Becoming a Trustico® partner puts you in control of SSL Certificate purchases for your own customers, and that control carries responsibility. Partners are the first point of contact for their customers and are expected to learn every aspect of SSL Certificate issuance, validation, management, and the industry regulations that govern them.
This page describes the responsibilities every partner accepts when ordering through the partner service. The guides linked throughout are required reading for anyone offering SSL Certificates to their own customers. Learn About Our Partner Service 🔗
Understanding the SSL Certificate Issuance Process
Partner orders are processed in real time through systems linked directly to the issuing Certificate Authority (CA). An order only completes once validation has been satisfied, so partners must understand what happens between submission and issuance to set accurate expectations with their customers. Find Out More About SSL Certificate Issuance Speeds 🔗
Every traditional order begins with a Certificate Signing Request (CSR). Partners should know how to generate a Certificate Signing Request (CSR) on common platforms, what details it must contain, and which files their customer needs to keep from that process. Learn About Certificate Signing Requests (CSR) 🔗
When a customer cannot supply a Certificate Signing Request (CSR), the AutoCSR service generates one during checkout and delivers its output once inside a password-protected archive file. Partners using AutoCSR remain responsible for storing that archive safely. Discover the AutoCSR Service 🔗
Installation of each issued SSL Certificate is the responsibility of the partner or their customer. Trustico® does not configure customer servers or investigate platform specific solutions on a customer's behalf, so partners should be familiar with installation steps on the platforms their customers run. View Our Installation Instructions 🔗
Learning the Validation Requirements
No SSL Certificate is issued until the Certificate Authority (CA) completes validation. Partners must understand each validation method well enough to guide a customer through it, because a stalled validation is the most common reason an order does not complete. Learn About The Validation Procedure 🔗
Domain Control Validation (DCV) Methods
Domain Control Validation (DCV) can be completed by e-mail, by a Domain Name System (DNS) record, or by placing a file on the web server. Each method has strict rules. E-Mail validation only accepts five pre-approved addresses at the domain, and file based validation cannot be used for Wildcard SSL Certificates.
Completed Domain Control Validation (DCV) can be reused for a limited period before the Certificate Authority (CA) requires it to be performed again. Partners managing many domains should track when each validation will need repeating. Learn About Domain Control Validation (DCV) Reuse Periods 🔗
Certification Authority Authorization (CAA) and Network Readiness
A Certification Authority Authorization (CAA) lookup occurs for every issuance request, whether or not the domain publishes Certification Authority Authorization (CAA) records. If a customer's Domain Name System (DNS) servers are unreachable or block the lookup, issuance fails. Learn About Certification Authority Authorization (CAA) Records 🔗
Validation checks are also performed from multiple network perspectives around the world under Multi-Perspective Issuance Corroboration (MPIC). Partners should confirm that customer Domain Name System (DNS) and web servers respond globally, not just from one region. Learn About Multi-Perspective Issuance Corroboration (MPIC) 🔗
Validation Levels for Each Product Type
Domain Validation (DV), Organization Validation (OV), and Extended Validation (EV) each carry different requirements and timeframes. Partners must match the right validation level to each customer and prepare them for the checks involved, particularly the business verification steps required for Organization Validation (OV) and Extended Validation (EV) orders. Learn About Extended Validation (EV) Requirements 🔗
Managing Licenses in the Tracking System
The tracking system is where every SSL Certificate is collected, reissued, and managed throughout its license period. It is accessed on an order by order basis and displays both the license validity dates and the validity details of the last SSL Certificate issued. Visit the Tracking System 🔗
Partners are expected to use the tracking system as their primary management tool. SSL Certificates are made available there rather than delivered through accounts, and partners should retain the order details needed to access each order on behalf of their customers.
Warning : Trustico® delivers the secure files for each order once and does not retain them afterward. If an archive file or its unlock code is lost, the SSL Certificate must be reissued with a new Certificate Signing Request (CSR). Partners are responsible for retaining archive files and unlock codes on behalf of their customers.
The same care applies to order references and access details. Keeping the Trustico® order number, the Certificate Authority (CA) reference, and any AutoCSR unlock code together with each customer record makes reissues and support requests far quicker to resolve.
Reissue Responsibilities During Each License Period
SSL Certificate licenses can be purchased for periods of up to five years, however each issued SSL Certificate has a maximum validity of 200 days under current industry regulations. During a multi-year license the SSL Certificate must be reissued before each expiry, at no additional cost, to maintain continuous protection. Learn About Reissuing Your SSL Certificate 🔗
A reissue is performed through the tracking system and produces a fresh SSL Certificate within the existing license. Partners should schedule reissues well before expiry, because validation may need to be repeated if the reuse period has lapsed. Learn About Maintaining Your SSL Certificate Protection 🔗
Important : Partners are responsible for monitoring the expiry dates of every SSL Certificate installed for their customers. Failure to reissue before expiry results in security warnings being displayed to website visitors, even when the license period is still active.
When managing larger volumes it is advisable to use dedicated SSL Certificate monitoring software that detects installed SSL Certificates and raises alerts ahead of expiry. The shorter validity periods now in force make manual diary based tracking unreliable at scale. Learn About Managing Shorter Validity Periods 🔗
Renewing Licenses Before They Lapse
A renewal is the purchase of a new license once the existing license period ends, and it is a separate action from a reissue. Partners must track license end dates alongside SSL Certificate expiry dates and place renewal orders in time to avoid any gap in coverage. Learn About License Renewals 🔗
These obligations sit with the license holder. Trustico® sends reminder e-mails as a courtesy, however the responsibility for acting on expiry, reissue, and renewal always remains with the partner and their customer. View Your Obligations as a License Holder 🔗
Keeping Pace with Industry Regulations
The rules governing SSL Certificate issuance are set by the Certificate Authority (CA)/Browser Forum and apply to every provider worldwide. Trustico® did not create these obligations and cannot override them, so partners must follow regulatory changes and prepare their customers in advance.
Maximum validity periods are reducing in stages, from 200 days now to 100 days in 2027 and 47 days from 2029, with Domain Control Validation (DCV) reuse periods reducing in parallel. Partners who understand this timeline can move customers toward automation before manual processes become unworkable. Read About The 200 Day Validity Period Change 🔗
Other regulatory changes arrive regularly, such as the removal of WHOIS based validation and the withdrawal of the Client Authentication Extended Key Usage (EKU) from publicly trusted SSL Certificates. Partners should review announcements as they are published and assess the impact on their customers. Read About The Client Authentication Extended Key Usage (EKU) Deadline 🔗
Supporting Your Own Customers
The partner service operates on a private label basis. Your customers are yours, and Trustico® will not direct them to the retail site or contact them with marketing material wherever possible. In return, partners provide first line support for the SSL Certificates they offer to those customers.
That means answering customer questions about validation, installation, reissue, and expiry without referring the customer to Trustico® directly. The support department assists partners with the everyday running of the account and remains available when a question goes beyond what a partner can resolve. Explore Our Support Options 🔗
Reliable e-mail delivery is part of this responsibility. Validation messages, reminders, and delivery notices are sent to addresses associated with each order, so partners must keep those addresses working and check that messages are not being filtered or suppressed. Learn About Missing and Undelivered E-Mail 🔗
Commercial Terms and Refund Policies
Partner pricing is discounted in exchange for firm commercial terms. Partner orders are not eligible for refunds once the SSL Certificate has been issued, and funds deposited into a prepaid balance are generally not refundable. Partners should understand these terms before placing orders on behalf of customers. Read the Partner Refund Policy 🔗
Because the AutoCSR service is available on every order, the absence of a Certificate Signing Request (CSR) is not accepted as a reason for a credit. Partners should also review the broader terms that apply to all accounts and orders before offering SSL Certificates to their customers. Read Our Terms and Conditions 🔗
Partner Conduct and Account Cancelation
Partner pricing is provided on the understanding that the account is operated as a genuine partner account. That means taking on the responsibilities described on this page, handling first line support for your own customers, and complying with the terms that apply to every order.
Where an account is not operated in this way, Trustico® will be required to cancel the partner account and return the pricing to standard retail rates. Account refunds in these circumstances are typically not possible because the discounted pricing structure applies across the entire account. Read About Partner Cancelation 🔗
Automating Management with Certificate as a Service (CaaS)
Partners who prefer fully automated SSL Certificate lifecycle management can use Certificate as a Service (CaaS), which handles renewals and reissues automatically through the Automatic Certificate Management Environment (ACME) protocol. This removes the manual monitoring burden that shorter validity periods create. Explore Our Certificate as a Service (CaaS) 🔗
Certificate as a Service (CaaS) is available across both the Sectigo® branded and Trustico® branded product lines, each with its own Automatic Certificate Management Environment (ACME) endpoint. The External Account Binding (EAB) credentials supplied through your account are matched to the correct endpoint for each purchase. Learn About External Account Binding (EAB) Credentials 🔗
Whichever approach a partner takes, the responsibilities described on this page remain in place for the life of every license. Partners who invest the time to learn these processes resolve customer issues faster, avoid preventable expiry incidents, and get the most value from their preferential pricing.
