Updating internet explorer security certificates

The term 'SSL certificate' has persisted, and will likely persist for the foreseable future, because given the choice of saying 'SSL' or 'X.509' the former tends to roll off the tongue more comfortably.

Doubtless a linguistic expert could wax lyrical over the S sound versus the X sound.

Since the demise of Netscape the SSL specifications will not be updated further.

It is thus a dead standard, (dead as in a dead parrot) and indeed RFC 7568 has finally deprecated SSL v3.

It is now officially a dead parrot and must not be used henceforth by order of the great and good (and, in this case, the eminently sensible).

The IETF standardized Transport Layer Security (TLS) Version 1, a minor variation of SSL, in RFC 2246, Version 1.1 in RFC 4346 and Version 1.2 in RFC 5246.

We started doing this a long, long time ago when RFCs were maintained in some strange places, occasionally moved location, and performance and reliability of the repositories was very variable (being generous). The IETF, like IANA, have solid web sites with excellent performance and continually improving features.In addition, a number of extensions are defined in RFC 3546 when TLS is used in bandwidth constrained systems such as wireless networks, RFC6066 defines a number of TLS extensions carried in an extended client hello format (introduced with TLS 1.2), RFC6961 defines a method for reducing traffic when a client requests the server to supply certificate status information.And RFC 7935 now defines what happens to TLS (and DTLS) when used in the Io T (Internet of Things or Thingies as we, in our iconoclastic way, prefer).Bad news: If you self-sign your certificates nobody but you and your close family (perhaps) may trust them.But before you shell out all that filthy lucre for a bright, shiny new X.509 (SSL) certificate or the even more expensive EV SSL (X.509) certificate you might want to know what they do and how they do it.In the case of HTTPS the well-known port number is 443, in the case of IMAPS - port 993, POP3S - port 995 etc..The next level of description requires some familiarity with the terms MAC (Message Authentication Code), Secure hashes, symmetric and asymmetric cryptographic algorithms.For we, mere mortals, its chief merit may be that it's shorter (3 versus 4 syllables).The current guide includes SSL, TLS, some detail about X.509 and its usage as well as some explanation about certificate types, including EV certificates, and the trust process.When a secure connection is initially established it will, depending on the implementation, negotiate support of the particular protocol from the set SSLv3, TLSv1, TLSv1.1 or TLSv1.2.Such is the pervasive power of the name SSL that in most cases what is called SSL is most likely using TLS - for instance Open SSL supports both SSL (v3) and TLS (TLSv1, TLSv1.1 and TLSv1.2) protocols.

Updating internet explorer security certificates