Skip to content
SSL/TLS glossary
- SSL certificate
- A digital document binding a public key to a domain identity, enabling HTTPS encryption.
- TLS (Transport Layer Security)
- The modern protocol that succeeded SSL, used to encrypt traffic between browsers and servers.
- HTTPS
- HTTP secured with TLS. Browsers require a valid certificate to establish an encrypted connection.
- Certificate Authority (CA)
- A trusted organization that issues and signs SSL certificates. See also top issuers.
- SAN (Subject Alternative Name)
- Additional domain names covered by a single certificate, such as
www.example.com and api.example.com.
- CSR (Certificate Signing Request)
- A block of encoded text sent to a CA to apply for a certificate. Use our CSR generator.
- Self-signed certificate
- A certificate signed by its own key, useful for testing but not trusted by browsers. Generate one with our self-signed tool.
- Certificate expiry
- The date after which a certificate is no longer valid and browsers show security warnings. Check expiry dates or browse sites expiring soon.
- OCSP (Online Certificate Status Protocol)
- A real-time protocol for checking whether a certificate has been revoked before its expiry date.
- Certificate chain
- The ordered list of certificates from the server cert through intermediate CAs to a trusted root CA.
- Intermediate certificate
- A CA certificate that signs end-entity certificates and is itself signed by a root CA.
- Root certificate
- A self-signed CA certificate pre-installed in browsers and operating systems as a trust anchor.
- Let's Encrypt
- A free, automated CA widely used for issuing short-lived DV certificates for public websites.
- X.509
- The standard format for public-key certificates used in TLS, defining fields like subject, issuer, and validity period.
- PEM format
- Base64-encoded text format for certificates and keys, delimited by
BEGIN/END markers. Decode PEM certificates in your browser.
- Private key
- The secret key paired with a certificate's public key. Must be kept confidential and never shared.
- Certificate revocation
- The process of invalidating a certificate before expiry, typically via OCSP or CRL distribution.
- Wildcard certificate
- A certificate covering all subdomains of a domain, e.g.
*.example.com.
