TELIA TLS CERTIFICATE - FREQUENTLY ASKED QUESTIONS



  1. Which browsers/operating systems/software trust on Telia Company server certificates?

    Trust chain for Telia OV/DV certificates is built-in to following software products:

    BrowsersTeliaSonera Root CA v1Telia Root CA v2
    EdgeYesFrom OS
    Mozilla FirefoxYesYes (FF 100)
    Google ChromeYesYES
    SafariYesFrom OS
    360 Secure BrowserNoYes
    Other softwareTeliaSonera Root CA v1Telia Root CA v2
    Java from version
    8 build 171 / 7 build 181
    YesYes
    Adobe AATL (a PDF certificate)¹NoYes
    Operating SystemsTeliaSonera Root CA v1Telia Root CA v2
    Windows 11/10/8/ServerYesYes
    Apple iOS, iPadOS, macOS, tvOS and watchOSYesiOS 17 iPadOS 17 MacOS 14 tvOS 17 watchOS 10
    AndroidYesAndroid 14
    Linux²YesYes

    You can test your certificate for a detailed report at SSLLabs certificate test service. Enter address of your website to the service. Testing will take several minutes. A poor rating may be caused by other reasons independent of your Telia certificate. For example, if your server supports TLS versions 1.0 or 1.1, the rating will be lower.

    Please note that browsers and operating systems, which do not support TLS version 1.2 or newer. TLS versions 1.0 and 1.1 have been deprecated by the global certificate community.

    ¹ It is possible to enable trust to PDF documents using certificate storage of Windows operating system.

    ² Certificate support in Linux is based on NSS library collection (Network Security Services) managed by Mozilla Foundation. Maintainers of Linux distributions pack new NSS versions into update packages for a distribution. Thus certificate support in Linux is alwaus based on same libraries in all distributions. It depends on distribution how recent NSS is being used. NSS is used both for TLS and S/MIME encryption services for Linux.

  2. Why does Telia Server/Domain Validation CA not appear in the Trusted Root Certification Authorities list of the Edge?

    Windows versions since XP check CA trust in real time from Microsoft. Telia CA is part of Microsoft Root Certificate Program.

    When a user with a modern version of Windows enters for the first time a page certified with a Telia CA TLS certificate, Windows downloads root certificate as background process. This excerpt from Microsoft explains this issue further:

    Any new roots accepted by Microsoft are available to Windows XP clients through Windows Update. When a user visits a secure Web site (that is, by using HTTPS), reads a secure e-mail (that is, S/MIME), or downloads an ActiveX control that uses a new root certificate, the Windows XP certificate chain verification software checks the appropriate Windows Update location and downloads the necessary root certificate. To the user, the experience is seamless. The user does not see any security dialog boxes or warnings. The download happens automatically, behind the scenes.

    This feature can be tested on the Telia Company certificate test page.

  3. Can I order a Telia Company TLS Certificate for several DNS-values or as a wildcard certificate (*.domain.com)?

    Yes you can. Telia Company does not limit the number of SAN values in certificates and delivers also wildcard certificates.

  4. Why Telia Company does not issue server certificates for internal names and IP addresses?

    CA/Browser Forum requires deprecation of internal names and IP addresses in CA/B Baseline Requirements. Internal names are names not resolvable in public DNS service. Internal IP addresses are so-called private blocks, like 10.x.x.x. The reason for this change of policy is a perceived situation where a malicious hacker can apply for legitimate certificate for an internal name or for an internal IP address. Hacker then installs this certificate into a hacked server in an organization which uses the same internal name or address. The services look normal to users and hacker is able to collect usernames and passwords. The only way to prevent this kind of threat is to stop issuing certificates to private names and addresses.

  5. Can a server certificate be transferred to another server?

    Yes, a certificate can be transferred if the DNS name of the server does not change.

  6. What is the difference between Telia Company SSL Order and Full SSL services?

    SSL Order is designed for small-scale server certificate ordering. To facilitate easy ordering, no agreement is needed between Telia Company and customer before server certificate ordering. Also order can be made without authentication. However, same information has to be typed several times if a number of certificates are ordered and certificate delivery is slower than in Full SSL service.

    Full SSL is for customers, who have a need for more than a few certificates per year. When using Full SSL, certificates are issued quickly using a self-service portal. It is also possible to examine existing certificates in the portal. Full SSL service requires a contract between Telia Company and customer before certificate ordering can begin. Also a free Telia Company user certificate is required for login into service portal. Telia Company encourages customers to adopt Full SSL service with lower prices for certificates issued through Full SSL.

  7. Can I modify my single certificate order after it has been sent for processing or after the order has been rejected?

    It is possible to modify the order until Telia Company has begun to process it. The person placing the order receives an unique URL for accessing the order for modifications.

    In the case of a rejected order, the person who placed the order, can correct the rejected values and re-send the order without a need to fill in all required values in the order.

  8. Do I have to enter all information about my company every time I create a single server certificate order?

    When filling in a single certificate order, it is necessary to type either a full company name or a business ID. Telia ordering service fetches other company details from Dun&Bradstreet corporate information database automatically and saves them to Telia database for next orders. If there has been over 60 days since last order, corporate information is rechecked from Dun&Bradstreet in order to ensure their accudary.

  9. Where can I get support in issues related to Telia Company TLS certificates?

    From email address