Glossary & Jargon Buster

The SSL industry contains many different technical terms and they may be cause for some confusion. Find out more about these particular and specific terms and what they mean here.

SSL - Secure Sockets Layer

SSL is short for Secure Sockets Layer. The SSL protocol was developed by Netscape and is supported by all popular web browsers such as Internet Explorer, Netscape, AOL and Opera. For SSL to work, an SSL Certificate issued by a Certification Authority must be installed on the web server, SSL can then be used to encrypt the data transmitted between a browser and web server (and vice versa).

Browsers indicate a SSL secured session by changing the http to https and displaying a small padlock. Website visitors can click on the padlock to view the SSL Certificate.

TLS - Transport Layer Security

TLS is short for Transport Layer Security. The TLS protocol is designed to one day supersede the SSL protocol.

HTTPS - Hypertext Transfer Protocol Secure

Browsers can connect to web servers over http and over https. Connecting over https involves you entering https:// before the domain name or URL and, providing the web server has a SSL Certificate, the connection will be secured and encrypted.

DV - Domain Validation

An SSL Certificate that validates the website domain, rather than the actual company who owns the domain. This is done, by simply sending an automated e-mail to an e-mail address that is either registered on the WHOIS details of a website or an allowed generic e-mail address. More About DV Certificates 🔗

OV - Organization Validation

Organization Validation (OV) SSL Certificates is when the company is validated, rather than just the domain. The Certificate Authority (CA) runs checks on the company to ensure they are a legal operating company. More About OV Certificates 🔗

EV - Extended Validation

Extended Validation (EV) SSL Certificates offer the highest industry standard for authentication and provide the best level of customer trust available. When consumers visit a website secured with an EV SSL Certificate, the address bar turns green in high-security web browsers and a special field appears with the name of the legitimate website owner along with the name of the security provider that issued the SSL Certificate. More thorough and strict company checks are performed by the CA (Certificate Authority) before an EV SSL Certificate can be issued. More About EV Certificates 🔗

Green Bar - Green Browser Bar - Green Address Bar

The Green Bar 🔗 (Green Address Bar or Green Browser Bar) provides a visual display to customers that a website is secured with an EV (Extended Validation) SSL Certificate when they are browsing the Internet. High security browsers (such as Internet Explorer and Google® Chrome) recognize Extended Validation secured websites and show the presence of EV by turning the address bar green.

256 Bit SSL

256 Bit SSL is also referred to as strong SSL security. The 256 Bit tells users that the size of the encryption key used to encrypt the data being passed between a web browser and web server is 256 Bits in size. Because the size of the 256 Bit key is large it is computationally unfeasible to crack and hence is known as strong SSL security.

CSR - Certificate Signing Request

CSR is short for Certificate Signing Request. When applying for an SSL Certificate, the first stage is to create a CSR on your web server. This involves telling your web server some details about your site and your organization; it will then output a CSR file. This file will be needed when you apply for your SSL Certificate.

SSL Key / Private Key

The SSL Key, also known as a Private Key, is the secret key associated with your SSL Certificate and should reside securely on your web server. When you create a CSR your web server will also create a SSL Key. When your SSL Certificate has been issued, you will need to install the SSL Certificate onto your web server - which effectively marries the SSL Certificate to the SSL key. As the SSL key is only ever used by the web server it is a means of proving that the web server can legitimately use the SSL Certificate.

If you do not have, or lose either the SSL Key or the SSL Certificate then you will no longer be able to use SSL on your web server.

SSL Handshake

The SSL handshake is the term given to the process of the browser and web server setting up a SSL session. The SSL handshake involves the browser receiving the SSL Certificate and then sending "challenge" data to the web server in order to cryptographically prove whether the web server holds the SSL key associated with the SSL Certificate. If the cryptographic challenge is successful then the SSL handshake has completed and the web server will hold a SSL session with the web browser. During a SSL session the data transmitted between the web server and web browser will be encrypted. The SSL handshake takes only a fraction of a second to complete.

SSL Port / HTTPS Port

A port is the "logical connection place" where a browser will connect to a web server. The SSL port or the https port is the port that you would assign on your web server for SSL traffic. The industry standard port to use is port 443 - most networks and firewalls expect port 443 to be used for SSL. However it is possible to name other SSL ports / https ports to be used if necessary. The standard port used for non-secure http traffic is 80.

SSL Proxy

SSL Proxy allows non-SSL aware applications to be secured by SSL. The SSL Proxy will add SSL support by being plugged into the connection between the browser (or client) and the web server. Stunnel (www.stunnel.org) is such a SSL proxy.

SSL Accelerator

Ordinarily the SSL handshake and subsequent encryption of data between a browser and the web server is handled by the web server itself. However for some extremely popular sites, the amount of traffic being served over SSL means that the web server either becomes overloaded or it simply cannot handle the required number of SSL connections. For such sites a SSL accelerator can help improve the number of concurrent connections and speed of the SSL handshake. SSL accelerators offer the same support for SSL as web servers.

IIS - Internet Information Services

IIS is short for Internet Information Services and is Microsoft's popular web server software. IIS has full support for SSL, including a CSR generation wizard.

Host Headers

Host headers are used by IIS as a means of serving multiple websites using the same IP address. As an SSL Certificate usually requires a dedicated IP address host headers usually can't be used with SSL. When the SSL protocol takes place the host header information is also encrypted - as a result the web server does not know which website to connect to. This is why a dedicated IP address per website should be used.

OpenSSL / MOD SSL

The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and open source toolkit implementing the secure sockets layer (SSL v2/v3) and transport layer security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The project is managed by a worldwide community of volunteers that use the internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation.

Shared SSL & Wildcard SSL

It is possible for a web hosting company to share a single SSL Certificate - this allows the same SSL Certificate to be used by many websites without the need to issue individual SSL Certificates to each hosting customer. The recommended way to share SSL is to use a wildcard SSL Certificate as this allows the unlimited use of different sub domains on the same domain name.

CPS - Certification Practice Statement

CPS is short for Certification Practice Statement. The CPS is a document published by the certification authority and outlines the practices and policies employed by the organisation in issuing, managing and revoking digital certificates.

CRL - Certificate Revocation List

CRL is short for Certificate Revocation List. The CRL is a digitally signed data file containing details of each digital certificate that has been revoked. The CRL can be downloaded and installed into a users browser and ensures that the browser will not trust a revoked digital certificate.