TELIA SSL CERTIFICATE - FREQUENTLY ASKED QUESTIONS



  1. Which browsers/operating systems/software trust on Telia Company server certificates?

    Telia Company server certificates are issued by TeliaSonera Server CA. That CA is a trusted root certificate in following software products:

    BrowserWindows 10/8/7/Vista/ServerJavaWin Phone 7Win Phone 8LinuxApple OSX and iOSGoogle Android
    IE and EdgeYes-NoYes---
    Mozilla FirefoxYes---YesYesYes
    Google ChromeYes-NoYesYesYesYes
    OperaYes---YesYesYes
    SafariYes----Yes-
  2. Why does TeliaSonera Server CA not appear in the Trusted Root Certification Authorities list of the Internet Explorer?

    Windows versions since XP check CA trust in real time from Microsoft. TeliaSonera Server CA is part of Microsoft Root Certificate Program.

    When a user with a modern version of Windows enters for the first time a page certified with a TeliaSonera CA SSL certificate, Windows downloads root certificate as background process. This excerpt from Microsoft explains this issue further:

    Any new roots accepted by Microsoft are available to Windows XP clients through Windows Update. When a user visits a secure Web site (that is, by using HTTPS), reads a secure e-mail (that is, S/MIME), or downloads an ActiveX control that uses a new root certificate, the Windows XP certificate chain verification software checks the appropriate Windows Update location and downloads the necessary root certificate. To the user, the experience is seamless. The user does not see any security dialog boxes or warnings. The download happens automatically, behind the scenes.

    This feature can be tested on the Telia Company certificate test page.

  3. My service shows a certificate error when Mozilla Firefox is used. The service works normally with other browsers.

    Mozilla Firefox confirms the trust chain in a different way compared to other browsers. Please install CA root certificates (TeliaSonera Root CA v1 and TeliaSonera Server CA v2) to your server. Root certificates are available for download here.

  4. Can I order a Telia Company SSL Certificate for several DNS-values or as a wildcard certificate (*.domain.com)?

    Yes you can. Telia Company does not limit the number of SAN values in certificates and delivers also wildcard certificates.

  5. Why Telia Company does not issue server certificates for internal names and IP addresses?

    CA/Browser Forum requires deprecation of internal names and IP addresses in CA/B Baseline Requirements. Internal names are names not resolvable in public DNS service. Internal IP addresses are so-called private blocks, like 10.x.x.x. The reason for this change of policy is a perceived situation where a malicious hacker can apply for legitimate certificate for an internal name or for an internal IP address. Hacker then installs this certificate into a hacked server in an organization which uses the same internal name or address. The services look normal to users and hacker is able to collect usernames and passwords. The only way to prevent this kind of threat is to stop issuing certificates to private names and addresses.

  6. Why Telia Company has adopted a three-tier root certificate hierarchy?

    CA / Browser Forum has denied certificate enrollment directly from a root certificate. Because of this, TeliaSonera CA issues server certificates from TeliaSonera Server CA v1. The third tier is caused by on-going transition of TeliaSonera CA to a new root certificate. Old Sonera Class 2 CA will be replaced by TeliaSonera Root CA v1. During the transition period TeliaSonera Root CA v1 intermediate certificate will be used as a link to Sonera Class 2 CA until TeliaSonera Root CA v1 self-signed certificate is supported on all devices.

  7. Can a server certificate be transferred to another server?

    Yes, a certificate can be transferred if the DNS name of the server does not change.

  8. What is the difference between Telia Company SSL Order and Full SSL services?

    SSL Order is designed for small-scale server certificate ordering. To facilitate easy ordering, no agreement is needed between Telia Company and customer before server certificate ordering. Also order can be made without authentication. However, same information has to be typed several times if a number of certificates are ordered and certificate delivery is slower than in Full SSL service.

    Full SSL is for customers, who have a need for more than a few certificates per year. When using Full SSL, certificates are issued quickly using a self-service portal. It is also possible to examine existing certificates in the portal. Full SSL service requires a contract between Telia Company and customer before certificate ordering can begin. Also a free Telia Company user certificate is required for login into service portal. Telia Company encourages customers to adopt Full SSL service with lower prices for certificates issued through Full SSL.

  9. Can I modify my order after it has been sent for processing or after the order has been rejected?

    It is possible to modify the order until Telia Company has begun to process it. The person placing the order receives an unique URL for accessing the order for modifications.

    In the case of a rejected order, the person who placed the order, can correct the rejected values and re-send the order without a need to fill in all required values in the order.

  10. Do I have to enter all information about my company every time I create an server certificate order?

    It is not necessary to enter name and contact information of your company after the first order, since the service saves contact the information. Later only Finnish Business ID is needed to fill in the name and contact fields in the form.

  11. Where can I get support in issues related to Telia Company SSL certificates?

    From email address