Skip to main content

IMPORTANT NOTICE:  TLS/SSL One Year Maximum Validity Period

Starting on September 1, 2020 TLS/SSL certificates cannot be issued for a validity period greater than 398 days (13 months). This change was first announced by Apple and we anticipate that other major browser providers will follow suit. In order to comply with browser guidelines, effective August 14, 2020 IdenTrust will no longer accept applications for TLS/SSL certificates with a two-year validity period. 

Offering a comprehensive portfolio of TLS/SSL certificates to meet your needs

Let’s start by offering a few helpful definitions!

Domain, Organization and Extended Validation

TLS/SSL server certificates validate different information, based on the type of certificate purchased.

  • Domain Validated (DV): Lowest level of assurance. DV TLS/SSL server security certificates issued after proof that the owner has the right to use the submitted domain name. The issued DV server security certificate only contains the domain name. IdenTrust does not currently offer DV ONLY certificates, but domain validation takes place when issuing OV certificates. 
  • Organization Validated (OV): Most common level of assurance. OV TLS/SSL certificates confirm that the domain name is authentic (DV validation); it is associated with the named organization, and that the organization and its registered address are authentic. The issued OV server security certificate contains the Fully Qualified Domain Name and the organization name. Unless otherwise indicated, all IdenTrust TLS/SSL certificates are OV certificates.
  • Extended Validated (EV): Highest level of assurance. In addition to DV and OV validation requirements, EV TLS/SSL certificates verify the address of the place of business, jurisdiction of incorporation, registration and other supplied information. The issued EV server security  certificate contains the organization name, the Fully Qualified Domain Name, the jurisdiction, when applicable,  the registration number and the address of the place of business. EV certificates activate both the padlock and the green address bar or other special treatment in most browsers. IdenTrust is currently in the process of being evaluated by browser authorities for approval to offer EV SSL certificates.

Government Trust vs. Public Trust

IdenTrust offers TLS/SSL certificates that are interoperable with government agencies and certificates that are publicly trusted.  View Understanding Government vs. Public Trust for additional details.

  • Government Trust: For those organizations that require a TLS/SSL certificate that is trusted by the government, IdenTrust offers DoD ECA-compliant TLS/SSL certificates.
  • Public Trust: For those organizations that require a TLS/SSL certificate that is publicly trusted and native in most browsers, IdenTrust offers TrustID TLS/SSL certificates.

Single Domain, Multi-Domain and Wildcard Domain

IdenTrust offers certificates that can be used with single, multiple or wildcard domains.  See below for availability by certificate program.

  • Single Domain: A single domain TLS/SSL certificate establishes a secure connection between a browser and a server. With TLS/SSL certificates, the communication is encrypted, assuring visitors that their information is secure and private. These certificates also authenticate an organization’s identity. This is confirmed by the visual appearance of a padlock next to the web address in the browser.
  • Multi-Domain: These certificates are ideal to secure multiple names across different domains and sub-domains and offer complete control over the Subject Alternative Name (SAN) field. A single multi-domain certificate will allow you to secure domains such as:,,, or Organizations with more than one unique Fully Qualified Domain Name (FQDN) will benefit from selecting an IdenTrust TrustID Multi-Domain certificate, which also offers Organization Validated (OV) features that are important when you are operating an e-commerce or business website, so that your organization can be recognized. Up to four (4) FQDNs can be included in one multi-domain certificate. (Additional FQDNs can be added for a fee.)
  • Wildcard: IdenTrust TrustID TLS/SSL OV and EV certificates can support TLS/SSL Wildcard usage. In order to issue a Wildcard certificate, IdenTrust will perform authentication processes to confirm that the requesting organization has full control of the entire domain namespace. A Wildcard certificate includes an asterisk that is correctly positioned in the Fully Qualified Domain Name (FQDN) and will cover all sub-domain names associated with that domain. Wildcard TLS/SSL certificates are available under our Software-As-A-Service model only.  Please contact for more information.

Foreign vs. Domestic

Foreign TLS/SSL certificates are available in many foreign countries; however, be aware that the U.S. Federal government prohibits sales of certificates in countries with trade sanctions or other government restrictions. 

IRS Foreign Account Tax Compliance Act (FATCA) TLS/SSL Certificates

In order to electronically file FATCA reports via the IRS International Data Exchange Services (IDES) system, an organization must be issued an IRS-approved TLS/SSL certificate. IdenTrust is on the approved list of vendors authorized to issue IRS-compliant FATCA TLS/SSL certificates.

Buy Now    FATCA TLS/SSL (Available under the TrustID program)

Additional Program Information

Keeping these definitions in mind, you can select BUY NOW to use our certificate selection wizard or view our TLS/SSL product profiles for more detailed product features and pricing.

DoD ECA Single Domain TLS/SSL Certificate
TrustID Single Domain TLS/SSL Certificate
TrustID Multi-Domain TLS/SSL Certificate
TrustID FATCA IRS Reporting Single Domain TLS/SSL Certificate

To purchase an IdenTrust TLS/SSL certificate, simply select BUY NOW and use our Certificate Selection Wizard to determine the best certificate for your application.