From August 19th 2020, SECTIGO issues SSL certificates with a maximum lifetime of 398 days (13 months) as specified by CA/Browser consortium. SSL certificates with a longer lifetime must be re-issued annually (free of charge). You'll receive reminders via e-mail. SSL certificates issued before August 19th 2020 remain valid until their planned expiry date. Code Signing & S/MIME certificates are not affected and remain valid until their planned expiry date.

CSR/KEY Tutorial (openssl)

A CSR (Certificate Signing Request) is required for (re-)issueing a SSL certificate. Typically you will create a Private-Key together with the CSR directly on your server. Alternatively you can also use our CSR generator, which is available here.

Here you can find CSR creation instructions for all kinds of platforms (Microsoft IIS, Cisco, cPanel, Citrix, Apple, AWS, Lotus Domino, Nginx, Novell, Plesk, Red Hat, Tomcat, Zeus, etc. ...).

These are the commands for creating a CSR (Certificate Signing Request) with 4096 bit private key unter Linux:


Obligatory fields: In "COUNTRY" there has to be a two-digit country code, e.g. US or GB. In "COMMON NAME" you have to specify the FQDN (fully qualified domain name). For single domain certificates this should be something like www.domain.com or subdomain.domain.com. For SSL Wildcard certificates the field "COMMON NAME" should have something like *.domain.com including the * (star) wildcard placeholder. The password is optional. Please keep in mind to not use these forbidden special characters: [!@#$%^()~?><&/\,."'_öäüÄÖÜß]

After you have placed your CSR with interssl and have approved the authentication email, you will receive your SSL certificate via e-mail. Most of the time a certificate will be issued within 2 minutes after authentication. In some rare cases GeoTrust will want to do a manual inspection, in this case it will typically be delivered within 24 hours during workdays. To our experience, this might happen more frequently for domains related to financial or governmental usa.