SSL/TLS cryptography is often confusing, and this is sometimes compounded by the acronyms and terms used. This quick glossary should help with the most commonly referenced terms and acronyms.
CA (Certificate Authority)
This is the organization which validates a domain owner to provide trust to end users visiting that domain's services. Common CAs include companies such as Comodo and Symantec.
SSL (Secure Sockets Layer)
This is a deprecated cryptographic protocol which is no longer considered secure, and so typically not used, but many people still use the term SSL to refer to TLS.
TLS (Transport Layer Security)
This is the modern cryptographic protocol used to provide secure communications over a network.
CRT (Short-form of Certificate)
This is an electronic document that can be signed by a trusted source, such as a Certificate Authority, to provide trust. It shows that a domain or organization has been validated, and ensures that an encrypted connection belongs to that entity.
Private Key
This is a digital document which should remain secret. Data sent from browsers viewing your website is encrypted using your certificate, which is in turn decrypted at your website using this key. These comprise two uniquely related cryptographic keys.
CSR (Certificate Signing Request)
This is an electronic document used by a Certificate Authority to create a secure signed certificate for a domain or set of domains.
CA Bundle
This is a group of certificates provided by a Certificate Authority, and used by web browsers or other client software to establish the chain of trust between a certificate and the CA which signed it.
DV (Domain Validation)
This is a type of certificate where the CA checks the right of the applicant to use a specific domain name. No company identity information is vetted and no information is displayed other than encryption information within the Secure Site Seal.
OV (Organization Validation)
This is a type of certificate where the CA checks the right of the applicant to use a specific domain name PLUS it conducts some vetting of the organization. Additional vetted company information is displayed to customers when clicking on the Secure Site Seal, giving enhanced visibility in who is behind the site and associated enhanced trust.
EV (Extended Validation)
This is a type of certificate where the CA checks the right of the applicant to use a specific domain name PLUS it conducts a THOROUGH vetting of the organization. Additional vetted company information is displayed to customers when clicking on the Secure Site Seal, and supported browsers display a green address bar, giving enhanced visibility in who is behind the site and associated enhanced trust.
Wildcard Certificates
A wildcard certificate is able to secure all possible Fully Qualified Domain Names at level three or higher. A wildcard is typically denoted with an asterisk like so - *.domain.com. Wildcards are often a cost effective way of securing many possible subdomains at a greatly reduced cost with the added benefit of simpler manageability.
SAN (Subject Alternative Name)
The most basic certificates protect a single Fully Qualified Domain Name (FQDN), however, some certificates can be extended to include additional domain names as well. The benefit to this is that it is often easier and less expensive to manage a single certificate that covers all of your domain names instead of many certificates for individual domain names.
FQDN (Fully Qualified Domain Name)
An FQDN, or a Fully Qualified Domain Name, is written with the hostname and the domain name, including the top-level domain, in that order: [hostname].[domain].[tld]. It will include all levels relevant, so if there are forth and fifth levels, etc., they will also be included. Example: my.favourite.fqdn.ourdomain.com.
