The world is becoming more and more digital. That means that we need to keep up with the latest trends in cybersecurity. One of those trends is SSL Terminology – a glossary of terms related to SSL Certificates and encryption technologies. In this blog post, I will provide you with an overview of some common terminology so you can better understand what it all means!
Certificate Authority (CA)
A certificate authority (CA) creates certificates that are used for authenticating devices or people within a company or organization’s network. A CA ensures that each device or person has been authenticated before issuing them a certificate, which they then distribute to other entities on the same network. CAs also issue server certificates that authenticate servers on the network. The certificate authority is also known as a public key infrastructure (PKI).
CA software can be either hardware-based in order to provide complete physical security of keys and sensitive data; this type of product would typically store private cryptographic material offsite with strict access controls preventing unauthorized access from the internet. Alternatively, software-based CA products store private keys and certificates on the device itself with strong encryption to protect data from theft or loss; some may employ tamper resistance hardware such as a secure processor combined with secured storage media like a smart card.
Common Name (CN)
The common name is the individual’s or company/organization’s legal name. This term should not be confused with a domain, which is the name of a company or organization on the internet.
Certificate Revocation List (CRL)
A Certificate Revocation List is a list of certificates that have been revoked by their issuer due to key compromise, misuse, or end-of-life. The CRL contains information about each certificate such as its serial number and revocation reason code so that clients can validate whether they should accept it when connecting with other devices.
A CA will publish an updated CRL after issuing new revocations; this means that any consumers who are connected to the same network as the CA would need to be able to update automatically in order for them not to reject all connections from unknown entities. If there was no way for them to know if someone has been revoked, then they would not be able to do business.
An intermediate certificate is a type of digital security that can only authenticate other certificates. It cannot validate whether the device or person it has been issued to is who they say they are; this responsibility still falls on the CA’s shoulders.
However, an intermediate certificate does allow devices and people to connect with one another without having to have their own separate SSL Certificate.
In order for them to work together securely using TLS protocols, both parties need a valid chain of trust starting from their respective root certificates – in most cases, these will be located within each party’s browser configuration settings which should include information about how long before expiry those chains are valid for.
An IP address is a numerical system that allows devices to communicate with one another on an internet network – its format resembles a set of four blocks of numbers separated by dots, which loosely corresponds to geographical location (known as geolocation) for the device using it; these can either work behind NATs or have direct access to other networks like WiFi hotspots and cellular data connections.
This is an open source certificate authority which was established in order to help any company or person better secure their website and data as well as keep it safe from eavesdroppers.
They offer a free type of service that offers up the same types of protection you would be able to find elsewhere at a premium cost; this includes things like Domain Validation, Extended Validation, Organization Validated certificates – so they have something for everyone who wants increased security on their end.
A private key is what allows someone to digitally sign any given data; this signature can be used in order to identify it as coming from that person, for example when they want another individual or company/organization (i.e. their client) to know who sent them something and why – in essence, whoever owns the private SSL Certificate’s corresponding public certificate would need it in order for anyone else on the internet to verify its legitimacy by checking if there are no errors with how they have signed an incoming message.
Private keys should never ever leave secure devices like smart cards because doing so could potentially result in compromising all of your digital certificates at once due to malware and other malicious programs.
A root certificate is a digital security which has been issued by the CA; it can be used in order to sign any data with its own private key and then provide an intermediate, or subordinate, SSL Certificate for someone else to use when they want their device or person validated.
You would need this type of service if you wanted anyone on the internet to verify your identity without having access to something like a public PGP keyring – for example, if you’re selling products online via CSR’s e-commerce store but do not have direct access to one of our API endpoints. Organizations that are interested in offering certificates as part of their product offerings should make sure they understand how CAs work before choosing them.
TLS or Transport Layer Security is a type of digital security protocol that allows for encryption between two parties; this can be done most easily by using either an encrypted message format like PGP/GPG, OpenSSL’s secure socket layer.
TLS has many benefits over SSL because it provides better assurance when sending messages to other users who might not have been granted the same level of trustworthiness as them before – after all, if they were able to verify their identity with you through something like RSA keys (known as public key cryptography), then why would you want your data sent in plain text?
This type of service also helps avoid any potential vulnerabilities associated with how someone encrypts and stores sensitive information on their device or computer – for example, if it was ever stolen or confiscated by a third party.
Subject Alternative Name (SAN)
A SAN certificate will have multiple names in it that can be used to identify a person, company, or organization.
For example, if you wanted one of these types of digital security certificates for the purpose of protecting your email address and website domain name at the same time – then all you would need is one private key but two public keys which are issued by different Certificate Authorities (CAs).
One type should point to your e-mail address while another points towards your website’s URL.
Server Name Indication (SNI)
This type of TLS/SSL protocol was designed as an extension on top of SSL; this allows for encryption between two parties using either an encrypted message format like PGP/GPG or OpenSSL’s secure socket layer. It also helps avoid any potential vulnerabilities associated with how someone encrypts and stores sensitive information on their device or computer – for example, if it was ever stolen or confiscated by a third party.
Unified Communication (UC) multi-domain TLS certificate
A UC certificate is a synonym for the same thing as an SAN. This name is used mainly by software manufacturers like Microsoft, who may use it to refer to this function of their products.
There is no single type of UC Certificate because they’re different for each company; however, these certificates are often used in order to help provide companies with the right types of digital security service which best suits what they want from them.
This might include things like protecting both an individual and website domain when it comes to e-mail access as well as sending encrypted messages back and forth that can be accessed through either POP/IMAP or SMTP servers without having to worry about the receiver’s encryption method.
Public Key (CSR) request
This is a process that an organization or person might use in order to build up their own certificate which will be used for TLS/SSL purposes; it goes through three main steps – one of them being where they create a Certificate Signing Request with doesn’t have any private key information attached to it, and then send this over to a CA so that company can sign the CSR using its own private keys before passing everything back again. It should only take around ten minutes if all communication works as planned, but there are situations where much more time could need be spent on building up these types of certificates depending on what type you’re requesting.
Wildcard (“*”) certificate
This is a type of digital security service which can be used in order to either protect an entire domain or just one email address; it’s made possible by the use of SSL/TLS protocol.
A Wildcard certificate is a special type of SSL that covers all subdomains under the asterisk. For example, *.mywebsite.com would cover any website with *subdomain* such as shop*.mywebsite.com or blog*.mywebsite.com.