TLS Certificates?

Using a TLS certificate, you can create a secure connection between your website and its visitors. This allows you to:

  1. Securely collect information from the visitors to your site.
  2. Display secure/sensitive information to them.
  3. Enable your visitors to verify what site they are connecting to.

TLS Certificates are needed if you:

  • Want your own secure Web site for Web hosting
  • Want Private Labeling using your own secure domain
  • Want secure email services (i.e. POP, IMAP, SMTP) on your dedicated email server via your own secure domain name

Learn more about TLS in general:

As no one uses "SSL v2" or "SSL v3" anymore, certificates for securing Internet traffic are all for the "TLS" protocol and so are properly called "TLS certificates," though the term "SSL" is often used colloquially to refer to the same general concept.

TLS Certificates at LuxSci

If you wish to use LuxSci services that require you to have a TLS Certificate, you have two options:

  • Have LuxSci buy the certificate for you
  • You purchase the certificate yourself

LuxSci buys the certificate for you

For the quickest and easiest setup and renewal, LuxSci recommends having us purchase your TLS certificate for you:

  • We will purchase an "SSL123" certificate* from our partner Thawte
  • We will take care of gathering all needed information from you and coordinate with Thawte
  • We will make sure that the certificate does not expire on you from year-to-year by tracking the certificate and coordinating renewals with you.
  • Your certificate will:
    • Use 2048-bit keys
    • Support 128-bit and 256-bit encryption
    • Have the highest degree of browser compatibility available
    • Be very well trusted by your end users as it will be issued by VeriSign/Thawte
  • We will bill you for the certificate -- so you pay us for your certificate as part of your normal LuxSci invoice.

All you will have to do is (a) provide us with a little contact information, and (b) respond to a TLS-certificate confirmation email message from Thawte. We will take care of everything else for you.

(*) LuxSci can provide other kinds of TLS certificates as well, such as "wild card" certificates and Extended Validation (EV) certificates (the ones that make your browser address area green).

See also: Understanding the TLS Certificate Purchase Process.

Bringing your own certificate

If you would like to purchase your own certificate (or generate your own self signed one):

  • LuxSci will ask you some questions and generate a certificate signing request (CSR) for you
  • You will order your certificate from a third party yourself.
  • You will provide us with the resulting signed certificate file and all "intermediate" certificates that may be needed.
  • You are responsible for ensuring that your certificate does not expire from year to year. You must take the initiative to renew your certificate and get us new signed certificates as needed well before your certificate expires.

How Many Certificates Do I Need?

You may need multiple TLS certificates, depending on the number of separate domain names that you wish to secure.

Web Site Hosting

You will need one TLS certificate for each secure web site that you wish to have hosted. This certificate will be for either "domain.com," "www.domain.com," or some subdomain like "secure.domain.com" — your choice.

Private Labeling of WebMail

If you have Private Labeled WebMail and wish to brand the domain name shown in the browser for TLS connections, then you will need a TLS certificate for that "secure private labeled domain name".

Note that you can use the SAME "secure private labeled domain name" for:

I.e., there is no need to get separate domains and certificates for all of these services. You can use insecure "vanity domain names" for access. For example:

  • Use https://secure.domain.com for TLS branding for all Private Labeled services.
  • Use http://webmail.domain.com for quick branded access to WebMail logins (this will redirect to your login page URL at the https://secure.domain.com domain.
  • Use http://securesend.domain.com for quick branded access to SecureSend logins (this will redirect to your SecureSend login page URL at the https://secure.domain.com domain.
  • Branding of SecureForm can be enabled and then will be automatic with https://secure.domain.com
  • Branding of SecureLine Escrow is also automatic with https://secure.domain.com

However, if you are using one domain for your web site, you can not also use that same domain for Private Labeling. People generally use a subdomain for Private Labeling; i.e., secure.domain.com.

Private Labeling of Email

If you have Private Labeling and a dedicated email server and wish to have your users use your secure domain for access to secure POP, IMAP, and/or SMTP services, then you will need to pick another domain name, such as "secure-mail.domain.com," for this and obtain another TLS certificate for it.

Note: Private labeling of TLS connections to email services is not available to customers using shared email hosting servers.

Dedicated Server Customers

Dedicated server customers may have their email and web hosting services on the same server. The can use the same domain name that they are using for secure Web site hosting for secure Private Labeled email access (there is no need for separate domain names in this case).

What People Say About LuxSci