Products
Protecting your Brand, your Operations and your Voice
Your Brand
Your brand is your promise to customers. We help you prove — cryptographically — that emails, websites, and content are genuinely from you.
Your Operations
Your operations depend on software, devices, documents, and networks that work as intended. We help you verify integrity and automate trust at scale.
Your Voice
Your voice is how you communicate and create. We help you authenticate the provenance of your communications and content so the world knows it’s really you.
Website Security
Every website deserves a trusted, encrypted connection. TLS/SSL certificates from SSL encrypt communications between your servers and visitors and keep your customers’ data private. Certificate lifetimes are shortening — maximum TLS/SSL certificate lifetimes are 200 days from March 2026, with further reductions toward 47 days proposed.
TLS/SSL Certificates
Single Domain
One specific domain or subdomain. Available in DV, OV, or EV validation.
Enterprise EV Single Domain
Single domain requiring full EV vetting and $1.75M warranty
Wildcard
One domain + all subdomains (*.yourdomain.com). DV or OV validation.
Multi-Domain (UCC/SAN)
Multiple different domains in one certificate — up to 500 SANs. DV, OV, or EV.
Enterprise EV UCC/SAN
Multiple domains requiring full EV vetting and $1.75M warranty
Featured Capabilities
SSL Manager
Free Windows desktop application for ordering, installing, and managing SSL certificates. Supports YubiKey FIPS token management.
Learn more →ACME / CLM
ACME protocol (RFC 8555) for fully automated TLS certificate issuance, renewal, and revocation. No manual renewals. No rate limits.
Learn more →Smart SeaL
Dynamic site seal displaying real-time certificate status and trust indicators for customer-facing websites.
Learn more →Compliance: WebTrust for CA ✓ | WebTrust for BR SSL ✓ | WebTrust for Network Security ✓ | CA/B Forum BR ✓ | ACME (RFC 8555) ✓
Protects your Brand Protects your Voice
Email and Brand Trust
Every day, attackers impersonate brands in email — and recipients can’t tell the difference. SSL’s Email & Brand Trust solutions let you show your verified logo before the email is opened, and sign every message so recipients know it’s genuinely from you.
Brand Trust — Mark Certificates
VMC — Verified Mark Certificate
For private organizations. Requires a registered trademark. Your logo appears in the inbox before the email is opened.
Learn more →CMC — Common Mark Certificate
For established brands without a trademark. Requires 12+ months logo use on your owned domain.
Learn more →GMC — Government Mark Certificate
For government agencies & public institutions. Requires enabling legislation.
Learn more →Email Security — S/MIME Certificates
Basic S/MIME
Individual email signing and encryption. Cryptographic proof that your message came from you.
Learn more →IV S/MIME (Individual Validated)
Personal identity verification tied to the certificate. Your verified name in every signed email.
Learn more →OV S/MIME (Organization Validated)
Organization-level identity verification. Your org name in every signed message.
Learn more →Sponsor S/MIME (IV + OV)
For employees acting on behalf of an organization. Both personal and org identity in one certificate.
Learn more →Compliance: WebTrust for VMC ✓ | WebTrust for S/MIME BR ✓ | CA/B Forum VMC Guidelines ✓ | CA/B Forum S/MIME BR ✓ | BIMI Working Group ✓
Protects your Operations
Software Integrity
Every piece of software you ship carries your name. SSL’s code signing certificates and cloud signing service let you cryptographically sign executables, drivers, scripts, and firmware — so users, platforms, and operating systems can verify your software is authentic and hasn’t been tampered with.
Code Signing Certificates
IV Code Signing
Independent developers and open source maintainers. Personal name on your installer; fast issuance.
Learn more →OV Code Signing
Software companies, ISVs, enterprises. Your organization name; trusted on all Windows versions.
Learn more →Sole Proprietor EV
Individual developers needing EV-level trust. Kernel driver signing and instant SmartScreen reputation.
Learn more →EV Code Signing
Enterprises, driver publishers, CI/CD pipelines. Instant SmartScreen reputation; required for kernel-mode drivers.
Learn more →eSigner for Code — Cloud Signing Service
eSigner for Code
SSL’s cloud HSM-backed signing service. Sign directly from GitHub Actions, Jenkins, Azure DevOps — no hardware tokens required.
Learn more →Compliance: Microsoft Authenticode ✓ | Windows Kernel Mode Driver Signing ✓ | SmartScreen ✓ | Apple Gatekeeper ✓ | CA/B Forum Code Signing BR ✓ | SLSA ✓ | NIST SP 800-218 ✓ | WebTrust for Code Signing BR ✓
Protects your Operations Protects your Voice
Document Trust
Digital documents are only as trustworthy as the signature on them. SSL’s document signing certificates and cloud signing service let individuals, organizations, and teams sign PDFs, contracts, and official documents with a cryptographic signature — globally trusted, legally binding, and tamper-evident from the moment of signing.
Document Signing Certificates
IV Document Signing
Professionals signing personal-capacity documents. Your verified personal name in every signature.
Learn more →OV Document Signing
Organizations; supports eSealing for automation. Organization name; high-volume signing via eSealing.
Learn more →IV+OV Document Signing
Highest assurance — both personal and organizational identity in a single signature. Maximum non-repudiation.
Learn more →eSigner for Documents — Cloud Signing Service
eSigner for Documents
Sign PDFs, contracts, and official documents from any device using the eSigner Express web app or CSC API. Supports eSealing.
Learn more →Compliance: Adobe AATL ✓ | eIDAS (EU) Advanced & Qualified Electronic Signatures ✓ | E-SIGN Act (US) ✓ | UETA ✓ | 21 CFR Part 11 (FDA) ✓ | Cloud Signature Consortium (CSC) API ✓
Protects your Operations
Device & Machine Trust
As IoT devices proliferate and networks grow more complex, cryptographic device identity is no longer optional. SSL provides Matter DAC and PAI certificates for smart home and IoT device manufacturers, and Client Authentication certificates for securing machine-to-machine and user-to-network access.
IoT & Smart Device — Matter Certificates
Matter DAC — Device Attestation Certificate
Per-device identity — issued to individual units during manufacturing. Required for Matter-certified devices.
Learn more →Matter PAI — Product Attestation Intermediate
Per-product-line intermediate CA. Manufacturers can have their own PAI under SSL’s CSA-authorized PAA.
Learn more →Network Access — Client Authentication
Client Authentication
Compliance: Matter (CSA) — SSL is a CSA-authorized PAA ✓ | ETSI EN 303 645 ✓ | EU Cyber Resilience Act ✓ | IEC 62443 ✓ | NIST SP 800-213 ✓ | RFC 5280 / X.509 ✓
Protects your Brand Protects your Voice
Media Authenticity
AI-generated images, deepfake videos, and manipulated media are eroding trust in digital content at scale. SSL’s C2PA certificates and CAWG Certificates let publishers, journalists, photographers, broadcasters, and content platforms embed cryptographic provenance into every piece of content — so anyone can verify who created it, when, and whether it’s been altered.
Content Credentials
C2PA Certificates
Attach a tamper-evident credential to images, video, audio, and documents — recording who created the content, what tools were used, and whether it has been modified.
Learn more →CAWG Certificates
CAWG (Content Authenticity Working Group) Certificates embed your verified organizational or individual identity into C2PA content credentials.
Learn more →Compliance: C2PA (Coalition for Content Provenance and Authenticity) ✓ | CAWG (Content Authenticity Working Group) ✓ | EU AI Act ✓ | CAI (Content Authenticity Initiative) ✓
Protects your Operations
Industry Certificates
Some industries operate under standards that mandate specific certificate types from accredited Certificate Authorities. SSL is a NAESB-accredited CA for the North American energy sector — providing WEQ-12 certificates required for participation in wholesale energy markets and FERC-regulated electronic transactions.
Energy Sector — NAESB WEQ-12
NAESB WEQ-12 Certificate
Required for compliance with NAESB electronic business standards in North American wholesale energy markets. SSL is a NAESB-accredited CA.
Learn more →Compliance: NAESB WEQ-12 — SSL is a NAESB-accredited CA ✓ | FERC (Federal Energy Regulatory Commission) ✓ | NERC CIP (Critical Infrastructure Protection) ✓
Protects your Operations Protects your Brand
Trust Infrastructure
Some organizations need more than a certificate. They need a complete trust hierarchy — their own Certificate Authority infrastructure, issued under audited controls, scaled for their workloads, and governed by their policies. SSL provides dedicated and shared PKI environments and sub-CA issuance for enterprises that require owned, auditable, and operationally rigorous trust infrastructure.
Dedicated — Private PKI
Private Compliance PKI
Cloud-hosted, WebTrust-audited CA hierarchy. Your own Root CA and Issuing CA(s), HSM-backed keys, auditor-witnessed Key Ceremonies. From $20,000/yr.
Learn more →Private Enterprise PKI
Dedicated Root CA and Issuing CA(s) in FIPS HSMs — without the WebTrust audit program. Lower cost for internal-only use cases.
Learn more →Shared — Managed PKI
Managed PKI Certificates
WebTrust-audited private PKI on shared infrastructure. ACME/SCEP/EST/REST enrollment, certificate inventory, expiration tracking, and SIEM integration. From $12,500/yr.
Learn more →Branding — Sub-CA
Custom-Branded Issuing CA
Intermediate CA under SSL’s publicly trusted root. Your organization’s name in the CA field of every certificate you issue. Publicly trusted from day one.
Learn more →Platform Capabilities — All Products
All SSL products are built on shared, FIPS-certified, WebTrust-audited platform infrastructure.
REST API
Unified API for certificate ordering, management, and automation across all product lines.
ACME Protocol (RFC 8555)
Automated certificate lifecycle management — issuance, renewal, revocation. The recommended approach as certificate lifetimes shorten.
SCEP / EST
Supported for MDM, network device, and mobile certificate enrollment.
FIPS 140-2 Level 3 HSMs
All CA private keys generated and stored in FIPS-certified hardware security modules.
WebTrust Audits (BDO)
Annual independent audits covering CA operations, BR SSL, Code Signing, S/MIME, VMC, Network Security.
CA/B Forum Compliance
All certificates issued under applicable CA/B Forum Baseline Requirements.
