What is the difference between SSL and TLS?

SSL (Secure Sockets Layer) is the older protocol (versions 1.0, 2.0, 3.0) that was deprecated due to security vulnerabilities. TLS (Transport Layer Security) is the modern successor (TLS 1.2 and 1.3). "SSL certificate" is a colloquial misnomer — all modern certificates are actually used with TLS, but the term SSL stuck.

What is a CSR (Certificate Signing Request)?

A CSR is a message you create with your server's private key, containing the domain name and other identity information, that you submit to a CA. The CA verifies the information and signs the certificate with its private key. The CSR never leaves your control and the CA never sees your private key.

What is Let's Encrypt?

Let's Encrypt is a free, automated CA that issues domain-validated (DV) certificates. It uses the ACME protocol to automatically verify domain ownership and issue 90-day certificates. It has dramatically increased HTTPS adoption since its launch in 2016.

What is the difference between SSL and TLS?

SSL (Secure Sockets Layer) is the older protocol (versions 1.0, 2.0, 3.0) that was deprecated due to security vulnerabilities. TLS (Transport Layer Security) is the modern successor (TLS 1.2 and 1.3). "SSL certificate" is a colloquial misnomer — all modern certificates are actually used with TLS, but the term SSL stuck.

What is a CSR (Certificate Signing Request)?

A CSR is a message you create with your server's private key, containing the domain name and other identity information, that you submit to a CA. The CA verifies the information and signs the certificate with its private key. The CSR never leaves your control and the CA never sees your private key.

What is Let's Encrypt?

Let's Encrypt is a free, automated CA that issues domain-validated (DV) certificates. It uses the ACME protocol to automatically verify domain ownership and issue 90-day certificates. It has dramatically increased HTTPS adoption since its launch in 2016.

What is an SSL Certificate? — TLS Certificates Explained

Definition

An SSL/TLS certificate is a digital document issued by a trusted Certificate Authority (CA) that cryptographically binds a public key to an identity (typically a domain name or organization). When you visit an HTTPS site, the server presents its certificate and your browser verifies that it was signed by a trusted CA and that the domain name matches. This prevents man-in-the-middle attacks where an attacker intercepts your connection pretending to be the legitimate server.

How It Works

A certificate contains the domain name(s) it is valid for, the issuing CA, validity dates (not before/not after), the server's public key, and a digital signature from the CA. When a browser connects over TLS, the server sends its certificate. The browser checks: Is the certificate signed by a CA in its trust store? Has it expired? Does the domain match? If all checks pass, the browser uses the public key from the certificate to complete the TLS handshake and establish encrypted communication. The chain of trust goes from the server's leaf certificate, through intermediate CA certificates, up to a root CA that ships built into operating systems and browsers.

Common Use Cases

▸Enabling HTTPS on websites to encrypt data in transit
▸Authenticating the identity of a server to clients (browsers, API clients)
▸Code signing certificates to verify the publisher of downloaded software
▸Email (S/MIME) certificates for encrypting and signing email
▸Client certificates for mutual TLS (mTLS) authentication in zero-trust networks

Example

Certificate subject: CN=example.com
Subject Alt Names: example.com, www.example.com
Issuer: Let's Encrypt Authority X3
Valid: 2024-01-01 to 2024-04-01 (90 days)
Public Key: RSA 2048-bit
Signature Algorithm: SHA256withRSA
Fingerprint: AA:BB:CC:...

Related Tools

#SSL Certificate Decoder

Paste a PEM certificate and decode its subject, issuer, validity dates, SANs, and more.

#SSL Expiry Calculator

Find out how many days until an SSL certificate expires. Paste a PEM or enter a date.

#CSR Decoder

Paste a PEM CSR and decode its subject, public key algorithm, and signature algorithm.

#CSR Generator

Fill in your details and get a ready-to-run openssl command to generate a CSR and key.

#Certificate Fingerprint Calculator

Calculate SHA-1 and SHA-256 fingerprints of a PEM certificate in colon-separated hex.

FAQ

What is the difference between SSL and TLS?: SSL (Secure Sockets Layer) is the older protocol (versions 1.0, 2.0, 3.0) that was deprecated due to security vulnerabilities. TLS (Transport Layer Security) is the modern successor (TLS 1.2 and 1.3). "SSL certificate" is a colloquial misnomer — all modern certificates are actually used with TLS, but the term SSL stuck.
What is a CSR (Certificate Signing Request)?: A CSR is a message you create with your server's private key, containing the domain name and other identity information, that you submit to a CA. The CA verifies the information and signs the certificate with its private key. The CSR never leaves your control and the CA never sees your private key.
What is Let's Encrypt?: Let's Encrypt is a free, automated CA that issues domain-validated (DV) certificates. It uses the ACME protocol to automatically verify domain ownership and issue 90-day certificates. It has dramatically increased HTTPS adoption since its launch in 2016.

Related Terms

RSA Hash Function HTTP Headers