SSL Certificates - Glossary of Terms
Use our handy SSL jargon-buster to help explain all the SSL terminology.
256 BIT SSL ENCRYPTION
256 Bit SSL Encryption is a higher form of encryption key than the 128-bit size, and affords stronger security. The 256 Bit indicates that the size of the encryption key used to encrypt the data being passed between a web browser and web server is 256-bits. This enables it to be computationally unfeasible to crack and hence is known as strong SSL security.
A public Certificate Authority verifies the potential certificate owner’s information with a Registration Authority and works within a public key infrastructure. A Certification Authority can also be a network entity that manages and issues digital certificates for data encryption, through security credentials and public keys.
A SSL Certificate may only be issued once the purchaser’s information has been verified by the RA.
CPS (CERTIFICATION PRACTISE STATEMENT)
CPS is short for Certification Practice Statement. The CPS is a document published by the certification authority and outlines the practises and policies employed by the organisation in issuing, managing and revoking digital certificates.
CRL (CERTIFICATE REVOCATION LIST)
CRL is short for Certificate Revocation List. The CRL is a digitally signed data file containing details of each digital certificate that has been revoked. The CRL can be downloaded and installed into a users browser and ensures that the browser will not trust a revoked digital certificate.
CSR is short for Certificate Signing Request. The first stage of applying for a SSL Certificate is to create a CSR on your web server. There is certain company and website information that is required to output a CSR file. This file will be needed when you apply for your SSL Certificate.
Domain Validated SSL CERTIFICATE
A Domain Validated SSL Certificate, validates the actual website domain name, rather than the domain name’s owner. The Certificate Authority (CA) checks the right of an applicant to use a specific domain name. This information can be viewed when the Secure Site Seal is clicked by the website’s visitor.
Extended Validated SSL CERTIFICATE
An Extended Validated SSL Certificate offers the highest industry standard for authentication. The CA performs an in-depth audit of the company applying, and this is done on an annual basis to ensure information integrity.
An EV SSL Certificate provides the best level of customer trust available on the web. When visiting an EV SSL website, the address bar becomes green on the few web browsers that can see high security certificates, e.g. Google Chrome and Internet Explorer. It also displays a field with the name of the legitimate website owner, as well as the name of the security provider that issued the EV SSL Certificate.
GREEN ADDRESS BAR
The Green Bar, Green Address Bar, or Green Browser Bar provides a visual display to customers that the website they are on, is secured with an EV (Extended Validation) SSL Certificate. High security browsers, such as Internet Explorer and Google Chrome, recognize Extended Validated secured websites by turning the URL address bar green.
HOST HEADERS SSL
Host headers are used by II
S as a means of serving multiple web sites using the same IP address. As a SSL Certificate requires a dedicated IP address host headers cannot be used with SSL. When the SSL protocol takes place the host header information is also encrypted - as a result the web server does not know which web site to connect to. This is why a dedicated IP address per web site must be used.
HTTPS is the acronym for Hyper Text Transfer Protocol Secure. Should a website have their own SSL Certificate on their web server, then the http:// part of their website’s URL will change to read https://, which indicates that the connection will be secured and encrypted.
IIS (INTERNET INFORMATION SERVICES)
IIS is short for Internet Information Services and is Microsoft's popular web server software. IIS has full support for SSL, including a CSR generation wizard.
OPEN SSL / MOD SSL
The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and open source toolkit implementing the secure sockets layer (SSL v2/v3) and transport layer security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The project is managed by a worldwide community of volunteers that use the internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation.
Organization Validated SSL CERTIFICATE
An Organization Validated SSL Certificates, validates the actual website domain name, PLUS some of the company information. The Certificate Authority (CA) runs checks on the company to ensure they are a legal operating company. This additional information can be viewed when the Secure Site Seal is clicked by the website’s visitor.
Ordinarily the SSL handshake and subsequent encryption of data between a browser and the web server is handled by the web server itself. However for some extremely popular sites, the amount of traffic being served over SSL means that the web server either becomes overloaded or it simply cannot handle the required number of SSL connections. For such sites a SSL accelerator can help improve the number of concurrent connections and speed of the SSL handshake. SSL accelerators offer the same support for SSL as web servers.
SSL Certificate means Secure Sockets Layer Certificate, which is used to encrypt data transmitted (secure SSL transactions) between a browser and web server (and vice versa).
The SSL protocol was developed by Netscape and is supported by most major web browsers such as Internet Explorer, Netscape, AOL and Opera. A SSL certificate issued by a certification authority must be installed on the web server before SSL can function. The URL’s ‘http’ changes to ‘https’ and displays a small padlock icon on most browsers, to indicate that you are on a SSL secured webpage. Clicking on the padlock icon, will display that site’s SSL Certificate.
This is the term used for the process of communication between a web server and an internet browser, as they set up a SSL session. The browser receiving the SSL Certificate is required to send a challenge data request to the web server holding the SSL. This enables it to prove , cryptographically that this is the server holding the SSL key for that particular SSL Certificate. When the cryptographic challenge has been successful, the handshake is completed and the session ensuing will be encrypted. During this session any data transmitted between the server and the browser will be encrypted.
SSL KEY / PRIVATE KEY
The SSL Key (Private Key) resides on a web server, so as it creates a CSR, it will automatically generate the SSL Key, as it is a means of proving that the server is authorised to use that SSL Certificate.. An SSL Certificate is installed on a web server and when an SSL Certificate is issued, it will pair it up with the SSL Key.
SSL PORT / HTTPS PORT
A SSL port, or an HTTPS port, is the port assigned on a web server specifically for SSL traffic. The industry standard port used is port 443 over the majority of networks, firewalls, etc. The standard port used for non-secure http traffic is usually port 80.
SSL Proxy allows non-SSL aware applications to be secured by SSL. The SSL Proxy will add SSL support by being plugged into the connection between the browser (or client) and the web server. Stunnel (www.stunnel.org) is such a SSL proxy.
TLS Certificate means Transport Layer Security Certificate. The TLS protocol is designed to supersede the SSL protocol, however, currently very few websites are actually using it.
WILDCARD SSL / SHARED CERTIFICATE
A Wildcard SSL allows for the unlimited use of different sub domains on the same domain name. This enables a hosting company to share a single SSL Certificate over multiple websites without the need to issue individual SSL Certificates to each hosting customer. The wildcard certificate allows an organisation to have secure multiple sub domains within its enterprise network. (example, www.domains.co.za and shop.domains.co.za)