SSL/TLS Certificate
An SSL/TLS certificate is a digital file that cryptographically verifies a website's identity and enables encrypted HTTPS connections between a server and its visitors, protecting data in transit from interception or tampering.
Definition
An SSL/TLS certificate is a digital file that cryptographically verifies a website's identity and enables encrypted HTTPS connections between a server and its visitors, protecting data in transit from interception or tampering.
Overview
Although the term "SSL certificate" is still used colloquially, the underlying protocol has been TLS (Transport Layer Security) for years — SSL was TLS's predecessor and is now considered insecure and deprecated, but the certificate terminology stuck. A TLS certificate is issued by a Certificate Authority (CA) after verifying some level of control over a domain (or, for more rigorous certificate types, the legal identity of an organization), and it contains a public key, the domain(s) it covers, an expiration date, and a digital signature from the issuing CA that browsers can verify against a trusted root store. When a browser connects to a site over HTTPS, a TLS handshake takes place: the server presents its certificate, the browser verifies the CA's signature and checks the certificate hasn't expired or been revoked, and the two sides negotiate a shared encryption key used to secure all subsequent traffic. This process protects against eavesdropping and man-in-the-middle attacks, and it's also what lets a browser show the padlock icon confirming a connection is secure. Certificate types range from domain-validated (DV, the fastest and most automated), to organization-validated (OV), to extended-validation (EV), which requires the most rigorous identity checks. The rise of free, automated certificate authorities like Let's Encrypt, combined with tools that handle renewal automatically, has made HTTPS effectively free and standard for virtually every website — browsers now actively flag plain HTTP sites as "not secure," and HTTPS is both a ranking factor for SEO and a prerequisite for modern web APIs like Service Workers, which refuse to run over unencrypted connections. TLS certificates are typically provisioned automatically by Content Delivery Network (CDN)s and hosting platforms today, though understanding the underlying handshake and certificate chain remains important for diagnosing connection errors and configuring custom domains correctly.
Key Concepts
- Cryptographically verifies a server's identity to visiting browsers
- Enables encrypted HTTPS connections via a TLS handshake
- Issued by a Certificate Authority after domain or identity verification
- Certificate types: domain-validated, organization-validated, extended-validation
- Has an expiration date and requires periodic renewal
- Widely automated today via services like Let's Encrypt