SSL Glossary
- CSR / PKCS#10 / P10 / request
- This is the public portion of a keypair. It includes the public RSA key, plus some metadata about the final certificate. Once a
request is signed it becomes a certificate.
- CRT / certificate / PKCS#7
- This is a certificate, which means it is a
request which has been signed by a certificate authority. Like a request, it contains the public key of the key pair.
- PKCS#12 / P12
- A file format for storying an encrypted key, it's certificate, and optionally the certificate chain. Private key is required.
- key
- The private key of a keypair. While the word "key" can refer to either the private key or the public key, generally within X509 and SSL, key refers to the private key specifically.
- keypair
- A public and private key. The public key is usually in the form of a
request or certificate.
- certificate authority / CA
- An entity that signs
CSRs, thus making them into CRTs. Technically speaking, a CA is just a certificate used to sign CSRs. This CA certificate is generally trusted by all relevant parties. CAs are often, but not always, self-signed.
- certificate revocation list / CRL
- This is a list of
certificates that have been revoked by a CA. It must be signed by the CA to be valid.
- CRL distribution point
- This is the URI where a
CRL can be retrieve. Should not be protected by SSL
- self-signed / root certificate
- A
certificate whose signer is itself.