Using a TLS certificate, you can create a secure connection between your website and its visitors. This allows you to:

  1. Securely collect information from the visitors to your site.
  2. Display secure/sensitive information to them.
  3. Enable your visitors to verify what site they are connecting to.

TLS certificates are needed if you:

  • Want your own secure Web site for Web hosting
  • Want Private Labeling using your own secure domain
  • Want secure email services (i.e. POP, IMAP, SMTP) on your dedicated server via your own secure email domain name

Learn more about TLS:

As no one uses "SSL v2" or "SSL v3" anymore, certificates for securing Internet traffic are all for the "TLS" protocol and so are properly called "TLS certificates," though the term "SSL" is often used colloquially to refer to the same general concept.

TLS Certificates at LuxSci

If you wish to use LuxSci services that can use a TLS Certificate, you have two options:

  • Have LuxSci buy the certificate for you
  • You purchase the certificate yourself

LuxSci buys it

For the quickest and easiest setup and renewal, LuxSci recommends having us purchase your TLS certificate for you:

  • We purchase a certificate* from our partner Sectigo
  • We take care of gathering all needed information from you and coordinate with Sectigo
  • We ensure that the certificate does not expire on you from year-to-year by tracking the certificate and coordinating renewals with you.
  • Your certificate will:
    • Use 2048-bit keys
    • Support 128-bit and 256-bit encryption
    • Have the highest degree of browser compatibility available
    • Be very well trusted by your end users as it will be issued by Sectigo
  • We will bill you for the certificate—you pay us for your certificate as part of your regular LuxSci invoice.

All you will have to do is (a) provide us with a little contact information, and (b) respond to a TLS-certificate confirmation email message from Sectigo. LuxSci will take care of everything else for you.

With LuxSci, you can order any of these certificate types:

Service
Domain-Validated
Positive SSL Domain-Validated Certificate. Very quick and easy to issue. No warranty. Limited validation and no TLS site seal available. Usable on any number of servers.
Organization-Validated ($50,000 warranty)
Sectigo/InstantSSL Organization-Validated Certificate. $50,000 certificate validation warranty. Optional: PCI Scanning and web-site vulnerability scanning from Sectigo. Usable on any number of servers.
Organization-Validated Pro ($100,000 warranty)
Sectigo/InstantSSL Organization-Validated Certificate. $100,000 certificate validation warranty. Ideal for businesses wishing to display superior guarantees to their customers while staying within a budget. Optional: PCI Scanning and web-site vulnerability scanning from Sectigo. Usable on any number of servers.
Extended Validation (EV; $1,750,000 warranty)
Sectigo Extended Validation Certificate. $1,750,000 certificate validation warranty. Optional: PCI Scanning and web-site vulnerability scanning from Sectigo. Usable on any number of servers.

See also: Extended Validation Certificates

Domain-Validated Wild Card
Domain-Validated Positive SSL Wild Card Certificate. Very quick and easy to issue. No warranty. Limited validation and no TLS site seal available. Usable on any number of servers.
Organization-Validated Wild Card ($250,000 warranty)
Sectigo/InstantSSL Organization-Validated Wild Card Certificate. $250,000 certificate validation warranty. Optional: PCI Scanning and web-site vulnerability scanning from Sectigo. Usable on any number of servers.

See also: Understanding the TLS Certificate Purchase Process.

Bring your own

If you would like to purchase your own certificate (or generate your own self signed one):

  • LuxSci will ask you some questions and generate a certificate signing request (CSR) for you
  • You will order your certificate from a third party yourself.
  • You will provide us with the resulting signed certificate file and all "intermediate" certificates that may be needed.
  • You are responsible for ensuring that your certificate does not expire from year to year. You must take the initiative to renew your certificate and get us new signed certificates as needed well before your certificate expires.

How Many Certificates Do I Need?

You may need multiple TLS certificates, depending on the number of separate domain names that you wish to secure.

Web Site Hosting

You will need one TLS certificate for each secure web site that you wish to have hosted. This certificate will be for either "domain.com" and "www.domain.com," or some subdomain like "secure.domain.com" — your choice.

Private Labeling of WebMail / SecureSend / SecureForm

If you have Private Labeled WebMail and wish to brand the domain name shown in the browser for TLS connections, then you will need a TLS certificate for that "secure private labeled domain name".

Note that you can use the SAME "secure private labeled domain name" for:

I.e., there is no need to get separate domains and certificates for all of these services. You can use insecure "vanity domain names" for access. For example:

  • Use https://secure.domain.com for TLS branding for all Private Labeled services.
  • Use http://webmail.domain.com for quick branded access to WebMail logins (this will redirect to your login page URL at the https://secure.domain.com domain.
  • Use http://securesend.domain.com for quick branded access to SecureSend logins (this will redirect to your SecureSend login page URL at the https://secure.domain.com domain.
  • Branding of SecureForm can be enabled and then will be automatic with https://secure.domain.com
  • Branding of SecureLineTM Escrow is also automatic with https://secure.domain.com

However, if you are using one domain for your web site, you can not also use that same domain for Private Labeling. People generally use a subdomain for Private Labeling; i.e., secure.domain.com.

Private Labeling of Email

If you have Private Labeling and a dedicated server and wish to have your users use your secure domain for access to secure POP, IMAP, and/or SMTP services, then you will need to pick another domain name, such as "secure-mail.domain.com," for this and obtain another TLS certificate for it. Alternately, we can also use the TLS certificate for a secure web site hosted on that same server for your secure email.

eBook: HIPAA-compliant Website Basics

Creating and managing HIPAA-compliant web sites

Book 2 in the LuxSci Internet Security Series.

Created by Erik Kangas, PhD

Get the HIPAA eBook

LuxSci has been a pleasure to work with. The level of support we've received from them has been top-notch. From the smallest user issue to complex custom work, LuxSci has delivered service far above what I expected. Best of all, uptime with LuxSci has been 100%."

David Cayem . DelphiForums