An SSL/TLS certificate is an electronic document that includes a company’s identification information (such as the name of the company and address), a public key, and the digital signature of a certificate authority (CA) based on that certificate authority’s private key.

A certificate contains the common name (CN) (the fully-qualified domain name) for your secure web site. CPS supports the following types of certificates:

• Wildcard certificate: Secures an entire property hostname. A certificate for *.example.com secures www.example.com, mail.example.com, and any subdomain of example.com. If you do not know what property hostnames you want to attach your certificate to, a wildcard certificate can offer you flexibility.
• SAN certificate: Uses Subject Alternative Names and allows you to secure up to 100 property hostnames with one certificate. These certificates are for users who need to secure multiple names across different property hostnames. You can update a SAN certificate at any time to add or remove hostnames.
• Wildcard SAN certificate: Uses wildcard hostnames with Subject Alternative Names. You can secure up to 100 hostnames with one certificate, and 25 of those hostnames can be wildcards.

There are three types of validation:

• Domain Validation (DV): which is the lowest level of validation. The CA validates that you have control of the domain. CPS support DV certificates issued by Let’s Encrypt, a free, automated, and open CA, run for public benefit. DV certificates from Let’s Encrypt expire every 90 days.
• Organization Validation (OV): which is a higher level of validation. The CA validates the requesting company, if it is registered or incorporated, and if the Admin contact legitimately works at the company. The CA uses your organization information to verify that you legally own or have the legal right to use the domains listed in the certificate. An OV certificate generally expires in one year.
• Extended Validation (EV): which is the highest level of validation in which you must have signed letters and notaries sent to the CA before the certificate will be issued. An EV certificate expires in two years, and provides a “green bar” in most web browsers.