Transport Layer Security/Secure Sockets Layer (TLS/SSL) certificates. These certificates are the core of transport layer security (TLS) protocol, which is an updated version of SSL. These digital files contain a public encryption key that is used to validate server identity and a digital signature to ensure the integrity and the source of data and other information transmitted online. These certificates facilitate the exchange of encryption keys between web servers and browsers, which enable a secured connection.
The chain of trust, trust path or trust chain is a sequence of certificates that a web browser must traverse to verify that a particular website is authentic and, therefore, secure. A chain of trust typically includes a root certificate, an intermediate certificate and a leaf certificate.
There are multiple types of TLS/SSL certificates:
While less common than server certificates, client certificates authenticate the identity of the user who wants to connect to a TLS service, rather than a device seeking a connection.
Email certificate. Secure/Multipurpose Internet Mail Extensions (S/MIME) is a standard for sending encrypted email. RSA security created it to resolve the problem of sending encrypted email without the need to exchange a public key. It is commonly used within an organization that has its own CA.
EMV certificate. EMV payment cards have an embedded microchip containing a card issuer certificate. The embedded microchip enables the EMV payment card to generate a unique code for each transaction. EMV stands for Europay, MasterCard and Visa, the organizations that constitute the certificate authority.
Code-signing certificate. Code-signing certificates are used in software development and IT operations to digitally sign the software or firmware of an application or device. This provides recipients with assurance about who created the code and the integrity of the code.
Root certificate. A root certificate is a digital certificate that is used to sign other digital certificates. It is sometimes referred to as a trust anchor because it is at the top of a hierarchy of digital certificates that are used to verify other digital certificates. The hierarchy starts with a root certificate, which is the highest level of certificate. The root certificate is verified by a second-level certificate, which is verified by a third-level certificate, and so on.
Intermediate certificate. The intermediate certificate is used to sign other certificates and is best used as a bridge between a root CA and a subordinate CA. An intermediate certificate is used to sign end-user certificates that a website or a local server uses. The root certificates verify the identity of the intermediate certificate, which in turn verifies the end-user certificates.
Leaf certificate. A leaf certificate, or an end entity, is the endpoint for the signing and encrypting of data and cannot be used to sign other certificates. These include TLS/SSL, email and code-signing certificates.
Self-signed certificate. A self-signed certificate is a certificate that is signed by the same entity to whom it is assigned. Most certificates can be self-signed and are verified by their own public key. They are not signed by a CA, which means they might be perceived as less trustworthy.