Using a TLS certificate, you can create a secure connection between your website and its visitors. This allows you to:
As no one uses "SSL v2" or "SSL v3" anymore, certificates for securing Internet traffic are all for the "TLS" protocol and so are properly called "TLS certificates," though the term "SSL" is often used colloquially to refer to the same general concept.
If you wish to use LuxSci services that can use a TLS Certificate, you have two options:
For the quickest and easiest setup and renewal, LuxSci recommends having us purchase your TLS certificate for you:
All you will have to do is (a) provide us with a little contact information, and (b) respond to a TLS-certificate confirmation email message from Sectigo. LuxSci will take care of everything else for you.
With LuxSci, you can order any of these certificate types:
Service |
---|
Domain-Validated |
Positive SSL Domain-Validated Certificate.
Very quick and easy to issue. No warranty.
Limited validation and no TLS site seal available.
Usable on any number of servers. |
Organization-Validated ($50,000 warranty) |
Sectigo/InstantSSL Organization-Validated Certificate.
$50,000 certificate validation warranty.
Optional: PCI Scanning and web-site vulnerability scanning from Sectigo.
Usable on any number of servers. |
Organization-Validated Pro ($100,000 warranty) |
Sectigo/InstantSSL Organization-Validated Certificate.
$100,000 certificate validation warranty.
Ideal for businesses wishing to display superior guarantees to their customers while staying within a budget.
Optional: PCI Scanning and web-site vulnerability scanning from Sectigo.
Usable on any number of servers. |
Extended Validation (EV; $1,750,000 warranty) |
Sectigo Extended Validation Certificate.
$1,750,000 certificate validation warranty.
Optional: PCI Scanning and web-site vulnerability scanning from Sectigo.
Usable on any number of servers.
See also: Extended Validation Certificates |
Domain-Validated Wild Card |
Domain-Validated Positive SSL Wild Card Certificate.
Very quick and easy to issue. No warranty.
Limited validation and no TLS site seal available.
Usable on any number of servers. |
Organization-Validated Wild Card ($250,000 warranty) |
Sectigo/InstantSSL Organization-Validated Wild Card Certificate.
$250,000 certificate validation warranty.
Optional: PCI Scanning and web-site vulnerability scanning from Sectigo.
Usable on any number of servers. |
See also: Understanding the TLS Certificate Purchase Process.
If you would like to purchase your own certificate (or generate your own self signed one):
You may need multiple TLS certificates, depending on the number of separate domain names that you wish to secure.
You will need one TLS certificate for each secure web site that you wish to have hosted. This certificate will be for either "domain.com" and "www.domain.com," or some subdomain like "secure.domain.com" — your choice.
If you have Private Labeled WebMail and wish to brand the domain name shown in the browser for TLS connections, then you will need a TLS certificate for that "secure private labeled domain name".
Note that you can use the SAME "secure private labeled domain name" for:
I.e., there is no need to get separate domains and certificates for all of these services. You can use insecure "vanity domain names" for access. For example:
However, if you are using one domain for your web site, you can not also use that same domain for Private Labeling. People generally use a subdomain for Private Labeling; i.e., secure.domain.com.
If you have Private Labeling and a dedicated server and wish to have your users use your secure domain for access to secure POP, IMAP, and/or SMTP services, then you will need to pick another domain name, such as "secure-mail.domain.com," for this and obtain another TLS certificate for it. Alternately, we can also use the TLS certificate for a secure web site hosted on that same server for your secure email.
Book 2 in the LuxSci Internet Security Series.
Created by Erik Kangas, PhD
Get the HIPAA eBook