The term SSL certificate has been used for the purposes of marketing since the creation of the digital certificates. SSL just like TLS are actually protocols that utilize a digital certificates keypair.
A digital certificate keypair by itself is nothing more than a place holder of 2048 bits or greater and is needed in order to perform encryption and validation. A protocol is the actual function of encryption that initializes that keypair to start encryption, such as the TLS or SSL Protocols. These protocols are set up and chosen on the server side by a server admin. Since TLS or SSL are protocol functions on the server and not pertaining to the digital certificate’s keypair it is uncertain why the industry calls Digital Certificates as SSL Certificates because of this principle. All SSL protocols that were all available are now perceived as a vulnerable protocol leaving only TLS until something better eventually comes up.
Because of the SSL marketing gimmick around the industry, and lack of secure SSL protocols there is now a fountain of confusions flying around. Here are some examples:
“Since SSL Versions are vulnerable to Poodle attack. Is it possible to consider TLS 1.2 instead of SSL certificate?”
“We need to upgrade our SSL certificate to TLS 1.2”
A standard digital certificate can use both TLS and SSL because they are actually both protocols that are configured on the server. There is no such thing as an SSL certificate that will only work for the SSL protocol or a TLS certificate that will only work for the TLS protocol.
Remember, that a digital certificate keypair is essentially just a bit place holder for encryption. All mainstream digital certificates are essentially TLS/SSL because of the protocols that can use it.Add to favorites