What is SSL?

• Stands for “Secure Sockets Layer”
• A cryptographic protocol designed to provide communications security over a computer network
• SSL is obsolete and replaced by TLS

What is TLS?

• Stands for “Transport Layer Security”
• A cryptographic protocol designed to provide communications security over a computer network
• TLS is new name of older SSL protocol and uses modern encryption standards
• TLS is the successor of the (deprecated) SSL and builds on the earlier SSL specifications

TLS vs SSL

• Both are transport protocols but SSL is obsolete and TLS is new name of older SSL protocol
• Technically, TLS is more accurate, but everyone knows SSL

TLS certificate vs SSL certificate

• Although, SSL is replaced by TLS, calling the certificate name with either “SSL certificate” or “TLS certificate” is ok
• Both “SSL certificate” and “TLS certificate” essentially mean the same thing:
• They’re both X.509 digital certificates that help to authenticate the server and facilitate the handshake process to create a secure connection
• The name doesn’t matter much because a certificate isn’t the same thing as the protocol. Whatever you call them, what matters is the protocol that it operates on and these protocols are determined by your server configuration, not by the digital certificates

Related Concepts

Digital Certificate

• A digital certificate certifies the ownership of a public key by the named subject of the certificate
• An electronic document used to prove the ownership of a public key
• Digital Certificate includes:
  • information about the key
  • information about the identity of its owner (called the subject)
  • the digital signature of an entity that has verified the certificate’s contents (called the issuer)

Certificate Authority (CA)

• An entity that issues digital certificates
• A certificate authority is a trusted organization that issues digital certificates for websites and other entities
• CA issues TLS/SSL certificates that are trusted by web browsers

Certificate Signing Request (CSR)

• CSR is an encoded message that contains a public key and other relevant information such as a common name, locality and SAN entries (if applicable)
• Information within CSR is used by CA to verify and create certificate

ACME

• Stands for “Automatic Certificate Management Environment”
• A communications protocol for automating interactions between certificate authorities and their users’ web servers
• The protocol is based on passing JSON-formatted messages over HTTPS
• FYI, Let’s Encrypt is an ACME based certificate services
• https://en.wikipedia.org/wiki/Automated_Certificate_Management_Environment

Public Key Private Key Encryption

[TBD]

How Does TLS Work?

[TBD]

Links

• https://sectigostore.com/blog/ssl-vs-tls-decoding-the-difference-between-ssl-and-tls/
• https://www.ssl2buy.com/wiki/ssl-vs-tls
• https://en.wikipedia.org/wiki/Transport_Layer_Security
• https://www.ssl.com/faqs/what-is-a-certificate-authority/
• https://www.ssl.com/faqs/what-is-a-csr/