FAQ: Why we don't have a certificate on

Appropriate Use of SSL Certificates
-Or -
Why we don't have a certificate for

SSL Certificates are commonly used to protect the flow of confidential or sensitive information. Most commonly, personal details and credit cards.
Their use is, and should be, kept to areas where this is needed such as payment gateways or forms that require personal information to be entered.

All of the Comodo sites use one centralised system for payment and information processing. This resides on the domain name '' (and now additionally '', a white-labeled copy for resellers), which is where we do need the SSL, and indeed it is in place.

However, visiting shows an error - because the certificate is for
The sites are hosted on the same server, on the same IP address. Not only does not require a certificate, we would need to get an extra IP for the server. At the present time, this is not something we can do.

Q: What about an example page then, that doesn't show errors?

Q: What about EV Certificates?
A: In exception to the above, we have an EV Certificate on, even though no confidential data is requested there. It is to demonstrate the use of EV SSL Certificates.

Q: What about the login boxes from InstantSSL/Enterprise/Positive etc.? If you don't have a certificate, aren't they insecure?
A: No. The login submits your information over an encrypted link, even though the login page isn't. Our login system uses many separate layers of cryptography to be secure.

Q: But other companies do it!
A: Go here: You get an error, because the certificate is on The parts where they ask you for confidential data is That's just one example, like ours, of proper practice.

Comments (0)
Help Desk Software by Kayako
© 2018 Comodo Security Solutions, Inc. All rights reserved.