SSL Glossary

1024/2048 bit

This refers to the length of the key used. To get 128 bit encryption you need a 1024 bit key length, and to get 256-bit encryption you need a 2048 bit key length. Specify your key length when generating your CSR or Certificate Signing Request.

256 bit SSL (256-bit encryption)

256 bit is a common key size, replacing 128-bit encryption. All SSL247 certificates are capable of 256 bit encryption. Remember you need SGC to guarantee a minimum of 128 bit, even with a 256-bit capable SSL certificate. Read more about SGC here.

Certificate Expiry

The date after which your certificate is no longer trusted and after which users will get 'untrusted site' browser warnings. You can find the date within your certificate or by checking your MySSL account to see the start and end dates of all your certificates.

Certificate Renewal

To get a new certificate for the same domain.

Certificate Revocation

If your certificate is revoked, your website will no longer be trusted and site visitors will get browser warnings telling them not to trust your site. CAs can revoke your certificate remotely, in the case of misuse for instance.

Certification Authority (CA)

The digital certificates are provided by Certification Authorities - VeriSign, Thawte, GeoTrust, GlobalSign and RapidSSL are all stock-exchanged listed CAs who own their own stable, trusted roots. They will do security checks before issuing the certificate. Unlike lesser CAs, VeriSign, Thawte, GeoTrust, GlobalSign and RapidSSL have never miss-issued a certificate (issued a certificate for a fraudulent applicant). Stock exchange listed CA Private CA Owned, stable root Best practice; used by global banks and financial institutions . Examples include VeriSign, Globalsign and ALL SSL certs provided by SSL247. Less than ideal, but fine for non-critical uses. Stability comes from CA owning its own root(s) but there is no means of knowing if the CA is financially sound. SSL247 do NOT sell SSL from such CA's. Leased root N/A - listed CAs own their own roots, they can't risk a 3rd party owning/controlling their roots. Worst practice, highest risk. CA doesn't have to prove it is financially sound, leases or rents a root from 3rd party. SSL247 do NOT sell SSL from such CA's.

Chained Root

A chained root requires to install CA root, i.e. several certificates have to be installed on your server. All SSL certificates are moving towards chained root installation, and away from single root - as chained root provides extra layers of security compared to single.

CPS (Certification Practice Statement)

The CPS is a document published by the CA (Certification Authority) and sets out the practices and policies employed by the organisation in issuing, managing and revoking their digital certificates. Useful links ' SSL247s chosen CA's each have their own CPS available here: http://www.verisign.com/repository/CPS/ http://www.geotrust.com/resources/repository/legal/ http://www.thawte.com/cps/ http://www.globalsign.com/repository/ http://www.rapidssl.com/legal/

Create a CSR (Certificate Signing Request)

This is the first step in applying for an SSL certificate. You need to create a Certificate Signing Request on your server and provide details about your website and your organisation.

CRL (Certificate Revocation List)

The CRL is a digitally signed data file containing details of every digital certificate that has been revoked by that CA. The CRL can be downloaded and installed into a user's browser and ensures that the browser will not trust any revoked digital certificates. Useful links - SSL247s chosen CA's each have their own CPS available here: http://www.verisign.com/repository/crl.html http://www.geotrust.com/resources/repository/crls/ http://crl.thawte.com/

Cross-Certification

Procedure of issuance of a certificate by a CA (Certification Authority) to another Authority, not directly or indirectly affiliated with the issuing Authority. A cross-certificate is usually issued to simplify the building and verification of certification paths containing certificates issued by various CAs. GlobalSign ExtendedSSL certificate is cross signed for instance.

Digital ID

A Digital ID is by definition the digital representation of a subject. A Digital ID certificate will enable you to digitally sign your emails, files or components and ensure the end user that your files are legitimate. It will protect your brand and your intellectual property. More info on Digital IDs.

Digital Signature

A digital signature is completely electronic and replaces traditional paper and ink signatures. SSL247 Digital IDs like PDF signatures have the same legal value as your conventional signature on a paper contract. Digital signatures can sign email, sign PDF documents, sign code and sign Office documents.

DV SSL (Domain Validated SSL)

There are three types of SSL certificates, with differing validation methods. These are domain, organisation and extended validation certificates. This validation is the quickest and simplest type suitable for testing, internal or non-sensitive information. Compare SSL validation types.

EV SSL (Extended Validation SSL)

There are three types of SSL certificates, with differing validation methods. These are domain, organisation and extended validation certificates. EV gets the highest level of trust, as it shows the green bar of trust in your website proving the site has passed the most stringent tests of ownership. Compare EV with other types of validation.

Host Headers SSL

SSL Host Headers in Microsoft IIS 7.0 allow you to use one SSL certificate for multiple IIS websites on the same IP address.

HTTP

HTTP means HyperText Transfer Protocol - anything sent via http should be considered as 100% public and non-private as it can be understood, and modified in transit around the World Wide Web.

HTTPS

HTTPS means HyperText Transfer Protocol Secure. HTTPS connections use SSL and information sent via 128-bit SSL cannot be read, or modified in transit. Originally only used for payment transactions on the World Wide Web, all personal, medical, payment and sensitive information should be encrypted. It is good practice to secure everything your visitors send to and from your site, including basic info like their name and email address - when subscribing to a newsletter for instance.

Install SSL Certificate

Once your certificate is issued, you need to install it on your server in order to activate it.

IP Address

An internet protocol address is a numerical label for a domain. It is connected to a network that follows the Internet Protocol. You can only secure an IP in the form https://1x1.1x1.1x1.1x1 with GlobalSign OrganisationSSL for IP.