Online security is a complex world. Threats are pervasive and persistent, making it harder to keep sensitive data secure. SSL certificates provide a layer of protection for data travelling across the web. Most people are aware of them as a solution for securing sensitive personal information and to secure online credit card transactions, but there’s more to SSL certificates. This glossary explores what SSL certificates are, why they are important, and how they work.
What is an SSL Certificate?
An SSL certificate provides an encryption key to allow the transfer of data from one point to another securely. Using secure socket layer encryption, SSL certificates prevent sensitive data from being read by anyone that is not authorized to view the secured data.
What is SSL?
SSL or Secure Sockets Layer is an encryption Internet security protocol. It was first introduced to the world in 1995 by Netscape and used to secure data transfer but also offer authentication and data integrity. Together, these features make it possible for the recipient of secure data to trust and access it.
What is TLS?
TLS or Transport Layer Security is a cryptographic protocol that offers end-to-end security and was designed to replace the SSL protocol. TLS is considered a more secure protocol for the transfer of data and can be used to secure email, file transfer, video and audio conferencing, instant messaging, and VOIP applications.
What is an ECC SSL Certificate?
ECC SSL certificates are a newer, more secure, type of SSL certificate that also offers faster verification. They use ECC or elliptical curve cryptography algorithms and cryptographic keys. In fact, smaller ECC keys offer stronger encryption than larger RSA keys.
How do SSL certificates work?
SSL certificates provide authentication and encryption for data transferred between two points. For example, when a user needs to share confidential personal information such as credit card numbers, they enter a secure session which is indicated by the presence of a small padlock icon in their browser’s address bar.
Before data can be transmitted securely, the user’s browser and the webserver have to be able to confirm that they are both trusted. This is referred to as the SSL handshake.
When the user enters their sensitive personal information and clicks on a button to submit them, the data is encrypted using a public key. When the encrypted data is received by the server, it is then decrypted using the private key. This process takes place instantly and is referred to as the SSL handshake. The SSL handshake includes the authentication process, where the SSL certificate is verified along with the certificate authority which issued the certificate.
What is a Private Key
A private key is a cryptographic key generated and stored on the server that will be accessed by users or other applications. It decrypts data that has been encrypted by the public key.
What is a Public Key
A public key is a cryptographic key that is provided by a web server. Public keys are available to anyone and are used to encrypt data transferred to a server, where a private key will decrypt the data.
What is a Certificate Authority or CA?
A certificate authority or CA, is an organization that validates the identities of entities to be able to issue digital certificates. In the case of SSL certificates, CAs validate websites, email addresses, and companies using trusted third-party databases to be able to issue cryptographic keys.
What types of digital certificates are there?
There are three types of SSL certificates. They are distinguished by the levels of authentication performed by a Certification Authority before they can be issued. These certificates include:
- Domain Validation SSL Certificates
Domain Validated SSL (DV SSL) Certificates, also known as “DV certificates”, are considered the least trusted types of certificates as anyone can purchase or own a domain (cybercriminals included). They confirm domain ownership. Domain ownership is validated through a WHOIS lookup that is often performed automatically after a domain validated certificate is enrolled for.
- Organization Validation SSL Certificates
Organization Validation SSL (OV SSL) Certificates, also known as “OV certificates”, require authentication of the business entity purchasing the certificate in addition to ownership of the domain name. This means that you must have a registered business in your country. OVSSL certificates include the name of the organization to which they are issued.
- Extended Validation SSL Certificates
Extended Validation SSL (EV SSL) Certificates, also known as “EV certificates”, are considered the most trusted SSL certificates available today. To receive one, you must have a registered business that has operated for at least three years. If your business is younger, it must not be in bankruptcy or liquidation. You also need to prove domain name ownership.
- Multi-domain or Subject Alternate Domain SSL Certificates
Multi-domain or Subject Alternate Domain SSL Certificates are organization validated certificates that can secure an unlimited number of domains that all belong to the same organization. For example, you can secure www.domain.com, www.domainONE.com, www.domainTWO.com, and so on.
- Wildcard SSL Certificates
A wildcard SSL certificate secures an unlimited number of hostnames tied to a single domain name. For example, a wildcard can secure www.domain.com, demo.domain.com, staging.domain.com, and more. Wildcard certificates are organization-validated certificates.
- Securely and Automatically Discovery and Map your Hybrid Infrastructure
Create interactive, real-time, detailed maps of your entire IT ecosystem, from VMware and cloud to physical servers with Faddom.