Home

TLSSSLsertifikater

TLS/SSL certificates are digital credentials that bind a public key to a domain name or organization, enabling encrypted communication and server authentication during network connections. They form a key part of the public key infrastructure that underpins secure web traffic and other encrypted channels.

During a TLS handshake, the server presents its certificate to the client. The client validates the certificate

Common certificate types include Domain Validation (DV), Organization Validation (OV), and Extended Validation (EV), with DV

Issuance and management are handled by trusted certificate authorities (CAs) within a public key infrastructure (PKI).

Security considerations include protecting private keys, employing current TLS versions (1.2 and 1.3) and strong ciphers,

against
a
trusted
store
of
certificate
authorities,
checks
that
it
is
currently
valid,
verifies
the
domain
names
it
covers,
and
confirms
it
has
not
been
revoked.
If
the
certificate
passes
these
checks,
a
secure
session
key
is
established
to
encrypt
subsequent
data.
being
the
simplest
to
issue.
Certificates
can
be
single-domain,
wildcard
(covering
subdomains
of
a
domain),
or
multi-domain
(Subject
Alternative
Name).
They
are
widely
used
for
HTTPS,
and
also
appear
in
email
security
(S/MIME),
code
signing,
and
client
authentication.
A
certificate
signing
request
(CSR)
is
generated
with
a
private
key,
the
CA
signs
the
certificate,
and
it
carries
an
expiration
date.
Certificates
are
renewed
periodically.
Automation
via
protocols
like
ACME
(used
by
Let’s
Encrypt)
has
increased
automatic
provisioning
and
renewal.
Self-signed
certificates
exist
for
testing
but
are
not
trusted
by
default
in
browsers.
and
using
revocation
mechanisms
(OCSP/CRLs)
to
respond
to
compromised
certificates.