Today 256-Bit SSL is the most secure encryption available for SSL connections. It delivers an extended layer of security for users’ data and sensitive information. Compared to 128-Bit SSL, 256-Bit SSL has a larger encryption key size, which makes it harder to crack. Users’ private data such as name, number, email address, location, sensitive passwords, financial & social credentials can be secured with 256-bit SSL encryption.
Whether it is a DDoS Attack, brute-force attack, phishing attack, or any other attack, websites using 256-bit SSL encryption will be suitably protected. Leading web browsers, operating systems and mobile OS support 256-bit SSL encryption, so your users will be safe no matter how they connect to your website.
In the context of SSL, authentication, also known as server authentication, is a security feature that establishes the identity of a webserver.
SSL Certificates are issued following strict industry-wide guidelines. These guidelines describe appropriate ways to confirm ownership of a webserver.
Web browsers and other client devices that use SSL to securely communicate rely on accurate authentication. Without authentication it would be possible to send data to the wrong server - possibly putting it in the hands of a malicious user.
SSL Certificate security must be genuine and verifiable. In SSL Internet security and network security, it is imperative that authenticity is not assumed.
A technology developed by Microsoft that makes it possible to identify who published a piece of software and to verify that it has not been tampered with. Code Signing certificates can support Authenticode and allow you to sign your executables.
Giving access or other rights to a user, process or program that has been authorized.
A file that attests to the identity of an organization or web browser user and is used to verify that data being exchanged over a network is from the intended source. The certificate is digitally signed either by a Certificate Authority or is self-signed. There are CA certificates, client CA certificates, client certificates, and server certificates.
The complete assessment of the technical and nontechnical security functions of a system and other safeguards that are made for the accreditation process, which establishes the degree to which a particular plan and implementation meet a certain set of security conditions.
Certification Authority (CA)
A third party organization which is used to confirm the relationship between a party to the HTTPS transaction and that party's public key. Certification authorities may be widely known and trusted institutions for internet based transactions. Though where HTTPS is used on a company’s internal networks, an internal department within the company may fulfill the role of a CA.
CPS (Certification Practice Statement)
CPS is short for Certification Practice Statement. The CPS is a document published by a Certification Authority and outlines the practices and policies employed by the organization in issuing, managing and revoking digital certificates.
CRL (Certificate Revocation List)
CRL is short for Certificate Revocation List. The CRL is a digitally signed data file containing details of each digital certificate that has been revoked. Revoked certificates are no longer suitable for use due to compromise or other security issues. A CRL can be downloaded and installed into a user's browser and ensures that the browser will not trust a revoked digital certificate. Most browsers automatically retrieve and process CRLs behind the scenes to maintain security.
CSR (Certificate Signing Request)
CSR is short for Certificate Signing Request. When applying for an SSL certificate the first step is to create a CSR on your web server. This involves telling your web server some details about your site and your organization; it will then output a CSR file. This file will be needed when you apply for your SSL certificate. Instructions on how to create a CSR with all popular web server software are available here.
A digital signature (not to be confused with a digital certificate) is electronic. It can be used with any kind of message, whether it is encrypted or not, so that the receiver can be sure of the sender's identity and that the message arrived intact.
A digital certificate is an electronic certificate file which contains a digital signature. SSL Certificates are a type of digital certificate. SSL certificates contain the digital signature of the Certificate Authority (CA) that issued it. CAs are companies authorized to create SSL certificates. Browsers can check an SSL certificate’s digital signature to verify that the certificate is real.
Additional benefits to the use of a digital signature are that it is easily transportable, cannot be easily repudiated, cannot be imitated by someone else, and can be automatically time-stamped.
Digital Signature Algorithm (DSA)
An algorithm for producing digital signatures, developed by NIST and the NSA. To sign a message. For example, say Jean uses the DSA Sign Algorithm to encode a digest of the message using her private key. For all practical purposes, there is no way to decrypt this information. However, anyone who receives the message and accompanying digital signature can verify the signature by using the DSA Verify Algorithm to process the following information: the received signature; a digest of the received message; and Jean’s public key. If the output of this algorithm matches a certain part of the digital signature, the signature is valid and the message has not changed. In contrast to RSA and other encryption-based signature algorithms, DSA has no ability to encrypt or decrypt information.
Digital Signature Standard (DSS)
A National Institute of Standards and Technology (NIST) standard for digital signatures, used to authenticate both a message and the signer. DSS has a security level comparable to RSA (Rivest-Shamir-Adleman) cryptography, having 1,024-bit keys.
Quite simply, the act of selling over the internet. This can either be Business to Business (B2B) or Business to Consumer (B2C).
Encryption is the process of changing readable data (also referred to as "plaintext") into a form that can be read only by the intended receiver. To decipher the message, the receiver of the encrypted data must have the proper decryption key. In traditional encryption schemes, the sender and the receiver use the same key to encrypt and decrypt data – this is a type of encryption known as symmetric encryption.
SSL uses a more advanced form of encryption called Public-Key encryption. In Public-key systems, there are two keys: a public key, which anyone may use, and a corresponding private key, which is possessed only by the person who created it – which in this case is the webserver’s administrator. With this method, anyone may send a message encrypted with the owner's public key, but only the owner has the private key necessary to decrypt it. This allows secure encryption over the Internet. Public-key encryption is a type of encryption called asymmetric encryption because different keys are used for encryption and decryption.
A secured system passing and inspecting traffic via an internal trusted secure server network and an external secure server network that is untrusted, like the Internet. Firewalls can be used to discover, prevent, or mitigate certain kinds of secure server network attacks. This provides Internet security and online security.
Host Headers SSL
Host headers are used by IIS as a means of serving multiple websites using the same IP address. As an SSL certificate requires a dedicated IP address host headers cannot be used with SSL. When the SSL protocol takes place the host header information is also encrypted - as a result the web server does not know which website to connect to. This is why a dedicated IP address per website must be used.
HTTP is the protocol used to send data between webservers and browsers. HTTP is not a secure protocol, meaning it does not use encryption or any other method to protect the data it handles.
HTTPS is an improvement over the HTTP protocol which includes SSL. HTTPS is secure because it leverages the encryption and authentication benefits of SSL. Browsers can connect to web servers over HTTP and over HTTPS. You know which protocol you are using by looking at the address bar of your browser. You will see the URL start with either "http://" or "https://".
IIS (Internet Information Services)
IIS is short for Internet Information Services and is Microsoft's popular web server software. IIS is distributed with most versions of Windows Server. You can configure SSL through IIS.
A protected/private character string which is applied to authenticate an identity, which gives secure authentication and secure SSL authentication, sometimes with digital signatures and digital certificates like 256-bit SSL digital certificates. Passwords are for a user's online security or authorization security. Working together are certs and secure email with SSL certificates, all terms related to online security.
Similar to "protocol" in human communication which involves a previously agreed upon set of rules for communicating in diplomatic settings. On the Internet, a protocol is an agreed upon method for sending and receiving information.
The SSL Key, also known as a Private Key, is the secret key associated with your SSL certificate and should reside securely on your web server. When you create a CSR your web server will also create an SSL Key. When your SSL certificate has been issued, you will need to install the SSL certificate onto your web server - which effectively marries the SSL certificate to the SSL key. As the SSL key is only ever used by the web server it is a means of proving that the web server can legitimately use the SSL certificate.
If you do not have, or lose either the SSL Key or the SSL certificate then you will no longer be able to use SSL on your web server.
An encryption key contained in an SSL Certificate. The public key is used by the "client" in the connection, which is usually a web browser, to encrypt data and send it to the server. The server then decrypts the data with its private key.
Public keys, as the name suggest, are not sensitive. Every device that connects to a webserver and downloads its SSL certificate receives a copy of its public key.
An SSL certificate issued from Certificate Authority (CA). These certificates are distributed to millions of computers so that they can successfully use SSL certificates from those CAs. Devices such as desktops, laptops, smartphones, and printers contain Root Certificates.
SSL (Secure Sockets Layer)
SSL is short for Secure Sockets Layer. It enables secure, encrypted communication over the Internet. SSL is the most widely supported protocol for in-transit security over the web and is supported by every widely-used webserver. SSL is also supported by all popular web browsers such as Google Chrome, Mozilla Firefox, Microsoft Edge, Internet Explorer, Apple Safari, mobile browsers on iOS and Android, and many more.
An SSL certificate is required if you want to use SSL on your webserver and support secure communications. SSL encrypts the data sent between a browser and web server (and vice versa). Browsers indicate an SSL secured session by displaying "HTTPS" in the address bar and displaying a green padlock. Website visitors can click on the padlock to view the SSL certificate. The SSL protocol is designed by the IETF, an independent Internet standards organization.
The Private Key is sometimes referred to as the SSL Key. Your server must have a Private Key to function properly and you should always keep it secure and not share it with outside parties. With this key your secure communications can be decrypted. See Private Key for more
The SSL handshake is the term given to the process of the browser and web server setting up an SSL session. The SSL handshake involves the browser receiving the SSL certificate and then sending "challenge" data to the web server in order to cryptographically prove whether the web server holds the SSL key associated with the SSL certificate. If the cryptographic challenge is successful then the SSL handshake has completed and the web server will hold an SSL session with the web browser. During an SSL session the data transmitted between the web server and web browser will be encrypted. The SSL handshake takes only a fraction of a second to complete.
SSL Port / HTTPS Port
A port is the "logical connection place" where a browser will connect to a web server. The SSL port or the HTTPS port is the port that you would assign on your web server for SSL traffic. The industry standard is port 443 - most networks and firewalls expect port 443 to be used for SSL. However it is possible to name other SSL ports/HTTPS ports to be used if necessary. Many servers support configuring your network traffic over any port you choose, however, you shouldn’t deviate from industry standards without good reason.
The standard port used for non-secure HTTP traffic is 80.
SSL Proxy allows non-SSL aware applications to be secured by SSL. The SSL Proxy will add SSL support by being plugged into the connection between the browser (or client) and the web server.
SSL Accelerators are hardware devices that can improve network speed.
Ordinarily the SSL handshake and subsequent encryption of data between a browser and the web server is handled by the web server itself. However for high demand sites, the amount of traffic being served over SSL could be too much for the web server. For such sites an SSL Accelerator can help improve the number of concurrent connections and speed of the SSL handshake. SSL Accelerators offer the same support for SSL as web servers.
Shared SSL refers to the practice of using the same certificate for multiple, unrelated sites or hostnames. These sites are all listed as authorized domain names in the same certificate, effectively "sharing" it. This is a common practice for hosting companies, who use shared certificates to reduce costs and logistic complexity of managing many individual certificates. Shared SSL certificates use the same private key, so usually servers using this configuration do not have direct access to the private key.
Wildcard SSL Certificates
Wildcard Certificates are a type of SSL certificate that allow a unique functionality: the use of a "wildcard" character – indicated by an asterisk – which covers all possible hostnames. This type of certificate is useful where you have a large number of Sub-Domains or are frequently adding/changing Sub-Domains.
For instance, "*.website.com" will secure any Sub-Domain where the "*" is located. Such as, "login.website.com" or "intranet.website.com." However, this functionality does not extend to any other location in the domain name, so "staging.login.website.com" or "website.net" would not be secured with that certificate.
TLS (Transport Layer Security)
TLS is short for Transport Layer Security. The TLS protocol was designed to succeed the SSL protocol. Think of TLS as the "sequel" to SSL. Both use the same certificates and most servers can support both protocols.
In the context on SSL, verification is a procedure that confirms a request for an SSL certificate is coming from a person who has control over the requested domain name. CAs performs verification before issuing out any SSL certificates.