SSL/TLS Certificate

Security

Definition

A digital document that binds a cryptographic key pair to an organization or domain, enabling encrypted HTTPS connections. Issued by Certificate Authorities (CAs) like Let's Encrypt, it proves a website's identity to browsers.

What a Certificate Contains

A digital certificate is an X.509-formatted document that binds a public key to an identity. It contains the subject's domain name or organization, the issuing Certificate Authority (CA), a validity period, the public key itself, and a digital signature from the CA. When a browser connects to a website over HTTPSHTTP Secure. The encrypted version of HTTP that uses TLS to protect data in transit between a browser and a web server. Identified by the padlock icon in browsers and the https:// URL scheme., it receives the server's certificate and verifies the CA signature to confirm the site's identity.

Certificates are issued at different validation levels: Domain Validation (DV) verifies domain ownership only; Organization Validation (OV) includes verified company details; Extended Validation (EV) requires rigorous identity checks and historically triggered a green address bar in browsers.

Certificate Chains and Trust

Browsers trust a set of Root CAs pre-installed by the OS or browser vendor. Most certificates are not signed directly by a Root CA — they are signed by an Intermediate CA, which is itself signed by the Root. This chain of trust means that if any link in the chain is compromised, all certificates beneath it are suspect.

Certificate Transparency (CT) logs provide a public, append-only record of every issued certificate. Browsers increasingly require certificates to appear in CT logs, making it impossible for CAs to issue rogue certificates without public visibility.

Checking Your Certificate

Use SSL Certificate Checker to inspect any domain's certificate chain, expiry date, and configuration. Expired or misconfigured certificates cause browser warnings that drive away visitors. Automated renewal through Let's Encrypt has made certificate management largely transparent for most operators. SSL/TLSSecure Sockets Layer / Transport Layer Security. Cryptographic protocols that provide encrypted, authenticated communication over a network. SSL is deprecated; modern implementations use TLS 1.2 or TLS 1.3. protocols depend on valid certificates to establish encrypted sessions.

Related Terms

More in Security