Glossary

Certificate Authority

Certification Authority is an organization or company that validates entities' identities (individual, websites, business, or email addresses) and binds them to cryptographic keys through the electronic document issuances referred to as digital certificates.
A leading CA will:
  1. Be at the forefront of developing baseline standards
  2. Be actively involved with industry groups
  3. Offer resources regarding best practices, certificate management, and compliance

Certificate Transparency

Certificate Transparency works within the existing Certificate Authority infrastructure to provide post-issuance validation for the issuance of SSL Certificates.
Certificate transparency may prove useful in helping domain owners identity misissued certificates.
Certificate Transparency has two components
  1. CT logs
  2. Monitors
CT logs: maintain records of issued SSL Certificates with the entries which cannot be modified or deleted in any way.
Monitors: query CT logs and can download and store certificates for future reporting. Monitors will organize the certificates into subfields simplifying the query process for users. Read More 

Discovery and Automation

Certificate discovery is the process of identifying and reporting SSL/TLS certificates on your network using sensors. Sensors are small software applications responsible for finding SSL/TLS certificates installed in strategic locations on a particular network.
Discovery and Automation is a feature that identifies, monitors and automatically renews certificates installed across a network. Discovery and Automation give users complete control over their chosen security solutions.
Benefits of Discovery and Automation

Domain Validation Certificates

Domain Validated SSL certificates provide basic validation for companies. A DV certificate confirms that a business owner controls the domain in question. A few verification checks such as email verification and website registration information may be undertaken by the certificate authority (CA) to issue a DV certificate. DOMAIN VALIDATED CERTIFICATES (DV) 1-2 days to issue.

Elliptic Curve Cryptography (ECC)

Elliptic Curve Cryptography (ECC) is the latest encryption standard available. It promises more robust security, increased performance, a shorter key length. The shorter key lengths make ECC an ideal choice for devices with limited storage or resources. If we compare the RSA and DSA algorithms, a 256-bit ECC key is equal to a 3072-bit RSA key. Smaller key sizes require less computing 2power, meaning faster and secure connections. Read More 

Encryption

Encryption is the process of encoding information and ensuring only authorized users can read it. It establishes privacy, and secure data integration protecting confidential information from being exploited by potential threat actors.
Encryption is an essential requirement for securing business operations, and our experts can help you implement encryption today.

Extended Validation Certificates

Extended Validation SSL certificates represent the highest level of trust and authentication available in the industry. Organizations undergo a more rigorous verification process than that required for a DV or OV certificate. Therefore, organizations with an EV certificate are granted the highest trust level by customers and professionals industry-wide. EXTENDED VALIDATED CERTIFICATES (EV) 7-10 days to issue

Malware Scanning

Hackers exploit security weaknesses on your server to gain access to your website and install malicious code. Malware scanning allows users to regularly scan their devices, networks and websites for malware and remove it before any serious damage is caused. Read More 

MULTI-DOMAIN CERTIFICATE

Multi-Domain Certificates, also called SAN certificates, offer boundless flexibility and complete control over the Subject Alternative Name field. And now, any DigiCert certificate can be configured to allow multi-domain. These certificates are ideal for securing many names across different domains and subdomains. You also have the option to add, change, and delete any of the SANs on the fly to reflect the evolving needs of your network.

Organization Validation Certificates

Organization Validation SSL Certificates verify the identity of organizations and help to establish trust between companies and customers. An OV certificate issues a padlock on the website address bar communicating to customers that their information is secure for the duration of their visit. ORGANIZATION VALIDATED CERTIFICATES (OV) 3-4 days to issue.

Padlock

There are two elements to indicate that your site is encrypted with SSL Certificates.
Suppose an SSL certificate is installed on the server. In that case, the browser running the website will recognize the organization’s information stored in the SSL certificate and display the secured URL as https with a padlock.
One of the easiest ways to check the certificate details of a website is merely clicking the padlock on the address bar and then select “View Certificate.”

Payment Card Industry (PCI) Compliance

PCI compliance (Payments Card Industry) refers to adhering to a specific set of technical and operational rules and requirements mandated by card companies to ensure secure credit card transactions across the industry. When Credit/Debit card details are shared there is always a risk of the information falling into the wrong hands. Personal information can easily be intercepted without robust security protocols in place.
According to PCI DSS rules, card payments must be taken on web pages with HTTPS enabled. Installing an SSL certificate on your website will establish a secure tunnel between your web server and the customer’s device, ensuring the secure encrypted transmission of any shared data. All of our SSL/TLS certificates comply with PCI standards and offer the most robust encryption algorithms. Read More 

Public key Cryptography

Public key cryptography or public-key encryption is an encryption method that uses two separate keys. One is the public key, which is available for anyone to use. The other key is the private key which is known to the owner of the data. The data encrypted with the public key can only be decrypted and read with the private key and vice versa, making it a secure method to protect confidential data from authorized access and exploitation. Read More 

Quantum Cryptography

Quantum Cryptography is an evolution of cryptography (the art of writing and solving code) that utilizes quantum mechanics to perform cryptographic functions.
Principles of quantum mechanics

RSA

RSA is an algorithm for public-key cryptography. RSA works based on a public and private key. A public key is used to encrypt data before sending it to the server on which the certificate is located. Every user attempting to connect with the site is sent to the public key. The private key is used to decrypt the data encrypted by the public key. It is essential to ensure no one has access to your private key except you as the data owner. Read More 

Site Seal

A site seal is a visual indicator that lets your visitors know that your organization values online security and privacy. When a user clicks on a site seal, it displays your certificate details.
Site seal is a proven way to signal website security and boost transactions. The site seal code consists of two code parts: HTML AND JavaScript.

HTML Code

The HTML code ("div" container block) displays the DigiCert Site Seal on your web page. Paste the "div" portion of the code into your page code wherever you want the seal to appear on the web page.

JavaScript Code

The JavaScript code is used to make the site seal work (for example, the code makes the site seal appear on the page and styles the "div" container block). Paste the script portion of the page code anywhere on the page (for example, next to the "div" block).

Subdomain

Subdomains act as an extension of your domain name to help organize and navigate your website's different sections. You can also use a subdomain to send visitors to a completely different web address, like your social media page, or point to a specific IP address or directory within your account.
Example:
shop.sslsupportdesk.com
In this example, 'shop' is the subdomain, 'sslsupportdesk' is the primary domain, and '.com' is the top-level domain. You can use any name as your subdomain, but ensure it to be easy to remember.

UC/SAN Certificates

A Unified Communication Certificate (UCC) is a digital security certificate that allows various hostnames to be protected by a single certificate. UC certificates are also recognized as SAN certificates, multi-domain certificates, or Exchange certificates.
The Subject Alternative Name field lets you specify additional hostnames (sites, IP addresses, common names, etc.) to be protected by a single TLS/SSL certificate, such as a Multi-Domain (SAN) or Extended Validation Multi-Domain Certificate.
DigiCert multi-domain certificates come with unlimited reissues. So when needed, you can add SANS to your certificate. You can also change the common name, change the order of SANs, remove SANs, change SANs, and add SANs.

Validation process

Before CA can issue any certificate, the certificate order must first go through a validation process. For OV and EV TLS/SSL, Private SSL, Code Signing, and Document Signing certificate orders, the certificate's validation process includes organization validation and verifying the organization contact.
For certificates issued to a domain (TLS/SSL and some client certificates), the certificate order process includes domain validation.
To quicken the certificate issuance process, you'll want to submit your organizations and domains for pre-validation. Once you've completed pre-validation, future certificate issuance and renewals for those domains and organizations can be done almost immediately.

Vulnerability Assessments

Vulnerability Assessments identifies risks and vulnerabilities in computer networks, hardware, applications, systems, and other parts of the IT ecosystem. The information it provides helps analyze and prioritize potential security risks.
The scanning process involves four steps, vulnerability identification, analysis, risk assessment, and remediation. Once the initial scan is complete, a vulnerability assessment rescans your entire website to confirm that any identified vulnerabilities have been removed. Read More 

Wildcard Certificate

An SSL Wildcard certificate is a single certificate with a wildcard character (*) in the domain name field. This allows the certificate to secure multiple subdomain names (hosts) of the same base domain.
For example, a wildcard certificate for *.(domainname).com, could be used for www.(domainname).com, mail.(domainname).com, store.(domainname).com, in addition to any additional sub domain name in the (domainname).com.
SiteLock

Phishing

The practice of sending spam e-mails to attempt to deceive people into visiting a malicious site or providing personal information to an unintended recipient. This is not only through emails.
Phishing

Spam Verification

Spam scan will check 3rd party spam lists to make sure that the customers IP address is not reporting. If a website was found on one of these blacklists, all outgoing emails are likely to bypass the recipient’s inbox and go straight in to their spam folder until the IP is removed from the list.

Open-source platform

Refers to software that is provided free of charge for anyone to use. Many SiteLock customers use Open-Source Content Management Systems (CMS), such as:

Malware

Short for malicious software, malware is designed to harm or secretly access a website without the owner’s knowledge. Websites hosting or linking to malware or malicious sites will eventually be blacklisted by search engines (e.g. Google) and anti-virus tools, preventing them from being viewed by most customers.

SQL Injection

SQL Injection (pronounced “sequel” injection) is a technique often used to attack data driven applications. This is done by Including portions of SQL statements in an entry field in an attempt to get the website to pass a newly formed rogue SQL command to the database (e.g., dump the database contents to the attacker). SQL injection is a technique that exploits security vulnerabilities in an application's software.
SQL Injection

XSS

Cross-site scripting is a vulnerability of weak coding. XSS enables attackers to inject script into web pages viewed by other users (to modify the page’s appearance and/or behavior). A cross-site scripting vulnerability may be used by attackers to bypass access controls by gaining access to a visitor’s cookies or other personal data. XSS also allows a hacker to create a page content within an existing iframe. Cross-Site Scripting will usually lead to some type of phishing.

Backdoor File

This is a file that a hacker inserts into a website that behaves like a rogue control panel. It provides the ability to modify, delete or add content to a website. It is an entry point for a hacker to control the site.

Network scan

SiteLock's network scan checks the thousands of ports on a server to make sure only the appropriate ones are open for your server type.

Root Directory

In website file systems, the root directory is the first or top-most directory in a hierarchy. It can be likened to the root of a tree, the starting point where all branches originate. It would be like the C:\ drive on your personal computer.

IP address

An Internet Protocol address (IP address) is a numerical label assigned to each device (e.g., computer, printer) participating in a computer network that uses the Internet Protocol for communication.

Cloud Computing

The use of hardware and software that are delivered as a service over the Internet. This is how SiteLock distributes our scans

Expert Services (ES)

The act of providing a manual malware clean or vulnerability fix by our security engineers. ES will not repair any design damages done by a hacker.

Bandwidth

Bandwidth in the computing world refers to the amount of data that is transferred to and from a website or server that website is sitting on. Usually this is measured in BPS or bits per second.

Control Panel (Cpanel)

A customers Control Panel is where they manage everything for their hosting account. Collecting these logins allows SiteLock to clean websites as well as configure the (WAF) Web Application Firewall as long as the DNS records are managed here as well. Most of our customers use either CPanel, Parallels Plesk or V Deck.
Control Panel (Cpanel)

Index File

The index file is the file within a website that is in charge of displaying the initial page you see when a website is viewed. During some hack attempts this file is deleted or a new one with a higher order of precedence is uploaded and displayed.
index.html index.php5 default.html
index.htm index.php4 default.htm
index.shtml index.php index.php3
index.cgi home.html home.htm

Blacklisted

In the security industry this is as bad as it gets. When Google, Yahoo, Bing, etc. crawl a website for rankings but find malware they will blacklisted the site. This means that they will insert a header for the site when searched that says something along the lines of “WARNING: Visiting this site could harm your computer.” Would you visit that site? If the site is access directly there is usually a red screen that has a giant warning message like this one.
Blacklisted
Unlimited Reissues
Unlimited reissues
Technical-Support
Certified Technical Support
Basic to Premium Certificates
Basic to Premium Certificates
We Appreciate Your Feedback.
It only takes 30 Seconds
We are Social