OpenSRS Trust Manager. May 7, 2013

OpenSRS Trust Manager May 7, 2013

Table of Contents OpenSRS Trust Service...4 The Product Suite...4 Types of SSL certificates...5 Domain certificates...5 Organization certificates...5 Wildcard certificates...6 SAN certificates...6 Extended Validation (EV) certificates...7 Site seals...7 Free trials...14 The Purchase Process...15 Step 1: User creates order...16 Step 2: SSL Provider receives and confirms the order...17 Step 3: SSL Provider verifies the order...17 Step 4: SSL Provider issues the SSL Certificate...17 Step 5: SSL Certificate is received...17 Ordering a Trust Service product...18 Parsing the CSR...21 Installing the Trust Service Certificate...22 Enabling the Symantec Trust Seal...22 Enabling the SiteLock product and seal...23 Upgrading a SiteLock product...25 Creating the TRUSTe privacy policy and seal...26 Requesting a Trust Service scan...28 Cancelling an SSL Certificate...28 Declining an SSL Certificate...28 Refunding an SSL Certificate...29 Setting an SSL Certificate to Let Expire...29 2

Searching for Trust Service orders...30 Refining your search...30 Filtering by status...31 Filtering by date...31 Exporting Trust Service information...31 Resending the Approver email...31 Requesting an SSL Certificate reissue...33 Renewing Trust Service Products...33 Customer Messaging...34 Editing customer messages...34 Trust Service SSL order messages...35 Trust Service SiteLock order messages...36 Trust Service TRUSTe order messages...37 Trust Service Free Trial order messages...38 Trust Service Malware Scan order messages...38 Trust Service SSL renewal messages...39 Trust Service Malware Scan renewal messages...40 Trust Service SiteLock renewal messages...41 Trust Service TRUSTe renewal messages...41 Revisions...43 3

OpenSRS Trust Service The OpenSRS Trust Service offers SSL Certificates that encrypt communications between users and SSL (Secure Socket Layer) e-commerce sites. Data sent via an SSL connection is protected by encryption, a mechanism that prevents eavesdropping and tampering with any transmitted data. SSL provides businesses and consumers with the confidence that private data sent to a Web site, such as credit card numbers, are kept confidential. Web server certificates (also known as secure server certificates or SSL Certificates) are required to initialize an SSL session. Customers know when they have an SSL session with a website when their browser displays the little gold padlock and the address bar begins with a https rather than http. SSL Certificates can be used on Web servers for Internet security and mailservers such as IMAP, POP3, and SMTP for mail collection and sending security. Business websites must have an SSL Certificate to: Validate online businesses by a globally recognized third party Encrypt sensitive data such as credit card numbers or passwords All Trust Services offered through OpenSRS have the highest encryption levels available, compatible with over 99% of all browsers and include globally recognized certification seals. The OpenSRS Trust Services offering includes certificates from Comodo, GeoTrust, SiteLock, Symantec, thawte, TRUSTe, and Trustwave. The terms vary by supplier and product, and range from one to four years. The Product Suite The OpenSRS Trust Service includes products from the most trusted and most recognized certificate providers: Comodo, GeoTrust, SiteLock, Symantec, thawte, TRUSTe, and Trustwave. Comodo offers a comprehensive range of highly-trusted SSL certificate products designed to meet the needs of every business. GeoTrust is one of the world's largest SSL certificate providers, with more than 100,000 customers in over 150 countries. Its product line is extremely popular with small businesses. SiteLock offers website security products that meet the needs of small business without requiring CSRs or web server installation scripts. It performs daily malware, network, and spam scans, and provides a trust seal that lets visitors know that the site is safe. 4

Symantec resonates very well with large companies and corporations that want to obtain the highest levels of security possible. thawte is a leading provider of domain, business and extended validation SSL certificates. Its brand is particularly strong in Europe, and appeals to European businesses. TRUSTe offers a hosted privacy policy service that is available with or without a site seal. Note: TRUSTe is available to the following countries only: Australia, Austria, Belgium, Bulgaria, Canada, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, New Zealand, Norway, Poland, Portugal, Republic of Ireland, Romania, Singapore, Slovakia, Slovenia, Sweden, Switzerland, The Netherlands, United Kingdom, and United States. Trustwave helps companies of all sizes reduce SSL costs while maintaining a high level of trust and security. Types of SSL certificates The type of SSL certificate that you choose depends on whether you want to validate a single domain or an entire enterprise, and also the level of validation that you want to provide. Domain certificates SSL Certificates for domains ensure that the domain has been authenticated by a recognized certificate provider. Visitors to the site can click on the seal to verify that the certificate is still valid, giving site visitors extra peace of mind. The provisioning time for domain certificates is 10 minutes. Organization certificates When corporate identity verification is important, an SSL Certificate for the organization assures customers that the website is trustworthy and secure. The provisioning time for organization certificates is two to four business days. 5

Wildcard certificates Wildcard SSL Certificates may be used for situations where several samedomain web sites need to be secured but the hostnames or sub-domains vary. ou can secure as many sub-domains on one physical box as you like as long as they share the same second level domain name. To do this, the domain/common name in the CSR needs to be "*.mydomain.com". The asterisk is a place holder and enables you to secure different sub-domains that share the same base/second level domain name such as "mydomain.com" in our example. If you need to secure sub-domains on multiple boxes, you need to purchase separate wildcards for each box. The provisioning time for wildcard certificates is two to four business days. SAN certificates Subject Alternative Name (SAN) certificates allow you to specify a list of additional domains or other entities that will be covered by a single SSL certificate. This means that, depending on the product, you may be able to specify multiple top-level domains, subdomains, IP addresses, internal server names, and more. The total number that you can protect with a single certificate varies by product. Note: SAN certificates are sold as packages, so if you purchase a SAN certificate that can secure four additional domains, but you specify only two, you will still be charged the same price. ou may be able to add more domains to a package for an additional charge. For more information on pricing, see http://www.opensrs.com/site/services/trust/pricing. These multi-domain certificates are more flexible than wildcard certificates because they are not limited to the same domain or the same number of levels. The provisioning time for SAN certificates is two to four business days. Product Additional domains allowed Allows server names without any periods Allows Intranet and local names Allows private IP addresses per RFC 1597 True BusinessID SAN 4 to 24 es es es True BusinessID with EV SAN 4 to 24 No No No 6

Product Additional domains allowed Allows server names without any periods Allows Intranet and local names Allows private IP addresses per RFC 1597 QuickSSL Premium SAN 4 (subdomains only) es es es Secure Site SAN 1 to 24 es es es Secure Site Pro SAN 1 to 24 es es es Secure Site with EV SAN Secure Site Pro with EV SAN 1 to 24 No No No 1 to 24 No No No SSL Web Server SAN 1 to 4 es es es SGC SuperCerts SAN 1 to 4 es es es SSL Web Server with EV SAN 1 to 4 No No No Extended Validation (EV) certificates With Extended Validation, as well as displaying the certificate seal, the address bar is displayed in green, providing customers with an extra level of confidence. The green address bar is a strong visual indication that the site has an Extended Validation Certificate. The Security Status bar displays the organization name and the name of the Certificate Authority (CA). The provisioning time for EV certificates is five to seven business days. Site seals A site seal certifies the owner of the site has been verified and that the site is free of malware. Seal products can be used in two ways: By site owners who don't require an SSL certificate but want to add an additional layer of assurance/reputability to their business. By site owners who already have an SSL certificate but want to add an additional layer of security. 7

SiteLock seals Every website protected by SiteLock goes under an evaluation which includes: Verification of the website owner's contact information. Checks for malware, viruses, SQL injections and cross-site scripting vulnerabilities. Verifies email addresses and servers haven't been included on spam blacklists. No CSRs or web server installation scripts are required. GeoTrust Web Site Anti-Malware Scan The GeoTrust Web Site Anti-Malware Scan product offers malware scanning and a trust seal. This product is not vetted. When the order is processed, GeoTrust sends the customer an email to let them know that their site is being scanned. The email also includes instructions on how to log in to their account on the GeoTrust site. When the initial malware scan completes, GeoTrust sends another email to the customer to let them know whether their site passed or failed the scan. If the site passed the scan, the email contains a link to the GeoTrust seal configuration page where the customer can access the seal to display on their website. GeoTrust continues to scan the website on a regular basis and notifies the customer only if the scan fails. If it fails, the seal is removed from the site, and the customer must correct the issues on their site. GeoTrust will reinstate the seal after the next successful scan. A customer can request an on demand scans only if the previous scan failed. Additionally, they cannot request a scan if a scan is already in progress. Note: For the GeoTrust Web Site Anti-Malware product, all communications and account management tasks take place between the customer and GeoTrust; OpenSRS and the Reseller are only involved in ordering and renewing the product. 8

Certificate Type Verifies Requirements Includes Term Comodo Certificates EV SSL Full Organization. Admin, organization, and signer contacts Comodo TrustMark plus green bar 1-2 year InstantSSL Domain and Organization. Organization contact Comodo TrustMark 1-4 years PremiumSSL Domain and Organization. Organization contact Comodo TrustMark 1-4 years PremiumSSL Wildcard Single domain only. Organization contact Comodo TrustMark 1-4 years SSL Single domain. Organization contact SSL Certificate 1-4 years SSL Wildcard Domain and subdomains. Organization contact SSL Certificate 1-4 years GeoTrust SSL Certificates QuickSSL Domain only. Domain authorized email SSL certificate & seal 1-4 years QuickSSL Premium Domain only. Domain Authorized E-mail SSL certificate & True Site Seal 1-4 years QuickSSL Premium SAN Primary domain plus 4 subdomains. Domain Authorized E-mail SSL certificate & True Site Seal 1-4 years True BusinessID Full Organization. Proof of Organization or DUNS Number and WHOIS True Site Seal 1-4 years 9

Certificate Type Verifies Requirements Includes Term True BusinessID SAN Organization plus 4 domains; can add up to 24 domains for additional cost. Proof of Organization or DUNS Number and WHOIS True Site Seal 1-4 years True BusinessID Wildcard Full Organization. Proof of Organization or DUNS Number and WHOIS True Site Seal 1-4 years True BusinessID with EV Domain and Organization plus Extended Validation. Proof of Organization or DUNS Number and WHOIS True Site Seal plus green bar 1-2 years True BusinessID with EV SAN Organization plus 4 domains, including Extended Validation. Can add up to 24 domains for additional cost. Proof of Organization or DUNS Number and WHOIS True Site Seal plus green bar 1-2 years Web Site Anti-Malware Scan Domain. Admin, Billing, and Tech contacts Site Seal 1 year SiteLock Basic Business verification and one-time scan of website. Web and business addresses Site seal 1 year Premium Business verification and extensive malware scanning. Web and business addresses Site seal 1 year 10

Certificate Type Verifies Requirements Includes Term SMB Enterprise Secure Business verification and Enterpriselevel protection with constant network scans. Web and business addresses Site seal 1 year Symantec Certificates SecureSite Full Organization. Proof of Organization or DUNS Number and WHOIS Secured Seal 1-4 years SecureSite SAN Organization plus 1 domain; can add up to 24 domains for additional cost. Proof of Organization or DUNS Number and WHOIS Secured Seal 1-4 years SecureSite Pro Full Organization. Proof of Organization or DUNS Number and WHOIS Secured Seal 1-4 years SecureSite Pro SAN Organization plus 1 domain; can add up to 24 domains for additional cost. Proof of Organization or DUNS Number and WHOIS Secured Seal 1-4 years SecureSite with EV Full Organization plus Extended Validation. Proof of Organization or DUNS Number and WHOIS Secured Seal plus green bar 1-2 years 11

Certificate Type Verifies Requirements Includes Term SecureSite with EV SAN Organization plus 1 domain, including Extended Validation. Can add up to 24 domains for additional cost. Proof of Organization or DUNS Number and WHOIS Secured Seal plus green bar 1-2 years SecureSite Pro with EV Full Organization plus Extended Validation. Proof of Organization or DUNS Number and WHOIS Secured Seal plus green bar 1-2 years SecureSite Pro with EV SAN Organization plus 1 domain can add up to 24 domains for additional cost. Proof of Organization or DUNS Number and WHOIS Secured Seal plus green bar 1-2 years thawte SSL Certificates SSL123 Domain & Organization. Domain authorized email Trusted Site Seal 1-4 years SGC SuperCerts Full Organization. Proof of Organization or DUNS Number and WHOIS Trusted Site Seal 1-4 years SGC SuperCerts SAN Organization plus 1 domain; can add up to 4 domains for additional cost. Proof of Organization or DUNS Number and WHOIS Trusted Site Seal 1-4 years SSL WebServer Certificates Full Organization. Proof of Organization or DUNS Number and WHOIS Trusted Site Seal 1-3 years 12

Certificate Type Verifies Requirements Includes Term SSL WebServer Certificates with SAN Organization plus 1 domain; can add up to 4 domains for additional cost. Proof of Organization or DUNS Number and WHOIS Trusted Site Seal 1-3 years SSL WebServer Certificates with EV Full Organization plus Extended Validation. Proof of Organization or DUNS Number and WHOIS Trusted Site Seal plus green bar 1-2 years SSL WebServer with EV SAN Organization plus 1 domain; can add up to 4 domains for additional cost. Proof of Organization or DUNS Number and WHOIS Trusted Site Seal plus green bar 1-2 years SSL Web Server Certificates Wildcard Full Organization. Proof of Organization or DUNS Number and WHOIS Trusted Site Seal 1-2 years TRUSTe Privacy Policy with seal Single domain. Individual contact Hosted Privacy Policy plus seal 1-3 years Privacy Policy Single domain. Individual contact Hosted Privacy Policy only 1-3 years Trustwave Certificates Domain Vetted (DV) Single domain only. Admin contact Trusted Commerce Site Seal 1-3 years Premium EV Full Organization. Admin contact SSL Certificate plus green bar 1-2 years 13

Certificate Type Verifies Requirements Includes Term Premium SSL Full Organization. Admin contact Trusted Commerce Site Seal 1-3 years Premium SSL Wildcard Full Organization. Admin contact Trusted Commerce Site Seal 1-3 years Free trials GeoTrust, Symantec, and TRUSTe offer 30 day free trials for the following Trust Service products: GeoTrust True BusinessID with EV Symantec SecureSite, Secure Site Pro, Secure Site with EV, and Secure Site Pro with EV TRUSTe Hosted Privacy Policy (HPP) and Privacy Policy with Seal (TPS) Note: Free trials are not available for SAN products. Customers who order the free trial are not charged when they place the order for the product and they can cancel at any time before the 30 days is up without incurring a charge. The full price of the product is displayed in the Control Panel, but the charge is not applied until the end of the 30 day period. During the free trial period, a CANCEL FREE TRIAL button is displayed on the product page, so that the product order can be cancelled at any time during that period. If the customer does not cancel the order before the end of the 30 day free trial, they are automatically charged for the term that they selected when they placed the order. There are no notification emails or requests for confirmation. The expiry date is calculated from the date that the paid term begins, not the date that the free trial began. The product status changes to Product - Activated, and a new order is automatically created. Note: When taking advantage of the free trial period, the term that can be selected for the Symantec products and for GeoTrust True BusinessID with EV is restricted to one year; TRUSTe products can be ordered for one, two, or three year terms. 14

The order process is the same whether you choose the free trial period of not. See Ordering a Trust Service product. Cancelling an order during the free trial period ou can cancel a completed free trial order any time before the end of the 30 day period without incurring a charge. Note: When you cancel a free trial, you will not be able to re-submit an order with the same supplier for that domain until 30 days have passed. To cancel an order during the free trial period 1. In the Control Panel, click the TRUST MANAGER tab, and then click View Trust Services. 2. Click the domain name of the product that you want to cancel. ou may see multiple entries for the same domain; be sure to click one that displays Product - Active in the Status column. 3. In the Status section, click CANCEL FREE TRIAL. The order is marked as Declined and the product is marked as Revoked. For GeoTrust and Symantec, the customer is sent an email containing a link to click to approve the revoke; for TRUSTe, the cancellation is automatic. The Purchase Process The following diagram illustrates the steps involved in purchasing SSL Certificates. 15

Step 1: User creates order ou can place the order on behalf of your customer either through the Trust Manager or the API. The order can then be saved for later processing or submitted immediately. ORDER STATE: Pending order was saved In Progress order was submitted immediately 16

Step 2: SSL Provider receives and confirms the order Upon submitting the order, the system sends the information to the SSL vendor. ORDER STATE: In Progress Note: For domain vetted certificates, an additional verification email is sent to the domain owner requesting approval. The domain owner is determined during the ordering process, based on the public WHOIS information for the domain. Step 3: SSL Provider verifies the order Once a confirmation has been sent, the SSL Provider takes the information provided in the order and verifies it. For organization vetted certificates, there is additional verification of the organization that is applying for the SSL Certificate. ORDER STATE: In Progress Step 4: SSL Provider issues the SSL Certificate If the verification passes, the SSL Provider then, via email, issues the SSL Certificate and accompanying installation instructions to the admin contact specified in the original order. ORDER STATE: Completed Step 5: SSL Certificate is received The admin contact associated with the order receives a copy, by email, of the SSL Certificate. ORDER STATE: Completed 17

Ordering a Trust Service product Depending on the type of Trust Service product that you are ordering, you might not see all of these fields mentioned in these steps. Note: The address fields that you complete must specify physical addresses; you cannot specify P.O. boxes. To order a Trust Service SSL Certificate 1. In the Control Panel, click the TRUST MANAGER tab, and then click View Trust Services. 2. Click an option in each category to choose the supplier and service that you want to purchase. If you are ordering a domain vetted certificate, in the text field, enter the name of the domain with which you are associating the service. 3. Click CONTINUE TO NEXT STEP. 4. For SiteLock and TRUSTe products, in the Customer section, click the radio button that indicates the type of user account to associate with the Trust service. If you want to associate your order with an existing account, select the Existing Customer Account radio button and then select the user from the Account drop-down list. If the order is for a new customer, select the New Customer Account radio button, and enter a user name, password, and email address for the new customer in the Username, Password, and Email Address fields. The username and password allow the domain owner to log in to the Domain Admin end user control panel at resellername.domainadmin.com to configure and manage their Trust Service product and account. The email address is the address to which the Domain Admin login credentials will be sent. Important: If you select No Customer Account, the service will work: however, the end user will not be able to access the Domain Admin control panel. In that case, you can either provision the Trust Service product for your customer or you can provide your own end user interface. If you do not create a username and password when you order the service, you cannot add it later. 5. In the Service Period & Validation Period section, use the drop-down lists to, choose the certification period, validation email, web server, 18

and server count for the Trust Service. (Depending on the type of certificate that you are ordering, you may not see all of these fields.) Certification Period The number of years for which you want to purchase the product. ou can choose between 1 and 5 years, depending on the product type. Validation Email The email address of the individual who can approve the order. The Certificate Provider sends the approver email to the address that you specify. Web Server Select the type of Web server that will be using the SSL Certificate. Along with the CSR, the Certificate Provider uses this information to generate the SSL Certificate. Server Count This feature authorizes you to use the same SSL Certificate on multiple servers. In most cases, you are charged the cost of one SSL Certificate for each server. For example, if you choose 10 from the Server Count drop-down list, you are charged for 10 SSL Certificates. Note: GeoTrust products include unlimited server licenses. 6. For thawte, Symantec, and most GeoTrust certificates, in the Organization contact Information section, enter the contact details for the organization. 7. In the Individual Contact Information sections, enter the details for the Trust Service contacts. If you are entering a new contact, you must complete all of the fields. To use the same information as an existing contact, choose that contact from the Make same as drop-down list. If you use this feature, make sure that the fields in the designated section are completed. Note: For Symantec, thawte, and True BusinessID EV certificates, Title is a required field. Important: For Trustwave certificates only, the approver and certificate emails are always sent to five email addresses: Admin, Administrator, Hostmaster, Postmaster,and Root; therefore, you must ensure that at least one of the following five addresses exists: root@yourdomain.tld admin@yourdomain.tld administrator@yourdomain.tld hostmaster@yourdomain.tld webmaster@yourdomain.tld 19

8. For all except seal type certificates, in the Certificate Settings section, enter the CSR for the Web server that will be using the SSL Certificate and, optionally, any special instructions regarding the order, and then click ADD SERVICE or SAVE AS DRAFT. Important: For Trustwave only, you need to remove the word NEW from the BEGIN and END statements of the CSR before you submit the order. The Certificate Provider uses this information to generate the SSL Certificate. ou can find instructions on how to create the CSR on the supplier s website. Comodo: http://www.comodo.com/csr_autogenerator.php GeoTrust: http://www.geotrust.com/support/generate-csr/ Symantec: https://knowledge.verisign.com/support/ssl-certificatessupport/index?page=content&id=ar235 thawte: https://search.thawte.com/support/ssl-digitalcertificates/index?page=content&id=ar1108 Trustwave: https://ssl.trustwave.com/support/create-csr.php Note: All certificates require 2048 bit CSRs; however, Symantec will accept 1024 bit CSRs for certificates with expiry dates prior to December 31, 2013, except for EV certs, which require 2048, regardless of the term. SSL Certificate Providers require the domain s Admin or Technical contact to approve every order for an SSL Certificate. The SSL Provider sends an email to the Admin or Technical contact, which that contact must approve and return to the Provider. Once the Provider receives the approval, the order is processed. 9. For SAN certificates, in the Additional Domains section, enter the additional domains (other than the primary domain) that you want to include with this SSL certificate. Click ADD DOMAIN to display an additional text field. To delete a domain, click the red X beside the domain name. The following products allow you to enter intranet and local names and to specify server names without any periods: QuickSSLPremium SAN, Secure Site SAN, Secure Site Pro SAN, SSL Web Server SAN, SGC SuperCerts SAN, and True BusinessID SAN. Each SAN product allows a certain number of additional domains (either 1 or 4, depending on the product), and in most cases, more domains can be added for an additional charge. The number of 20

additional domains you can specify for each certificate type are as follows: Quick SSL Premium SAN 4 (subdomains only) TrueBusiness ID SAN 4 to 24 TrueBusiness ID EV SAN 4 to 24 Secure Site EV SAN 1 to 24 Secure Site Pro EV SAN 1 to 24 Secure Site Pro SAN 1 to 24 Secure Site SAN 1 to 24 SGC Super Certs SAN 1 to 4 SSL WebServer EV SAN 1 to 4 SSL WebServer Certificates with SAN 1 to 4 Note: If you want to add more domains to a SAN cert after the order has been processed, you must contact the Trust Service provider. 10. Click ADD SERVICE to submit your order or click SAVE AS DRAFT to save the order as pending. Parsing the CSR In order to reduce the number of orders that get declined as a result of incorrect CSRs, you can parse the CSR while the order is either pending or processing. ou can then see the information contained in the CSR, and any errors related to it. To parse the CSR 1. In the Control Panel, click the TRUST MANAGER tab, and then click Parse CSR. 2. Click an option in each category to choose the supplier and service that you want to purchase. If the CSR is for a domain vetted certificate, enter the name of the domain with which you are associating the certificate. 3. In the CSR (Certificate Signing Request) field, enter the CSR for the Web server that will be using the Trust Service. 4. Click PARSE CSR. The parsed CSR data is displayed. 21

Installing the Trust Service Certificate Once the Trust Service order is processed, the Trust Service provider sends an email with instructions on how to install the Trust Service certificate. ou can also refer to the Trust Service provider's website for installation instructions: Comodo: https://support.comodo.com/index.php?_m=knowledgebase&_ a=view&parentcategoryid=95&pcid=1&nav=0,96,1 GeoTrust: https://knowledge.geotrust.com/support/knowledge-base/index? page=content&id=so15065&actp=list&viewlocale=en_us Symantec: https://knowledge.verisign.com/support/ssl-certificatessupport/index?page=content&id=ar212&actp=list&viewlocale=en_us thawte: https://search.thawte.com/support/ssl-digital-certificates/index? page=content&id=so1498&actp=list&viewlocale=en_us Trustwave: https://ssl.trustwave.com/support/install-certificate.php Enabling the Symantec Trust Seal When you view or order a Symantec SSL Certificate, you will see a section called Trust Seal Settings. If Trust Seal Enabled displays a checkmark, the service is enabled and you can display the Symantec Trust Seal on your website. When the Trust Seal is enabled, you can also choose to enable Seal In Search. If you put a checkmark next to Seal In Search Enabled, Symantec certifies that your site is free of malware, and Symantec scans your site on a daily basis to verify that the site remains free of malware. Whenever anyone who is using the AVG anti-virus solution performs a search that returns your website in the search results, they will see the Symantec seal next to the link for your web site. The status of Seal in Search is displayed in the following three read-only fields: Seal Status: The current state of Search in Seal. The possible values are: Off The Trust Seal order is pending authorization. Trust Seal Site has passed the daily malware scan. Secure Seal Site had failed the daily malware scan and Trust Seal is turned off. 22

Malware Scan Status: The result of the Symantec scan. A value is displayed in this field only if Seal Status is Off. The possible values are: Date of the latest successful malware scan. Failed Scan failed; malware found on site. Pending Malware scan has not yet been run on the site. Unreachable Scan not run as site unreachable at DNS level. Unavailable Scan not run as server accessible, but site down. Last Scan Date: The latest date that a Symantec scan was done. A value is displayed in this field only if Seal Status is Off. Click UPDATE to save any changes you make to this section or click CANCEL to ignore the changes and revert to the last saved settings. Enabling the SiteLock product and seal SiteLock offers three website security products, depending on the type of website on which it will be installed: Basic, Premium, and SMB Enterprise Secure. Basic Provides simple, affordable protection from hackers, blacklisting by search engines, and many other website hazards. Premium Provides a comprehensive suite of protection and detection tools. SMB Enterprise Secure Offers the highest level of protection for customers who already use SSL, have a shopping cart, databases or are storing customer data on their site. Every website protected by SiteLock goes under an evaluation which includes: Verification of the website owner's contact information. Checks for malware, viruses, SQL injections and cross-site scripting vulnerabilities. Verification that the email addresses and servers haven't been included on spam blacklists. 23

Order statuses After you place an order for a SiteLock product, you will see two entries in the STATUS column for the same domain - one that says Order Completed and one that says Product - Active. When you view the Product - Active entry, you will see a link in the Status section called MANAGE ACCOUNT. This link allows logs you in to the SiteLock website where you can verify the account information, view site statistics, and manage the account. To enable the SiteLock product 1. In the Control Panel, click the TRUST MANAGER tab, and then click View Trust Services. 2. Click a domain name to view the associated Trust Service. 3. In the Status section, click MANAGE ACCOUNT. ou are automatically logged in to the SiteLock account where you can complete the order and make changes to the account. 4. Follow the steps to complete the order. Once the process is complete, SiteLock provides you with a Javascript trust seal that you can install on your website. ou can also use the MANAGE ACCOUNT link to log in to SiteLock to manage the account and view alerts about issues that can affect the SiteLock seal. Domain Admin OpenSRS supplies an unbranded interface called Domain Admin that allows your customers to manage their accounts. The Domain Admin URL is resellername.domainadmin.com where resellername is your Reseller name. The customer logs in using the username and password that you specified when you ordered the SiteLock product. An unbranded email is sent to the customer to let them know their username and password as well as the URL for the Domain Admin end user control panel. The address to which this email is sent is the one that you specified in the Customer section when you placed the order for the Trust Service product. Important: To use this feature, the Trust Service order must be associated with a customer account. If you select No Customer Account when you order the Trust Service, the end user will not be able to access the Domain Admin control panel. In that case, you can either provision the Trust Service product for your customer or you can provide your own end user interface. 24

To resend the Domain Admin login credentials to your customer, view the Trust Service, and in the Customer section, click Send user log-in info. If the Status is Product - Active or Product - Renewed, you can change the username. ou can also change the email address to which the credentials are sent. If you change the Username field or the Email field, remember to click UPDATE to save your changes before you click Send user log-in info. Unbranded documentation for Domain Admin is available on the OpenSRS documentation page. Upgrading a SiteLock product At any time during the term, you can upgrade a SiteLock Basic or Premium SSL certificate to a higher level certificate. SiteLock Basic can be upgraded to SiteLock Premium or SiteLock SMB Enterprise Secure, and SiteLock Premium can be upgraded to SiteLock SMB Enterprise Secure. When you upgrade, you will be charged the price for one year at the new level, the product type changes, and the new expiry date is one year from the date of the upgrade. Note: There is no refund for the original certificate. Because you are upgrading an existing product, you do not need to specify the domain or the period. To upgrade a SiteLock product 1. In the Control Panel, click the TRUST MANAGER tab, and then click View Trust Services. 2. Click the domain name of the SiteLock product that you want to upgrade. ou may see multiple entries for the same domain; be sure to click one with the status Product - Active. 3. In the Status section, from the Upgrade drop-down list, select the new product level, and then click UPGRADE. 4. In the Customer section, click the radio button that indicates the type of user account to associate with the Trust service. Although you already chose the Customer type when you first ordered the SiteLock product for this domain, you can change your selection when you upgrade. If you want to specify an existing account, select the Existing Customer Account radio button and then select the user from the Account drop-down list. 25

If you want to specify a new customer, select the New Customer Account radio button, and enter a username, password, and email address for the new customer in the Username, Password, and Email Address fields. The username and password allows the domain owner to log in to the Domain Admin end user control panel at resellername.domainadmin.com to configure and manage their Trust Service product and account. Important: If you select No Customer Account, the service will work; however, the end user will not be able to access the Domain Admin control panel. In that case, you can either provision the Trust Service product for your customer or you can provide your own end user interface. If you do not create a username and password when you order the service, you cannot add it later. 5. In the Individual Contact Information sections, enter or edit the details for the Trust Service contact. If you are entering a new contact, you must complete all of the fields. 6. Click UPGRADE SERVICE. Creating the TRUSTe privacy policy and seal TRUSTe offers a hosted privacy policy service that is available with or without a site seal. Unlike most other Trust products, there is no certificate that you need to install. After you place an order for a TRUSTe product, the initial status of the order is Order - Awaiting Approval. When you view the order, you will see a link in the Status section called MANAGE ACCOUNT. This link logs you in to the TRUSTe website where you create a privacy policy by answering a number of questions. To create the TRUSTe privacy policy 1. In the Control Panel, click the TRUST MANAGER tab, and then click View Trust Services. 2. Click a domain name to view the associated Trust Service. 3. In the Status section, click MANAGE ACCOUNT. ou are automatically logged in to the TRUSTe account. 4. Follow the steps to generate the privacy policy. Once you complete this process, TRUSTe verifies the domain's website, and then sends a fulfillment email to the domain contact. 5. Once the process is complete, in the Control Panel, you will see two entries for the same domain - one that says Order Completed and one 26

that says Product - Active. View the Product - Active entry, and click the link in the Status section called MANAGE ACCOUNT to log in to TRUSTe. 6. Copy and paste the html code snippet to the website. If the order is for the TRUSTe Privacy Service With Seal product, TRUSTe also provides a trust seal to display on the website. If the customer purchased the TRUSTe privacy policy without the seal, the policy can be posted as soon as it is generated. TRUSTe scans the website to ensure that it adheres to the policy. If the customer purchased the TRUSTe privacy policy plus the seal, TRUSTe must approve the policy before the customer can post either the privacy policy or the seal. In addition to running a scan, TRUSTe manually reviews the scan report and notifies the customer if they need to make changes to their policy. The assessment and approval process takes one or two days. At the end of the approval process, the customer can log in to their account and get the javascript for the seal and they can post the privacy policy at the same time. Domain Admin OpenSRS supplies an unbranded interface called Domain Admin that allows your customers to manage their accounts. The Domain Admin URL is resellername.domainadmin.com where resellername is your Reseller name. The customer logs in using the username and password that you specified when you ordered the TRUSTe product. An unbranded email is sent to the customer to let them know their username and password as well as the URL for the Domain Admin end user control panel. The address to which this email is sent is the one that you specified in the Customer section when you placed the order for the Trust Service product. Important: To use this feature, the Trust Service order must be associated with a customer account. If you select No Customer Account when you order the Trust Service, the end user will not be able to access the Domain Admin control panel. In that case, you can either provision the Trust Service product for your customer or you can provide your own end user interface. To resend the Domain Admin login credentials to your customer, view the Trust Service, and in the Customer section, click Send user log-in info. If the Status is Product - Active or Product - Renewed, you can change the username. ou can also change the email address to which the credentials are 27

sent. If you change the Username field or the Email field, remember to click UPDATE to save your changes before you click Send user log-in info. Unbranded documentation for Domain Admin is available on the OpenSRS documentation page. Requesting a Trust Service scan The site seal reassures visitors to a website that the site is free of malware, viruses, and other security concerns. The Trust Product providers scan the websites on a regular basis to ensure that this remains true. If issues are discovered and are not corrected, the Trust Service provider may remove the seal from the site. If you have a Symantec or SiteLock seal, or the GeoTrust Web Site Anti- Malware scan product, and you have corrected a malware issue on your site, you can click REQUEST ON DEMAND SCAN to have the Trust Service provider rescan your system immediately and reinstate the Trust Seal. To request an on demand scan 1. In the Control Panel, click the TRUST MANAGER tab, and then click View Trust Services. 2. Click a domain name to view the associated Trust Service. 3. In the Seal Settings section, click REQUEST ON DEMAND SCAN. Cancelling an SSL Certificate Once the Trust Service order has been requested it can only be cancelled while it is in progress, it cannot be cancelled after it has been completed. The order can be cancelled by: Certificate holder If you decide that you no longer want the SSL Certificate. SSL Provider If they cannot validate the order for whatever reason. OpenSRS If you request assistance or if a problem is detected. ORDER STATE: Cancelled Declining an SSL Certificate Once the SSL Provider receives the order request, they can decline it for the following reasons: An invalid CSR. 28

An invalid SSL Certificate approver where the approver does not match the domain for a given CSR. A Wildcard SSL Certificate is ordered but the CSR provided is for a non-wildcard product. ORDER STATE: Declined Refunding an SSL Certificate An SSL certificate order can be cancelled and refunded by: Certificate holder If you decide that you no longer want the SSL Certificate. SSL Provider If they determine that the SSL Certificate was not properly issued or if the Certificate was being misused (installed on more than a single server without permission). ou can request a refund within 30 days of the date of fulfillment for Comodo, GeoTrust, Symantec, thawte, and most Trustwave certificates. Please note however that refunds are not available for SiteLock and TRUSTe certificates or for Trustwave EV certificates. Trust Service orders that have been fulfilled cannot be cancelled through OpenSRS. Instead, you must contact the SSL Provider to cancel the order. For GeoTrust, Symantec, and thawte certificates, you can easily do this through the certificate provider's end user portal. For Trustwave and Comodo certificates, you should contact help@opensrs.com for assistance. Upon refunding the certificate, the SSL Provider sends both the Reseller and the end user a confirmation email, the order is placed in the revoked state, and the money for the certificate is returned to your OpenSRS account. Note: Please allow up to 48 hours for refunds to be processed. ORDER STATE: Revoked Setting an SSL Certificate to Let Expire If you do not want to renew a certificate at the end of the certification period, you can set it to expire at the end of its term without notification. If this option is enabled for a Trust Service product, renewal reminder emails will not be sent. To use this feature, the Trust Service product status must be Active. 29

To set a Trust Product to let expire 1. In the Control Panel, click the TRUST MANAGER tab, and then click View Trust Services. 2. Click the domain that you want to set to let expire. 3. In the Status section, click to put a checkmark in the box beside Let expire without notification, and then click UPDATE. Searching for Trust Service orders Enter all or part of the domain name or admin email for which you want to search and click the name.. ou can use wildcard characters to represent part of Click a domain name to view information about the Trust Service for that domain. Refining your search ou can filter the list of Trust Services based on the values in one or more columns. Click the down arrow in a column heading to display the search criteria for that column. Click the down arrow again to hide the search criteria. As you select or deselect criteria, the results list changes to reflect your choices. ou can select criteria in any column that displays the down arrow, and you can filter your results based on more than one column at a time. If you don t want to use filtering, you can check the box beside IGNORE FILTERS. The filtering options will still be displayed, but any selections you make will be ignored. To enable filtering again, remove the checkmark from the box. Filtering by product type To restrict your search to a particular type of Trust Services product, click the down arrow in the TPE column, and then click the checkboxes to select or deselect the Trust Service product types that you want in the displayed list. When a box is checked, only orders for that Trust Service product type are displayed in the search results. Click all to select all product types or click none to deselect all types. By default, all product types are selected. 30

Filtering by status To restrict your search to a particular status, click the down arrow in the STATUS column, and then click the associated checkboxes to select or deselect the statuses that you want in the displayed list. When a box is checked, only the Trust Service orders that have the selected statuses are displayed in the search results. Click all to select all statuses or click none to deselect all statuses. By default, all statuses are selected. Filtering by date To restrict your search according to the date that the Trust Services were created or will expire, click the down arrow in the CREATED or EXPIRES column, and then use the From and To calendars to restrict your search to Trust Services that were created or will expire within the specified date range. Exporting Trust Service information ou can export details about Trust Service certificates and view the information as a.csv file. If you have a large number of domains and certificates, before using the export tool, you might want to use the search feature to display only those certificates that meet specific criteria. For example, you might want to see all of the certificates that will expire in a certain time range so that you contact those customers about renewing their certificates. For more information, see "Searching for Trust Service orders". To export Trust Service information 1. In the Control Panel, click the Trust Manager tab. 2. Click the checkboxes to put a checkmark next to each of the domains whose information you want to export, or click the checkbox at the top of the page to select all domains. 3. From the drop-down list beside the GO button, choose Export.CSV, and then click GO. 4. In the dialog box that appears choose whether to open or save the file, and then click OK. Resending the Approver email When you view a Trust Service, the Status section displays essential information about the Trust Service order including the current status of the order To resend the Approver email, click RESEND APPROVE EMAIL. 31

Note: Since approval is required before an order can be processed, you can only request the Approver email for orders that are in progress. 32

Requesting an SSL Certificate reissue When requesting a reissue, the same contacts and domain name associated with the original SSL Certificate must be used for the new SSL Certificate. To get a reissue on an SSL Certificate, access the SSL certificate provider's site: Comodo: Contact Comodo Support at support@comodo.com or https://support.comodo.com/ GeoTrust: http://www.geotrust.com/resources/cert_reissuance/index.asp Symantec: http://www.verisign.com/ssl/current-ssl-customers/revokereplace-ssl/index.html thawte: http://www.geotrust.com/resources/cert_reissuance/index.asp Trustwave: https://ssl.trustwave.com/ssl-control-center.php ou will be asked for three pieces of information: our Server DNS Name the domain for which the SSL Certificate was issued. Email Address any email address on the original order. Digital image for security measures, you must type the five-digit number displayed on screen. Once the information is submitted, a confirmation request is sent to the Technical contact on the SSL Certificate order. Renewing Trust Service Products Only active Trust Service products are eligible for renewal; once a product has expired, it can no longer be renewed. The renewal option for Trust Service products is displayed 60 days before the expiry date. Note: ou can only renew the Trust Service product as the same type of product. If you want to purchase a different type of product, you must create a new order. To renew a Trust Service product 1. In the Control Panel, click View Trust Services. 2. Click a domain name to view the associated Trust Service. 3. In the Status section, click RENEW. 4. From the Certification Period drop-down list, choose the number of years for which you want to renew the service 33

5. Make any required edits to the saved information, and then click RENEW SERVICE. Customer Messaging The Customer Messaging section is available on the Domain Manager tab, and lists all of the available Trust Services messages. When you see a checkmark in the Active column, it means that the message is enabled and will be sent when it is triggered by the associated action. If you remove the checkmark, the message is disabled and will not sent. If the checkbox is greyed out however, you cannot disable the message and it is always sent. ou can click a link in the Message Name column to view and, in some cases, edit the contents of the message. Editing customer messages When you click to display a message, it opens in the Editing Message page, which allows you to view and, in some cases, edit the contents of the message. If there is a checkmark in the Enabled checkbox it means that the message will be sent whenever the associated trigger occurs. If you remove the checkmark, the message is disabled and will not be sent. If the checkbox is greyed out however, you cannot disable the message and it is always sent. ou can add or remove text in any of the editable fields. In addition, the Tab Legend section lists all of the variable tags that can be used in the message. To add a tag to an editable message, put your cursor in the location where you want to insert the tag and then click the add tag icon. 34

Trust Service SSL order messages Trust Service - SSL Certificate order Messages are sent when a Trust Service certificate is order or processed. On the Customer Messaging page, click the Message Name to view and, optionally, edit the message, including any placeholders. Message Name Message to Reseller when certificate approver rejects the order Explanation Notifies the Reseller that the SSL certificate was rejected by the approver. Editable (/N) Message to reseller when vendor revokes the certificate Notifies the Reseller that the certificate vendor rejected the order. Message to reseller when vendor cancels the order Notifies the Reseller that the certificate vendor cancelled the order. Message to reseller when vendor completes order Notifies the Reseller that the order has been completed and the certificate has been sent to the end user contacts. Message to Admin Contact Notifies the admin contact that the request when True Biz ID certificate for a True BusinessID certificate is in order is processed process. Message to Admin Contact when True Biz ID with EV certificate order is processed Notifies the admin contact that the request for a True BusinessID with EV certificate is in process. Message to Admin Contact when Domain Vetted certificate order is processed Notifies the admin contact that the request for a domain vetted certificate is in process. 35

Message Name Message to Admin Contact when Organization Vetted certificate order is processed Explanation Notifies the admin contact that the request for an organization vetted certificate is in process. Editable (/N) Trust Service SiteLock order messages Trust Service - SiteLock order messages are sent when a SiteLock Trust Service product is ordered. On the Customer Messaging page, click the Message Name to view and, optionally, edit the message, including any placeholders. Message Name Message to Admin Contact when SiteLock order is processed Message description Notifies admin contact that the SiteLock order has been processed. Editable (/N) Message to Reseller when vendor cancels SiteLock order Notifies the Reseller that a SiteLock order has been rejected by the vendor. Message to Reseller when vendor completes SiteLock order Notifies the Reseller that SiteLock has completed the order and sent the certificate to the admin contact. 36

Trust Service TRUSTe order messages Trust Service - TRUSTe order messages are sent when a TRUSTe Trust Service product is ordered. On the Customer Messaging page, click the Message Name to view and, optionally, edit the message, including any placeholders. Message Name Message to Reseller when TRUSTe order has been rejected by supplier Message description Notifies the Reseller that a TRUSTe order has been rejected by the vendor. Editable (/N) Message to Admin Contact when TRUSTe order is revoked Notifies the admin contact that their business does not meet TRUSTe privacy requirements. Message to Reseller when vendor completes TRUSTe order Notifies the Reseller that the TRUSTe order is complete and the certificate has been sent to the admin contact. Message to Reseller when vendor cancels TRUSTe order Notifies the Reseller that TRUSTe has cancelled the order. Message to Admin Contact when TRUSTe order is processed Notifies the admin contact that the order has been processed and they can now log in to TRUSTe to generate their privacy policy. Message to Admin Contact when TRUSTe order is fulfilled Notifies the admin contact that the order has been processed and they can log in to TRUSTe to obtain their privacy policy and seal. Message to Admin Contact when TRUSTe order is on hold Notifies the admin contact that TRUSTe made revisions to the privacy policy that need to be reviewed and approved. 37

Trust Service Free Trial order messages Trust Service - Free Trial order messages are sent when a Trust Service Free Trial is ordered or processed. On the Customer Messaging page, click the Message Name to view and, optionally, edit the message, including any placeholders. Message Name Explanation Editable (/N) Message to Admin Notifies the admin contact that the request for a Contact when Free Trial Trust Service 30 day free trial is in process. order is processed Message to Reseller when customer cancels Free Trial order Notifies the end user that the 30 day free trial has been cancelled. Message to Admin Notifies the admin contact that the 30 day free Contact when Free Trial trial has been cancelled. order is cancelled Trust Service Malware Scan order messages Trust Service - Malware Scan order messages are sent when a Malware Scan Trust Service product is ordered. On the Customer Messaging page, click the Message Name to view and, optionally, edit the message, including any placeholders. Message Name Explanation Editable (/N) Message to Admin Contact when Malware Scan order is processed Notifies the admin contact that the GeoTrust Malware Scan order has been processed. 38

Trust Service SSL renewal messages Trust Service - SSL Certificate renewal messages are sent when a Trust Service certificate is about to expire. On the Customer Messaging page, click the Message Name to view and, optionally, edit the message, including any placeholders. Message Name Reseller Daily Upcoming Renewal Reminder Explanation Daily report to Reseller that lists certificates that are expiring in 60, 30, and 10 days as well as those that expired within the last 30 days, and those were renewed the previous day. Editable (/N) Renewal reminder email 60 days before expiry date Notifies admin contact that their certificate will expire in 60 days. Renewal reminder email 30 days before expiry date Notifies admin contact that their certificate will expire in 30 days. Renewal reminder email 10 days before expiry date Notifies admin contact that their certificate will expire in 10 days. Renewal reminder email at expiry date Notifies admin contact on the day that their certificate is expiring. Renewal reminder email 10 days after expiry date Notifies admin contact that their certificate has expired and reminds them to renew it. 39

Trust Service Malware Scan renewal messages Trust Service - Malware Scan renewal messages are sent when a Malware Scan Trust Service product is about to expire. On the Customer Messaging page, click the Message Name to view and, optionally, edit the message, including any placeholders. Message Name Message to Admin Contact when Malware Scan order is expiring in 60 days Explanation Notifies admin contact that their GeoTrust Malware Scan service will expire in 60 days. Editable (/N) Message to Admin Contact when Malware Scan is expiring in 30 days Notifies admin contact that their GeoTrust Malware Scan service will expire in 30 days. Message to Admin Contact when Malware Scan order is expiring in 10 days Notifies admin contact that their GeoTrust Malware Scan service will expire in 10 days. Message to Admin Contact when Malware Scan order at expiry date Notifies admin contact on the day that their GeoTrust Malware Scan service is expiring. Message to Admin Contact when Malware Scan order is 10 days after expiry Notifies admin contact that their GeoTrust Malware Scan service has expired and reminds them to renew it. 40

Trust Service SiteLock renewal messages Trust Service - SiteLock renewal messages are sent when a SiteLock Trust Service certificate is about to expire. On the Customer Messaging page, click the Message Name to view and, optionally, edit the message, including any placeholders. Message Name Message to Admin Contact when SiteLock order is expiring in 60 days Explanation Notifies admin contact that their SiteLock seal expires in 60 days. Editable (/N) Message to Admin Contact when SiteLock order is expiring in 30 days Notifies admin contact that their SiteLock seal expires in 30 days. Message to Admin Contact when SiteLock order is expiring in 10 days Notifies admin contact that their SiteLock seal will expire in 10 days. Message to Admin Contact when SiteLock order is at expiry date Notifies admin contact on the day that their SiteLock seal is expiring. Message to Admin Contact when SiteLock order is expired 10 days ago Notifies admin contact that their SiteLock seal has been expired for 10 days. Trust Service TRUSTe renewal messages Trust Service - TRUSTe renewal messages are sent when a TRUSTe Trust Service certificate is about to expire. On the Customer Messaging page, click the Message Name to view and, optionally, edit the message, including any placeholders. Message Name Message to Admin Contact when TRUSTe order is Explanation Notifies admin contact that their TRUSTe privacy policy expires in 60 days. Editable (/N) 41

Message Name expiring in 60 days Explanation Editable (/N) Message to Admin Contact when TRUSTe order is expiring in 30 days Notifies admin contact that their TRUSTe privacy policy expires in 30 days. Message to Admin Contact when TRUSTe order is expiring in 10 days Notifies admin contact that their TRUSTe privacy policy will expire in 10 days. Message to Admin Contact when TRUSTe order at expiry date Notifies admin contact on the day that their TRUSTe privacy policy is expiring. Message to Admin Contact when TRUSTe order is 10 days after expiry Notifies admin contact that their TRUSTe privacy policy has been expired for 10 days. 42

Revisions May 7, 2013 Added information about the period during which you can request a refund for a Trust Service certificate. September 20, 2012 Added the following SAN certificates: GeoTrust Quick SSL Premium SAN, TrueBusiness ID EV SAN, and TrueBusiness ID SAN Symantec Secure Site EV SAN, Secure Site Pro EV SAN, Secure Site Pro SAN, and Secure Site SAN Thawte SGC Super Certs SAN, SSL Web Server EV SAN, and SSL Web Server Certificate with SAN Incremented version to 4.0.8. April 26, 2012 In order to reduce the number of orders that get declined as a result of incorrect CSRs, you can now use the Parse CSR feature in the Trust Manager to parse the CSR while the order is either pending or processing. Incremented version to 4.0.5. April 17, 2012 VeriSign seals and products are have been re-named to Symantec seals and products. In addition, the maximum term for Symantec products is now four years instead of five. The expiry dates for any existing certificates are unaffected by the change to the maximum term. The maximum registration period for Trust Service products is now four years. Incremented version to 4.0.4. February 16, 2012 ou can export details about Trust Service certificates and view the information as a.csv file. Incremented version to 4.0.1. 43

November 15, 2011 Free 30 day trials are available for the following Trust Service products: GeoTrust True BusinessID with EV TRUSTe Hosted Privacy Policy (HPP) and Privacy Policy with Seal (TPS) VeriSign SecureSite, Secure Site Pro, Secure Site with EV, and Secure Site Pro with EV Incremented version to 3.9.5. October 20, 2011 Added the following Trust Service product: GeoTrust Web Site Anti- Malware Scan. ou can now specify the email address to which the Domain Admin credentials are sent for SiteLock and TRUSTe products. Incremented version to 3.9.4. October 6, 2011 Added the following Trust Service products: Comodo SSL Comodo SSL Wildcard At any time during the current term, you can now upgrade SiteLock SSL certificates to a higher level SiteLock certificate. Incremented version to 3.9.2. September 13, 2011 Added the following Trust Service products: SiteLock Basic SiteLock Premium SiteLock SMB Enterprise Secure TRUSTe HPP (Hosted Privacy Policy) TRUSTe TPS (TRUSTe Privacy Policy with seal) Incremented version to 3.9. March 15, 2011 Added the following Trust Service products: Comodo EV (Extended Validation) SSL Comodo Instant SSL Comodo Premium SSL 44

Comodo Premium SSL Wildcard Trustwave DV (Domain Vetted) SSL Certificate Trustwave Premium EV (Extended Validation) SSL Trustwave Premium SSL Trustwave Premium SSL Wildcard Incremented version to 3.7. 45