Frequently Asked Questions
About the Partner Program
What GlobalSign products can I resell?
As a GlobalSign Partner, you have the possibility to resell all three types of GlobalSign’s SSL Certificates (Domain Validated, Organization Validated, & Extended Validation) as well as a selection of Client Certificates, including PersonalSign, PDF Signing, and Code Signing Certificates. For more information about GlobalSign products and features visit: www.globalsign.com/en/digital-certificates/
What are the different types of Partner Program?
GlobalSign currently offers three different types of partnership options, including SSL Resellers, SSL Referrers and VAR Partners.
SSL Reseller Program – This program is especially designed for ISPs, Web Hosts, Domain Registrars and web consultants of all sizes, who can integrate SSL into their own product range as a value-add or revenue generating product. GlobalSign’s Resellers immediately benefit from fantastic margin potential with the option of Pay As You Go or Bulk Order programs. Resellers can easily manage their SSL customers using the GlobalSign Certificate Center web portal or XML and AJAX APIs. GlobalSign Resellers also have the additional option of adding multi-level resellers to their account.
SSL Referrer Program - This program is aimed at companies with an online presence, a customer base, but who do not want to deal directly with the sales of SSL Certificates. GlobalSign’s Referrer program couldn't be simpler. Referrers just refer potential customers to GlobalSign and earn cash-back of 15% on every Certificate sold.
VAR Program - This program enables Value Added Resellers to bundle GlobalSign SSL products into their existing offerings. It allows on-demand access to deploying and managing customers’ SSL Certificates via an easy-to-use web based portal. For further information visit: www.globalsign.com/en/partners/
Understanding the product features
GlobalSign offers a simplified range of SSL Certificates, fitting neatly into the three newly defined SSL classes including fast issuance Domain Validation (DomainSSL), issued in 5 minutes or less, Organization Validation (OrganizationSSL), a pro level type of SSL and Extended Validation (EV SSL - ExtendedSSL), the highest level of SSL trust, which activates the green address bar in next generation browsers.
ExtendedSSL (EV SSL) - This type of SSL Certificate is very stringently vetted to the guidelines set by the CA/B Forum and is the highest level of SSL authentication currently available. EV SSL activates the green address bar in the latest new generation browsers including IE7 and 8, Firefox, Safari and Chrome as well as the standard yellow padlock and details the organisation name and Certification Authority who delivered the certificate – hence providing the highest level of assurance and trust to visitors. This type of certificate is for single Fully Qualified Domain Names (FQDN) such as www.domain.com or secure.domain.com only (no IP address or Wildcard options allowed) and are typically issued in 3-5 business days.
OrganizationSSL (OV SSL) - This SSL Certificate involves full company vetting. During the vetting process, the organisation is validated as is their ownership of the Top Level Domain and the organisation name will appear within the Certificate and the Site Seal. This type of certificate is for single Fully Qualified Domain Names (FQDN) such as www.domain.com or secure.domain.com and Public IP addresses. OrganizationSSL can have a Wildcard function or Subject Alternative Names (SANs) which can be used to secure multiple addresses within the certificate. GlobalSign typically issues Organisation Validated Certificates in 2 business days.
DomainSSL (DV SSL) - This is a low cost, fast issuance SSL Certificate, without the need to submit paperwork. The domain is validated using whois information and an approval email sent to the listed administrator. This type of certificate is for single Fully Qualified Domain Names (FQDN) such as www.domain.com or secure.domain.com and has a Wildcard function which can be used to secure multiple sub domains of a Top Level Domain. Only the FQDN appears in the certificate and site seal and because of this method the certificate is issued in minutes.
EV SSL represents the most significant advancement in how consumers identify a secure site since the inception of SSL over 10 years ago and activates the browser’s green address bar in IE7 and 8, Firefox, Opera, Google Chrome and Safari. In addition to turning the address bar green, websites using EV SSL feature the standard SSL “padlock”, as well as displaying advanced security and identity information, including the organisation name and country behind the website and the issuing SSL Certification Authority - namely the credible and long time established GlobalSign. These additional features provide visitors with visual reassurance that the site they are visiting is legitimate and that their personal information is fully secure - a clear business differentiation for online companies taking preventative action against today’s relentless phishing attacks.
Companies with an online presence should adopt EV SSL to:
Protect customers’ accounts from phishing attacks – any website that gives their customers accounts is a potential phishing attack
Protect your brand from copy cat websites – ensure customers know the site claiming to be you really is you
Elevate your site image – position your brand against the big brands, thousands of which have already adopted EV SSL
EV SSL will not only help to achieve the above but will also reduce companies’ shopping basket abandonment rates, therefore increasing sales conversions. EV SSL increases trust and higher trust means more confidence in the web site and more confidence inevitably means higher visitor to customer conversions.
A Wildcard Certificate is a great way for a company to tie up all their domains in one certificate, as a single SSL Certificate is used to secure multiple websites. Typically a standard SSL Certificate is issued to a single Fully Qualified Domain Name (FQDN) only, which means it can only be used on the exact domain (including sub-domain) to which it has been issued. With the Wildcard SSL option activated you can easily get around this restriction by receiving an SSL Certificate issued to *.domain.com. The * character replaces a "fixed" sub-domain with a "variable" one.
e.g. a single Wildcard certificate allows you to secure:
As well as securing an unlimited number of sub domains on your domain Name with a single SSL Certificate, the Wildcard function also helps future proof the addition of further secure sub domains and eases SSL and IP address management.
When should Unified Communication (SANs) Certificates be used?
Standard SSL Certificates secure only one Fully Qualified Domain Name. For total flexibility, a GlobalSign Unified Communications SSL Certificate adds additional Subject Alternative Names (SANs) to your Certificate to allow up to 100 “domain” or “server” names to be secured using the same single Certificate. This provides total flexibility and allows you to build an SSL Certificate that’s simple to use and install, more secure than a Wildcard SSL and built for your exact server security requirements.
What is the browser/device compatibility of GlobalSign Certificates?
Our GlobalSign-Ready worldwide root embedding program has been in operation for over 10 years. The result - the GlobalSign Root Certificate is the only Root of 2048 bit strength to be present in every popular machine, device, application and platform that utilizes the trust of Public Key Infrastructure (PKI) e.g. SSL/TLS, S/MIME, Code Signing and Document Signing. It is this universal support that means your Digital Certificates are transparently trusted by each and every customer - wherever whenever and however they connect to your services. The GlobalSign Ready program is managed by all the International GlobalSign offices (US, UK, Continental Europe, Japan & China) where our worldwide presence enables the highest level of public trust, even niche new devices and applications - accelerating us years ahead of other Certification Authorities. For further information visit:
The GlobalSign SSL Certificate Secure Site Seal is a sign of trust. It shows customers that the company has been authenticated and uses the strongest SSL possible to secure their transactions. Displaying the SSL Certificate Secure Site Seal will help convert visitors to paying customers and gives them the confidence to complete a transaction. By visiting www.globalsign.com/en/ssl/secure-site-seal/, customers can download the site seal and easily install it as the HTML code for their website is generated automatically.
Successful positioning and pricing policies:
What prices should I charge for the SSL I resell?
Be competitive and make a name for your company as a competitive SSL Provider. GlobalSign recommends that your pricing is in line with the individual packages you are offering and that you take into consideration your customers’ price sensitivity. GlobalSign Pay-As-You-Go prices allow you to make a considerable profit per SSL Certificate sold and we suggest using GlobalSign’s SRP prices as a guide.
Where can I find product sales copy to add to my web site?
Extensive SSL product copy that can be replicated on your website can be found under the Sales and Training section within the Partner Resource Center at: www.globalsign.com/en/partner-center.
Where can I find campaign resources to help promote SSL to my customers?Samples of existing successful GlobalSign campaigns that can be replicated by partners can be found under the Advertising and Campaign section with the Partner Resource Center at: www.globalsign.com/en/partner-center
Understanding the reselling workflow
GlobalSign requires the full certificate details before an order can be processed. This information can be given from the partner via GCC, API or SAPI (based on the partner previously capturing the correct details from the end customer during the bundling process or as a separate process), or via the end customer directly supplying the information to GlobalSign using a Cert-Invite. The majority of partners use the API/SAPI or capture the details separately and place the order via GCC once the customer has been won. Hosting companies can also use control panels to automate SSL certificate orders using Ubersmith or WHMCS software plug-ins.
The details are then vetted to the standard required (depending on the type of certificate ordered) by GlobalSign’s vetting team and if approved the certificate is issued. The certificate is emailed to the technical contact, usually the partner or the end customer if this has been specified in GCC when ordering.
How do I order Certificates?
Once your Partner Account has been approved, you must decide on the most suitable way for you as a reseller to order certificates. SSL certificates can be ordered using the following methods. Start reselling GlobalSign SSL certificates through GCC, an API or Certificate Invite.
Via GlobalSign Certificate Center (GCC)
Log into your GCC account by visiting www.globalsign.com/login.
Simply enter your User ID and Password. (Your User ID is the number given to you at the end of the Partner sign up, you can also find it in your Welcome Email. Your Password is the password you entered during the Partner Signup).
This method requires you to place the order on behalf of the customer by entering all the information needed to issue the SSL Certificate, including the CSR and company information. Start by clicking “New/Renew Certificate” under “SSL Certificates for Retail & Partners” and follow the instructions given.
For a complete step by step guide on how to order a certificate visit
You can automate and reduce the time spent ordering and receiving certificates via the integration of an API (Application Programming Interface) into your own systems to allow your end customers to place orders directly. GlobalSign has developed a number of APIs to suit your needs, depending on the degree of automation required (from full automation of the workflow to partial automation using a Simple API).
Contact your Account Manager today to discuss your API options, and they will assist in allocating an integration specialist for your requirements.
This method is significantly simplified and requires you to enter only the contact details of the customer. It does not require you to enter their company information or CSR. When you create a Cert‐Invite, GlobalSign will generate a unique code specific to the order and give you a PIN. We then send an email to the customer containing a link. You must communicate the PIN to the end user yourself – typically we would suggest doing this once you have received payment from your customer. Click “Create New Cert-Invite” in the “Cert-Invites” section and follow the step by step instructions.
Who is responsible for the billing of the Certificates sold?
The individual Partner is responsible for billing their customers for any certificates ordered. GlobalSign will charge you via your GCC account for every certificate you order, so the accountability lies with you to bill your end customer. It is therefore important that you bill your customer before giving them access to their certificate.
How do I automate my offering with the Simple API or XML API?
GlobalSign has developed a number of APIs (Application Programming Interface) designed for Partners to automate the ordering and delivery of customer's SSL Certificates. GlobalSign API libraries exist to automate a number of critical functions you would typically need to perform via the web based GlobalSign Certificate Center (GCC):
Placing a new Certificate order
Querying the order status of a Certificate order
Receiving an issued Certificate
The APIs allow you to integrate your own Control Panels, ordering, purchasing and billing systems to the SSL Partner facilities to automate part of, or all of the SSL workflow with your customers. The APIs help you error check in real-time and reduce the time you may spend dealing directly with customer orders. APIs mean automation.
GlobalSign provides both a full XML API and a simple AJAX based API (SAPI) depending on the level of integration you require.
The XML API performs practically every function available through GCC. It allows the deepest and most comprehensive integration into your own systems, such as your customer facing Control Panel or internal purchasing and management systems. The XML API connects your systems to GlobalSign, giving real time CSR parsing, error checking and allows full querying on order status.
The Simple API, or SAPI, is an Ajax based application that will automate the SSL ordering process. This removes the need to manually place orders via your GCC account, instead it will allow your customers to place orders via an Ajax web application embedded directly into your webpage. Webmasters need only implement a small snippet of HTML code within the page hosting the SAPI application to use this automated ordering facility and no coding experience is necessary. All Partners need to do is approve orders that have been placed via the SAPI and arrange billing directly with their customers.
Control Panel Integration
The GlobalSign APIs are already integrated into leading hosting / data center management software from Ubersmith and WHMCS. If you have an inhouse Control Panel, or use a third party Control Panel talk to your Account Manager today about current API integration options.
If you would like to take your SSL integration to the next level please contact your Account Manager today who will put you in touch with an integration specialist to discuss your API options. We will do everything we can to ensure your SSL provisioning workflow is as zero-touch as possible.
What is the Cert-Invite feature and how can I use it to help me resell Certificates?
The Cert-Invite feature is a simplified method of ordering customer certificates as it only requires you to enter the contact details of the end customer. It does not require you to enter their company information or CSR. Your customer informs GlobalSign of this information.
When you create a Cert-Invite, GlobalSign will generate a unique code specific to the order and give you a PIN. We then send an email to the customer containing a link. However you must communicate the PIN to the end user yourself – typically we would suggest doing this once you have received payment from your customer.
What features are integrated in GCC to help me manage my customers?
The GlobalSign Certificate Center includes numerous useful features to help partners manage their SSL Certificates simply and efficiently including the following tools:
Certificate Management – issue, reissue and renew customer’s SSL certificates
Accounting and Billing – billing management including PDF invoice generation
Reporting – analyse your past performance
Account Management – create and manage account users setting different levels of privileges
Who completes the applicant validation?
Once you have placed an order for a Certificate via GCC, it is then up to GlobalSign as the Issuing Certification Authority to validate the applicant, process the order and issue the certificate. If there are any problems with the order at any stage you will be contacted by our support team.
How am I protected from applications made by potential phishing sites?
GlobalSign has implemented numerous anti phishing algorithms based on the Anti Phishing Working Group’s public lists to eliminate the risk of partners being subject to potential phishing attacks. GlobalSign also goes one step further and uses a number of its own potential phishing flags to try to eliminate such attacks.
How can I upgrade my account to allow me to manage my own sub-resellers?
GlobalSign SSL Partners can create and manage their own set of second tier sub-resellers – allowing a multi-level reseller chain. You can sign up, set pricing, manage and report on your own sub-resellers – giving them all the benefits you enjoy through partnering with GlobalSign. For further details about creating your own sub-resellers contact your Account Manager to discuss if you are eligible to benefit from a multi-level account.