The Certification Authority. In this document it is used to describe the CA as described in Figure 4-1
The Registration Authority. In this document it is used to describe the RA as described in Figure 4-1
The front–end of the Registration Authority that interacts with the users. In this document its functionality is described at Figure 4-1
The positive identification of a network entity such as a server, a client, or a user. In SSL context the server and client Certificate verification process.
An unambiguous formula or set of rules for solving a problem in a finite number of steps. Algorithms for encryption are usually called Ciphers.
In cryptography, an electronic document binding some pieces of information together, such as a user's identity and public key. Certifying Authorities (CA's) provide certificates.
An entity that attests to the identity of a person or an organisation. A Certificate Authority might be an external company such as VeriSign that offers certificate services or they might be an internal organisation such as a corporate MIS department. The Certificate Authority's chief function is to verify the identity of entities and issue digital certificates attesting to that identity.
The acronym CA can be found in different variations.
Certification Authority (Used in this document and found in most documents)
Certifying Authority (Found in the RSA Security Crypto FAQ
Certificate Authority (Found in various documents)
An unsigned certificate for submission to a Certification Authority, which signs it with the Private Key of their CA Certificate. Once the CSR is signed, it becomes a real certificate.
An algorithm or system for data encryption. Examples are DES, IDEA, RC4, etc.
The result of the encryption of ciphertext, using a cipher.
A configuration command that controls one or more aspects of a program's behavior. In Apache context these are all the command names in the first column of the configuration files.
A binary format to encode certificates.
The encryption of a message digest with a private key.
An electronic record that mathematically links a document to a time and date.
Diminished in cryptographic strength (and security) in order to comply with the United States' Export Administration Regulations (EAR). Export–crippled cryptographic software is limited to a small key size, resulting in Ciphertext which usually can be decrypted by brute force.
Currently there is draft policy in the United States that provides substantial freedom to the availability of cryptographic software. This policy remains to be finalised and voted in order to become effective.
The unique name of a network entity, consisting of a hostname and a domain name that can resolve to an IP address. For example, www is a hostname, whatever.com is a domain name, and www.whatever.com is a fully–qualified domain name.
The HyperText Transport Protocol is the standard transmission protocol used on the World Wide Web.
The HyperText Transport Protocol (Secure), the standard encrypted communication mechanism on the World Wide Web. This is actually just HTTP over SSL.
LDAP is a specification for a client–server protocol to retrieve and manage directory information.
A hash of a message, which can be used to verify that the contents of the message have not been altered in transit.
OpenLDAP is an open–implementation of LDAP. It provides a stand–alone LDAP server, a stand–alone LDAP replication server, libraries implementing the LDAP protocol and other relevant software. For more information on OpenLDAP, see http://www.openldap.org/.
An open–source implementation of the SSL/TLS protocol. It is based on SSLeay. For more about OpenSSL, see http://www.openssl.org/.
The word or phrase that protects private key files. It prevents unauthorized users from encrypting them.
A text (ASCII) format that can be used to encode Certificates. It is essentially the Certificate in DER format that has been encoded with Base64 and had a header and footer added.
The text that will be encrypted. If we decrypt succesfully a ciphertext, the result is the plaintext.
The secret key in a Public Key Cryptography system, used to decrypt incoming messages and sign outgoing ones.
The publically available key in a Public Key Cryptography system, used to encrypt messages bound for its owner and to verify signatures made by its owner.
The study and application of asymmetric encryption systems, which use one key for encryption and another for decryption. A corresponding pair of such keys constitutes a key pair. Also called Asymmetric Cryptography.
A series of cryptographic standards dealing with public-key issues, published by RSA Laboratories.
A protocol created by Netscape Communications Corporation for general communication authentication and encryption over TCP/IP networks. The most popular usage is HTTPS, i.e. the HyperText Transfer Protocol (HTTP) over SSL.
The original SSL/TLS implementation library developed by Eric A. Young; see http://www.ssleay.org/. Now it has been renamed to OpenSSL; see OpenSSL.
The study and application of Ciphers that use a single secret key for both encryption and decryption operations.
The successor protocol to SSL, created by the Internet Engineering Task Force (IETF) for general communication authentication and encryption over TCP/IP networks. The current version, TLS version 1, is nearly identical with SSL version 3.
Another description for the Certification Authority that stresses that the keeper of the CA private key should be an organisation or an entity that has no interests or ties of any kind with the clients.
The formal identifier to locate various resources on the World Wide Web. The most popular URL scheme is http. SSL uses the scheme HTTPS.
An authentication certificate scheme recommended by the International Telecommunication Union (ITU–T) which is used for SSL/TLS authentication.