Meanings & Jargon Buster
If you're confused by all the SSL terms and jargon used, use our handy SSL jargon buster to help explain what they all mean.
SSL - Secure Sockets Layer
SSL is short for Secure Sockets Layer. The SSL protocol was developed by Netscape and is supported by all popular web browsers such as Internet Explorer, Netscape, AOL and Opera. For SSL to work, an SSL Certificate issued by a Certification Authority must be installed on the web server, SSL can then be used to encrypt the data transmitted between a browser and web server (and vice versa).
Browsers indicate a SSL secured session by changing the http to https and displaying a small padlock. Website visitors can click on the padlock to view the SSL Certificate.
TLS - Transport Layer Security
TLS is short for Transport Layer Security. The TLS protocol is designed to one day supersede the SSL protocol.
HTTPS - Hypertext Transfer Protocol Secure
Browsers can connect to web servers over http and over https. Connecting over https involves you entering https:// before the domain name or URL and, providing the web server has a SSL Certificate, the connection will be secured and encrypted.
DV - Domain Validation
An SSL Certificate that validates the website domain, rather than the actual company who owns the domain. This is done, by simply sending an automated e-mail to an e-mail address that is either registered on the WHOIS details of a website or an allowed generic e-mail address.
OV - Organization Validation
Organization Validation (OV) SSL Certificates is when the company is validated, rather than just the domain. The Certificate Authority (CA) runs checks on the company to ensure they are a legal operating company.
EV - Extended Validation
Extended Validation (EV) SSL Certificates offer the highest industry standard for authentication and provide the best level of customer trust available. When consumers visit a website secured with an EV SSL Certificate, the address bar turns green in high-security web browsers and a special field appears with the name of the legitimate website owner along with the name of the security provider that issued the SSL Certificate. More thorough and strict company checks are performed by the CA (Certificate Authority) before an EV SSL Certificate can be issued.
Green Bar - Green Browser Bar - Green Address Bar
The Green Bar (Green Address Bar or Green Browser Bar) provides a visual display to customers that a website is secured with an EV (Extended Validation) SSL Certificate when they are browsing the Internet. High security browsers (such as Internet Explorer and Google Chrome) recognize Extended Validation secured websites and show the presence of EV by turning the address bar green.
256 Bit SSL
256 Bit SSL is also referred to as strong SSL security. The 256 Bit tells users that the size of the encryption key used to encrypt the data being passed between a web browser and web server is 256 Bits in size. Because the size of the 256 Bit key is large it is computationally unfeasible to crack and hence is known as strong SSL security.
CSR - Certificate Signing Request
CSR is short for Certificate Signing Request. When applying for an SSL Certificate, the first stage is to create a CSR on your web server. This involves telling your web server some details about your site and your organisation; it will then output a CSR file. This file will be needed when you apply for your SSL Certificate.
SSL Key / Private Key
The SSL Key, also known as a Private Key, is the secret key associated with your SSL Certificate and should reside securely on your web server. When you create a CSR your web server will also create a SSL Key. When your SSL Certificate has been issued, you will need to install the SSL Certificate onto your web server - which effectively marries the SSL Certificate to the SSL key. As the SSL key is only ever used by the web server it is a means of proving that the web server can legitimately use the SSL Certificate.
If you do not have, or lose either the SSL Key or the SSL Certificate then you will no longer be able to use SSL on your web server.
The SSL handshake is the term given to the process of the browser and web server setting up a SSL session. The SSL handshake involves the browser receiving the SSL Certificate and then sending "challenge" data to the web server in order to cryptographically prove whether the web server holds the SSL key associated with the SSL Certificate. If the cryptographic challenge is successful then the SSL handshake has completed and the web server will hold a SSL session with the web browser. During a SSL session the data transmitted between the web server and web browser will be encrypted. The SSL handshake takes only a fraction of a second to complete.
SSL Port / HTTPS Port
A port is the "logical connection place" where a browser will connect to a web server. The SSL port or the https port is the port that you would assign on your web server for SSL traffic. The industry standard port to use is port 443 - most networks and firewalls expect port 443 to be used for SSL. However it is possible to name other SSL ports / https ports to be used if necessary. The standard port used for non-secure http traffic is 80.
SSL Proxy allows non-SSL aware applications to be secured by SSL. The SSL Proxy will add SSL support by being plugged into the connection between the browser (or client) and the web server. Stunnel (www.stunnel.org) is such a SSL proxy.
Ordinarily the SSL handshake and subsequent encryption of data between a browser and the web server is handled by the web server itself. However for some extremely popular sites, the amount of traffic being served over SSL means that the web server either becomes overloaded or it simply cannot handle the required number of SSL connections. For such sites a SSL accelerator can help improve the number of concurrent connections and speed of the SSL handshake. SSL accelerators offer the same support for SSL as web servers.
IIS - Internet Information Services
IIS is short for Internet Information Services and is Microsoft's popular web server software. IIS has full support for SSL, including a CSR generation wizard.
Host headers are used by IIS as a means of serving multiple websites using the same IP address. As an SSL Certificate usually requires a dedicated IP address host headers usually can't be used with SSL. When the SSL protocol takes place the host header information is also encrypted - as a result the web server does not know which website to connect to. This is why a dedicated IP address per website should be used.
OpenSSL / MOD SSL
The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and open source toolkit implementing the secure sockets layer (SSL v2/v3) and transport layer security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The project is managed by a worldwide community of volunteers that use the internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation.
Shared SSL & Wildcard SSL
It is possible for a web hosting company to share a single SSL Certificate - this allows the same SSL Certificate to be used by many websites without the need to issue individual SSL Certificates to each hosting customer. The recommended way to share SSL is to use a wildcard SSL Certificate as this allows the unlimited use of different sub domains on the same domain name.
CPS - Certification Practice Statement
CPS is short for Certification Practice Statement. The CPS is a document published by the certification authority and outlines the practises and policies employed by the organisation in issuing, managing and revoking digital certificates.
CRL - Certificate Revocation List
CRL is short for Certificate Revocation List. The CRL is a digitally signed data file containing details of each digital certificate that has been revoked. The CRL can be downloaded and installed into a users browser and ensures that the browser will not trust a revoked digital certificate.