SSL Guide

This refers to the length of the key used. To obtain a 128 bit encryption, a 1024 bit key lenght is required, whereas to obtain a 256 bit encryption, a 2048 bit key length is required. To generate the CSR (Certificate Signing Request) the key length must be specified.

Digital certificates are provided by Certification Authorities. Companies such as Verisign, Thawte, GeoTrust, GlobalSign and RapidSSL are major listed Certification Authorities. Before issuing SSL certificates, CAs carry out thorough prerogative and security checks on applicant companies; the most important and serious certification authorities never entrust such checks to third-party companies but always carry them out themselves.

The certificate required by the root CA.

A file that certifies the identity of a party in a communication and is used to encrypt the data exchanged between the communicating parties and thus exchange data (information). In addition to ensuring that the data come from the intended source, it also guarantees their integrity: the data cannot be modified during transit.

This is the first half of the key pair – the other half is the public key. It is associated with the customer's SSL certificate. By creating a CSR, a private key is created at the same time: the latter must never be shared or made public, which is why it is defined as private.

This part of the key is the one that is publicly available and must be communicated to the other party involved in the encrypted communication.

Encryption is the process of transforming information using an algorithm: the data will be unreadable to anyone except those in possession of the corresponding key.

This is the first step when requesting an SSL certificate. The customer must create a Certificate Signing Request on the server and provide data about the website and their company.

There are three validation levels offered for SSL certificates: Domain Validated (DV), Organization Validated (OV) and Extended Validation (EV). EV validation represents the highest level of trust and, to obtain this type of validation, the company concerned must pass rigorous identity tests.

The SSL Handshake is performed at the start of the SSL session by creating the session's cryptographic parameters.

HTTP stands for HyperText Transfer Protocol - anything transmitted via http must be considered 100 per cent public, therefore the transmission can be intercepted, interpreted and possibly modified during transit.

HTTPS stands for HyperText Transfer Protocol Secure. HTTPS connections use SSL certificates: information sent using SSL certificates cannot be read or changed during transmission.

In a network connection, the port is represented by a number and it identifies in a virtual/logical way the data traffic of one connection, thus enabling it to be distinguished from that of another. The standard port for HTTPS (or HTTP over TLS/SSL) connections is 443.

The SSL proxy allows SSL protection even for applications that do not recognise these protocols.

If the certificate is revoked, the website will no longer be trustworthy and visitors will receive warnings from their browser that they are connected to an unsafe site. It may happen that a CA revokes a certificate, for instance in the case of misuse of the certificate or in the case of forged data.

The date after which the certificate will no longer be trusted and after which website users will receive unsafe site warnings from their browser. The expiry date is stated on the certificate.

A Wildcard SSL protects a web domain and all its subdomains. The validation procedure for a Wildcard SSL is the same as for single domain certificates.