FAQ

Frequently Asked Questions

Answers to the most common questions about SSL certificates, validation, renewal, and installation.

General concepts

  • An SSL/TLS certificate is a digital file that authenticates the identity of a website and encrypts information sent between the server and the user's browser. When a site has SSL, the URL begins with https:// and a padlock icon is displayed in the address bar.

    Without SSL, any information sent—passwords, card data, forms—can be intercepted by third parties.

  • Encryption is a mathematical process of encoding and decoding information. The number of bits (40 bits, 56 bits, 128 bits, 256 bits) indicates the size of the key. Like a long password, a larger key has more possible combinations. In fact, 128-bit encryption is a trillion times stronger than 40-bit encryption.

    When an encrypted session is established, the strength of the encryption is determined by the web browser, the SSL certificate, the web server, and the operating system of the client computer.

  • Each SSL certificate contains a pair of public and private keys: a private key with the code and a public key used to decode it. The private key is installed on the server and is never shared with anyone.

    The public key is embedded in the SSL certificate and is shared with web browsers.

  • A Certificate Authority is a trusted entity responsible for issuing and revoking SSL certificates. To do so, Certificate Authorities (CAs) have a variety of methods to verify the information provided by individuals or organizations.

    Established Certificate Authorities are well known and trusted by browsers. Browsers extend that trust to digital certificates verified by, for example, DigiCert, Thawte, GeoTrust, RapidSSL, and Entrust.

    An SSL certificate serves as a credential in the online world: it uniquely identifies a specific domain and a web server. The trust of a credential depends on the trust in the organization that issued it.

  • Only verifies that the applicant controls the domain. Issuance in minutes. Recommended for blogs or informational websites. DV (Domain Validation): Solo verifica que el solicitante controla el dominio. Emisión en minutos. Recomendado para blogs o sitios informativos.

    Verifies the legal identity of the organization in addition to the domain. Recommended for businesses and corporate intranets. OV (Organization Validation): Verifica la identidad legal de la organización además del dominio. Recomendado para empresas e intranets corporativas.

    The most rigorous verification process. Requires legal, physical, and operational verification of the company. Recommended for e-commerce, banking, and government. EV (Extended Validation): El proceso de verificación más riguroso. Requiere verificación legal, física y operativa de la empresa. Recomendado para e-commerce, banca y gobierno.

  • Domain Validation (DV) certificates are used to establish a basic level of trust with a website. They are issued after the issuer confirms that the domain is valid and is owned by the person requesting the certificate.

    There is no need to submit company documentation to obtain a domain validation certificate, so this type of SSL certificate can be issued very quickly.

    The disadvantage is that anyone can obtain them: they serve to protect communication between the browser and the web server, but they do not prove the identity of the organization.

  • An Organization Validation (OV) certificate is issued to companies and provides a higher level of security than a Domain Validation certificate. The company information is required to be verified along with the domain and information of its owner.

    The advantage of this certificate over a Domain Validation certificate is that it not only encrypts data, but also provides a certain level of trust about the company that owns the website.

  • A Wildcard certificate protects a domain and its subdomains, but the asterisk (*) only covers a single level: the exact level where it's placed within the name. For example, a Wildcard for *.empresa.com protects www.empresa.com, mail.empresa.com, and tienda.empresa.com with a single certificate.

    It does not include subdomains one level deeper, such as dev.mail.empresa.com or api.tienda.empresa.com (for those you'd need another Wildcard, e.g. *.mail.empresa.com, or a Multi-Domain/SAN certificate). It also doesn't automatically cover the bare root domain without a subdomain (empresa.com) under the standard's definition, although several providers add it as a free additional name — worth confirming when purchasing.

    Ideal when you manage multiple subdomains at the same level and want to simplify certificate management.

  • Wildcard certificates are similar to SAN certificates, with some restrictions. With a Wildcard certificate you can secure multiple subdomains of the same root domain. For example, a Wildcard for *.miempresa.com also protects intranet.miempresa.com and email.miempresa.com with the same certificate.

    However, you won't be able to secure different domains like miempresa.net and miempresa.org with a Wildcard; for that you need a SAN certificate, which allows you to protect multiple different domains in a single certificate.

Validation and Issuance

  • Minutes to a few hours, depending on domain validation. DV: Minutos a pocas horas, dependiendo de la validación del dominio.

    OV: 1 a 3 días hábiles. Requiere verificación de la organización.

    EV: 3 a 7 días hábiles. El proceso de validación extendida es más exhaustivo.

  • The CSR (Certificate Signing Request) is an encrypted block of text generated on your server that contains information about your organization and the domain you want to protect. It is sent to the CA (Certificate Authority) so it can issue the certificate.

    When generating it, a private key is also created that must be kept secure on your server and never shared.

  • For OV and EV certificates you need to provide information that allows verification of your organization: exact legal name according to public registry, complete tax address, CUIT/CUIL number or equivalent, contact details of the authorized person, and for EV, additional legal documentation of the company.

Renewal and expiration

  • Browsers will show a security warning to visitors of your site, which generates distrust and loss of traffic. On e-commerce or banking sites, this can mean direct loss of sales and damage to reputation.

    We recommend starting renewal at least 30 days before expiration.

  • Public TLS certificates currently have a maximum validity of 398 days. Starting in 2026, that validity will be reduced progressively (200 days in 2026, 100 days in 2027, and 47 days in 2029), which makes automating issuance and renewal through protocols like ACME increasingly important.

    If you manage several certificates, we recommend implementing an automation solution to simplify their management and avoid interruptions due to expirations.