What is an SSL/TLS Certificate?
SSL (Secure Sockets Layer) and TLS (Transport Layer Security) certificates are digital certificates that authenticate a website's identity and enable encrypted connections. When a certificate is installed on a web server, it activates the padlock and the HTTPS protocol, allowing secure connections from a web server to a browser.
Key Certificate Details to Check
- Issuer — The Certificate Authority (CA) that issued the certificate (e.g., Let's Encrypt, DigiCert, Sectigo).
- Validity Period — The date range during which the certificate is considered valid. Certificates issued after September 2021 typically have a maximum validity of 397 days.
- Subject — The domain or entity the certificate was issued to.
- Subject Alternative Names (SANs) — Additional domains covered by the same certificate (e.g., a certificate for example.com might also cover www.example.com).
- Certificate Chain — The trust path from the server certificate through intermediate CAs to the root CA.
Common SSL/TLS Issues
- Expired Certificate — The certificate is no longer valid. Renew immediately.
- Hostname Mismatch — The certificate was issued for a different domain name.
- Self-Signed Certificate — Not trusted by browsers by default; used for testing.
- Mixed Content — HTTPS page loading HTTP resources (images, scripts, stylesheets).
- Weak Cipher Suites — Outdated encryption algorithms that are vulnerable to attacks.