GlobalSign.
TLS/SSL & digital certificates.

No, GlobalSign does not offer a Multi-year Plan for TLS/SSL certificates. For Code/Document Signing and S/MIME certificates, however, there is the option to purchase a lifetime of up to 3 years.

Both are DV certificates and there is no technical difference. AlphaSSL is a sub brand of GlobalSign, which is offered under the GlobalSign umbrella. The AlphaSSL certificate is recommended for more simple web projects. For larger projects with SANs, the Domain SSL or DomainSSL Wildcard is recommended.

Yes, SANs can be booked with GlobalSign TLS/SSL certificates - whether DV, OV or EV, allowing you to secure up to 250 domains in the standard certificate. Please note: Wildcard SANs are not possible for EV certificates.

Yes, “www.example.com”, “mail.example.com”, “autodiscover.example.com” and “owa.example.com” are inclusive and must be added by the customer. If the common name is www.example.com, then example.com will be added from GlobalSign as a free SAN. Please note: Does not apply to AlphaSSL and AlphaSSL Wildcard.

The S/MIME (Secure/Multipurpose Internet Mail Extensions) technology provides security for your email communication through encryption and signing. The asymmetrical encryption protects S/MIME emails against access by unauthorized parties. The digital signature confirms that the email was sent by the specified author and warns of any unauthorized changes. This makes it a reliable method for detecting phishing emails. The PersonalSign Certificates from GlobalSign hold a number of additional advantages:

• Digitally signing - sign Microsoft Office Documents (signing not included in AATL)
• Two-factor authentication (2FA) - strong authentication for networks, VPNs, cloud services etc.
• Includes client authentication, giving users secure access to a server or remote computer by exchanging a digital certificate.

Basically, the higher the trust level, the higher the security in terms of authentication. It indicates the way in which the ownership of the e-mail address is verified. The first trust level is recommended for private individuals. For companies and/or departments, trust level 2 or higher is recommended.

Yes. GlobalSign offers Code Signing Certificates with standard organization validation (OV) or extended validation (EV). OV Code Signing Certificates require regular organization validation while EV Code Signing Certificates require more stringent extended validation, in accordance with the CA/B Forum requirements.

EV Code Signing Certificates offer the added advantage of providing instant reputation with Microsoft Smart Screen, while OV Code Signing Certificates must first establish reputation with the Smart Screen program before warnings disappear.

EV Code Signing Certificates are a requirement for accessing the Windows Hardware Developer Center Dashboard Portal. All kernel-mode drivers targeting Windows 10 (Build 1607 and later) must be signed through this.

A hardware (USB) token provides two-factor authentication and is mandatory to receive and use the certificate when ordered at InterNetX. A token is included in the sales price and will be sent by GlobalSign to the certificate owner after the order has been placed successfully.

Yes, but not simultaneously as the hardware token can only be plugged into a single computer at any given time. As long as the drivers are present on the relevant computer, the USB token can be plugged into any device for use.

Both the Standard Code Signing Certificates and EV Code Signing Certificates cannot be accessed through Remote Desktop (RDP). The USB token must be plugged into the local computer. Note: Signing a file remotely will depend on the key storage. A local hardware token can be used to sign a file on a remote machine but a remote token cannot be used for signing at all.

Yes. The code signing requirements vary from platform to platform. The requirements for signing Java JAR files are different from those for signing a Windows portable executable. There are also separate requirements for signing apps on OS X and iOS. How and where your application(s) is distributed may also be a factor for the signing requirements. Please see the GlobalSign Code Signing FAQ page for more information on this.

AATL stands for Adobe Approved Trust List. It is an international program that allows users to create trusted digital signatures whenever a signed document is opened in Adobe® Acrobat® or Reader® software. AATL works by using an “Approved Trust List”. GlobalSign is a member of this list. The AATL member CAs are carefully verified by Adobe to ensure that their services and credentials fulfil all AATL Technical Requirements. After a certificate authority has been added to this approved list, any signatures that are implemented with certificates that trace back to their root are automatically trusted in Adobe. Because GlobalSign Document Signing Certificates trace back to the GlobalSign root certificate, which is also included in additional trust/root stores, they can also be used for signatures in other software, e.g. Microsoft Office and Bluebeam Revu.

The GlobalSign Document Signing Certificates are compatible with Adobe Version 9+.

You can find an overview of the individual steps required below:

• Order a certificate in AutoDNS
• Verification of the company takes place on the basis of the commercial register entry and a telephone call or written verification via email by GlobalSign
• The hardware (USB) token is sent by a local service provider
• The email with download link is sent simultaneously
• After receipt of the USB token, the certificate is downloaded via the SafeNet Authentication Client with link and password
• After installation, the certificate is ready for use

The AATL Technical Requirements specify that the certificate authority must generate and protect key pair(s) for the supplied certificate(s) in a medium that does not permit exportation and duplication allowing unauthorized use of the private or secret keys. The most appropriate medium is considered to be a hardware security module that meets FIPS 140-2 Level 3 or an equivalent such as the SafeNet I Key. One hardware token is included in the sales price and will be sent by GlobalSign to the certificate owner after the order has been placed successfully. 

You must download and install SafeNet Authentication Client drivers. In order to pick up or install the certificate, you need access to a Windows PC the pre-installed Fortify app or the IE compatibility mode in Microsoft Edge.. After installation on the hardware token, you can also sign documents from other platforms. Requirements for Digital Signing and signature viewing include: Adobe Reader, Adobe Acrobat, Microsoft Office Word and Excel, OpenOffice and LibreOffice.