This is the second in our series of insights that seek to explore and simplify the topic of SSL (and TLS) in web application hosting.
In our previous insight, we looked at the basics of SSL/TLS with analogy and top-level terminology; in this insight, we’ll expand on some of the many elements that make up SSL certificates and their differences.
Elements of an SSL Certificate
A digital certificate that authenticates a website’s identity and enables an encrypted connection, helping to secure data transfer between a server and a client.
Certificate Signing Request (CSR)
A block of encoded text containing information like organisation name and domain is submitted to a Certificate Authority to apply for an SSL certificate.
A secret cryptographic key is used with a public key to encrypt and decrypt data, ensuring secure communication and authentication in various internet protocols.
Common Name (CN)
A component of the SSL certificate specifies the domain name to which the certificate is issued, serving as a critical identifier of the certificate’s subject.
Certificate Authority (CA)
An entity that issues digital certificates, such as SSL/TLS certificates, to organisations or individuals, verifying their identities and enabling secure communication.
A top-level digital certificate issued by a trusted certificate authority forms the basis of a trust chain.
The trusted root issues a subordinate certificate specifically to issue end-entity certificates. It acts as a middleman between the trust of the root certificate and the end-entity (or leaf) certificate.
Subject Alternative Name (SAN)
A field in SSL/TLS certificates that allows multiple domain names to be protected by a single certificate, accommodating different hostnames or IP addresses.
Secures not only a primary domain but an unlimited number of its subdomains with a single certificate, using an asterisk as part of the domain name (e.g., *.example.com).
Extended Validation (EV) Certificate
Provides the highest level of SSL certificate validation, requiring thorough verification of the requesting entity’s legal and operational existence, enhancing trust and security.
Domain Validation (DV) Certificate
A type of SSL certificate where the Certificate Authority checks the right of the applicant to use a specific domain name, with less stringent verification compared to EV and OV certificates.
Organization Validation (OV) Certificate
A type of SSL certificate where the issuing authority validates the organisation’s identity and authenticity, providing a higher level of security assurance than DV certificates.
Certificate Revocation List (CRL)
A list of digital certificates revoked by the issuing Certificate Authority before their scheduled expiration, usually due to compromise or loss of private keys.
More in the Simplifying SSL/TLS series
- SSL Basics – What is SSL?
- SSL Certificate Terminology
- EV vs DV vs OV vs FREE SSL Certificates
- Certificate Authorities and The Signing Process
- TLS and Versions
- Web Server Headers
- Mixed Content Warning
- Testing & Tools
Pipe Ten Hosting Ltd is A leading web hosting company within the UK that has provided a wide range of web hosting and online infrastructure management services to its members since 2002. They are ISO/IEC 27001 certified, having achieved the internationally recognised accreditation for Information Security Management.