Entrust Private SSL Certificates

Privately Trusted SSL Certificates

Entrust Private SSL certificates enable the continued use of non-registered domain names. This new type of certificate provides the same key sizes, signing algorithms, validity periods and CA protection as Entrust’s proven publicly trusted SSL certificates — but are issued via a privately shared CA that protects you from possible impersonation attacks by ensuring no two certificate names are alike.


Used when you needSSL/TLS Security to support Non Fully Qualified Domain names for internal server
Visual Indicators
ValidationOV (Organization Validation)
Key UsageServer to Server Auth
Secures both www.domain.com & domain.comN/A
Base Number of Names (domains included)1
Additional Names (optional $)Up to 250!
non-FQDN’s or
(when GREEN, you can purchase up to 250 SANs)
Malware ScanN/A
Site seal with real time status checkN/A
Management console with free reissues and unlimited server licensing
RSA + ECC 2048 bit / 3072 bit / 4096 bit
Elliptic curve cryptography (ECC)N/A
Desktop and mobile device compatibilityN/A
Volume discounts
and 30 day refund
SHA-2 signing
Intel AMT/VproN/A

What are Your FQDN Certificate Options?

  1. Switch to FQDNs, Keep Public SSL Certificates
    Switch to fully qualified domain names (FQDNs) and continue to use public SSL certificates. Root certificate trust is automatically delivered by the operating system or the browser without your IT involvement. Properly changing domain names, however, could take an extended period of time — or even break existing integrations — as they may be hard-coded into existing applications.
  2. Use In-House, Self-Signed Certificates
    Organizations who require total control may choose to use a dedicated privately trusted CA to deploy non-public SSL certificates for internal security. Offload the burden of managing your own CA by implementing a managed PKI from Entrust. This hosted approach offers the same proven certificates as an in-house PKI without added expense or need to employ an expert staff. You are, however, leaving certificate policy to individual admins, which serves as a disadvantage to most companies.
  3. Switch to Entrust Private SSL Certificates
    Migration to Entrust Private SSL Certificates enables the continued use of non-registered domain names. This new type of privately trusted certificate provides the same key sizes, signing algorithms, validity periods and CA protection as Entrust’s proven publicly trusted SSL certificates — all issued via a private shared CA that ensures no two names are alike.

Front Line Encryption

Your website’s security is our number one priority. That’s why Entrust certificates feature hybrid 256-bit pre-shared and 2048-bit public key encryption in our root certificates. With support for SHA-2 algorithms, Entrust Organization SSL Certificates protect your data by offering security that benefits from the best features of both symmetric and asymmetric encryption.

Additional Benefits & Features

  • Registered & Non-Registered Domains
    Domains for Entrust Private SSL Certificates are registered to just one customer, further bolstering security. For additional flexibility, private SSL certificates may also include previously registered fully qualified domain names.
  • Unlimited Server Licensing
    Like many of Entrust’s trusted SSL certificates, Entrust Private SSL Certificates may be deployed on more than one server — at no additional charge — and can be reissued as required.
  • Full Certificate Lifecycles
    Take full control of your private SSL certificates. From revocation, reissuance and renewal, manage Entrust Private SSL Certificate lifecycles just like a standard publicly trusted SSL certificate via the Entrust Certificate Management service.
  • Up to 250 SAN Values
    Secure up to 250 private domains via a single Entrust Private SSL Certificates. This introduces thousands of dollars in savings compared to the competition, who often limit you to 100 SAN values.
  • Quick Issuance
    Entrust verification begins immediately based upon your certificate request, and your certificate is usually ready within 1-2 days.
  • Unlimited Issuance Policy and Server Licenses
    Enable flexible certificate re-issuance when users lose passwords or re-image machines, and install your certificates on an unlimited number of servers
  • Self-Service Certificate Creation
    Eliminates the wait for manual certificate issuance
  • Convenient Expiry Notifications
    Lessens the risk of inadvertent certificate expiration
  • SSL Certificate Expertise
    Entrust customer service experts are available to help you through every step of the certificate management lifecycle


entrust_site_seal_sslTrust comes from meeting and beating your customer’s expectations. That’s why you should let your visitors know they are on a secure website with the Entrust Site Seal. Our seal makes it easy to visibly show that you have taken steps to ensure your site transactions are secure. Once you make your Entrust SSL purchase, you gain access to your individualized seal. Once you’ve posted the seal on your website, your visitors will be able to click on it and easily verify your site’s authenticity and certificate status.