including validation messages, reminders, and delivery notices. Keeping the e-mail addresses on your order working, and checking that these messages are not being filtered, is part of staying on top of your SSL Certificate. Learn About Missing and Undelivered E-Mail 🔗
Refunds and Terms That Apply to Your Order
Refunds are subject to clear conditions, and an SSL Certificate that has already been issued is generally not eligible for a refund. Understanding these conditions before you order avoids disappointment later. Read Our Refund Policy 🔗
Because the AutoCSR service is available on every order, being unable to supply a Certificate Signing Request (CSR) is not accepted as a reason for a credit. The full terms that apply to your account and your order are set out for you to review. Read Our Terms and Conditions 🔗
Automating Management with Certificate as a Service (CaaS)
If managing reissues and renewals by hand becomes difficult, Certificate as a Service (CaaS) can handle the SSL Certificate lifecycle automatically through the Automatic Certificate Management Environment (ACME) protocol. This removes much of the manual monitoring that shorter validity periods now demand. Explore Our Certificate as a Service (CaaS) 🔗
Certificate as a Service (CaaS) suits customers whose infrastructure supports automation, and it should be confirmed against your own setup before purchase. Whichever approach you choose, the responsibilities described on this page remain with you for the life of every SSL Certificate you operate.
