How fast is SSLMate?
Really fast. In nearly all cases, it takes less than a minute between time you type
sslmate buy and the time it finishes and you have both a key and certificate file sitting on your filesystem.
The process can take longer if your domain's mail server does not deliver mail right away (for example, if it's using greylisting) or in the rare case that your order is flagged for manual review. When this happens, the sslmate command will terminate early, and instead you'll receive an email when your certs are ready.
What platforms does SSLMate support?
The sslmate command is officially supported on several popular Linux distros and Mac OS X, and can also run anywhere that has a Perl interpreter and OpenSSL. See our install page for more information.
The key and certificates generated by SSLMate can be used on any platform, so you can always run the sslmate command on a supported platform and copy the resulting files to a different system.
Do you sell wildcard certificates?
Yes! When buying your certificate, simply specify a common name like
Do you sell multiple hostname/domain (aka SAN/UCC) certs?
Yes! When buying your certificate, specify multiple hostnames on the command line
sslmate buy. See the multi-hostname
certificates page for details.
Note that you don't need a multiple
domain cert to secure both
just buy a certificate for
and it will also work for
What types of payment do you accept?
We accept the following credit/debit cards: Visa, MasterCard, American Express, JCB, Discover, and Diners Club.
We do not plan to accept PayPal or Bitcoin. SSLMate is all about automation, and PayPal and Bitcoin require manual steps for every payment.
How do you use my credit card number?
We ask for your credit card number when signing up so we don't have to ask for it every time you buy a certificate. Rest assured, we do not charge your credit card until you actually purchase a certificate.
Keeping your credit card on file also lets your certificates automatically renew, ensuring that you never let a site go down because you forgot to renew a certificate. Auto-renewal is easy to disable if you don't want it, and we always send an email one week before charging your credit card in case you don't need the certificate anymore.
Note that we don't store your credit card number directly; our payment processor, Stripe, does.
Where is my private key generated and stored?
Your private key is generated exclusively on your system and is never transmitted to or stored by SSLMate. The sslmate command line program is open source and can be audited to verify that this is true.
Will a certificate for www.example.com also work for example.com?
Yes. SSLMate certificates purchased for
www.example.com secure both
example.com is added to the
subjectAltName field). Similarly, certificates for
also work for
What's your refund policy?
Full refunds are available for the first 10 days following your purchase. Refunds will be credited to the credit card used to make the purchase. To request a refund, please contact us. Please allow up to one business day for your refund request to be processed.
What browsers do your certificates work with?
Any modern browser. SSLMate's certificates have been tested successfully in browsers as old as IE6 on Windows XP SP3.
What kinds of certificates do you sell?
Our Domain Validation (DV) certificates are PositiveSSL certificates from Comodo. Our Extended Validation (EV) certificates are Comodo EV SSL certificates.
SSLMate may use different certificate authorities in the future. Unlike other SSL certificate vendors who present you with a confusing choice of five or more different certificate authorities, SSLMate tracks the industry closely and only offers certificates from the very best.
What's the approval process for buying a certificate?
See our approval documentation.
What can I do if I don't receive the approval email?
First, please be sure to double-check your spam folder.
Next, you can try resending the approval email using the
sslmate resend-email HOSTNAME command.
You can also try resending the approval email to a different address using
(ADDRESS must be one of the acceptable addresses listed when you run
If you're still having problems, you can get in touch with support.
Do you sell Extended Validation (EV) certs?
Yes. First, you must enable the EV option on your account page,
and provide information about your organization. To buy an EV cert, pass the
--ev option to
sslmate buy. The certificate will take
several days to be approved as your organization's identity is vetted. You will
be notified by email when your certificate is approved, at which point you can download
it with the
sslmate download command.
Do you sell Organization Validation (OV) certs?
No. OV certs provide no additional security over DV certs and are not displayed differently in the browser. Their main distinguishing features are that they are more expensive and take longer to issue.
How many servers can I install my SSLMate certificate on?
Any number. SSLMate certificates come with an unlimited server license.
Do you sell multi-year certificates?
Not by default. The evolving nature of cryptography means that a multi-year certificate is at risk of needing replacement before its term expires in order to take advantage of the latest best practices in security. Instead of offering multi-year certificates, SSLMate automates the renewal process so that yearly renewals are extremely easy. This is similar to the approach that Google uses internally: their certificates are valid for merely three months, but they have a fully automated process for rotating certificates.
If you have a special need for a multi-year certificate (e.g. to install on a device where renewal can't be automated), get in touch and we can help you out.
What size key does sslmate generate?
The sslmate command generates a 2048 bit RSA key. This is widely considered the best size for SSL: 1024 bit keys are inadequately secure, and 4096 bit keys slow down browser connections without providing an appreciable security gain.
Does SSLMate support elliptic curve (ECDSA) certificates?
Yes. Pass the
--key-type=ecdsa option to
sslmate buy to generate an ECDSA key. The resulting certificate will be signed with ECDSA.
Note that while ECDSA is faster than RSA, it is supported by fewer clients. If support for IE 8 on Windows XP, Android 2.3, or Java 6 is important, do not use ECDSA. If in doubt, do not use ECDSA.
SSLMate generates a key on the NIST P-256 curve (aka prime256v1 or secp256r1).
Does SSLMate provide SHA-2 certificates?
Yes, as of November 7, 2014, all SSL certificates acquired through SSLMate use the SHA-2 hash algorithm.