Glossary of common terms

On this page you will find a glossary of basic terms, you might run into in connection with certificates and our services. If you cannot find any terms you require here, then please contact us and we will explain it and add it here.


Certificate Authority (CA) is an entity that issues digital certificates (electronically signed public key). The Authority confirms the authenticity of the data entered in the certificate prior to release. We offer a range of certificates from DigiCert , Thawte, GeoTrust and RapidSSL. These CAs are fully trusted, so their certificates do not pose any security warnings on your browser as self-signed certificates do.

If you do not know, which certificate authority to choose , use our TLS certificate Selection Guide.

The Common Name in the TLS certificate indicates the domain for which the certificate is issued. A Common name such as In Code Signing certificate for signing applications in the field of Common name given authenticated name of the organization for which the certificate.

Certificate Revocation List (CRL) is a list of certificates that have been revoked during the validity and are no longer credible. The reason for early termination is usually a compromised private key. Each Certificate authority publishes this list on its website and CRL is used to verify the validity of the certificate.

An Intermediate certificate is a certificate authority, which is necessary for full trust of your TLS certificate in browser. If the intermediate is not installed on a server, the browser will display a warning about the unknown issuer and security risks. Intermediate certificates are always sent with the client certificate. You do not have to look for it.

The TLS certificate is not bound to the IP address and the IP can be changed anytime. It's just a matter of DNS. Thanks to the SNI you do not need a separate IP adress for every single domain on your server.

If you need to secure multiple domains, we recommend SAN certificates, which allows you to secure up to 250 domains on one IP adress.

The issued certificate can only be used with the correct private key. The private key is created on the server during the development of the request for   a certificate (CSR, public key). This is the most important file that must not at any price leave the server to be compromised. With the private key, anyone can use your TLS certificate, so you may obtain the aim of attackers and hackers.

If you delete the private key or it is compromised, do not hesitate to contact customer support a free certificate to rebuild with a new pair of keys.

SAN stands for alternative name in a TLS certificate extending the validity of the certificate with other domain names. These names may not be related to the main domain (Common name) and can be an internal server names or private IP addresses. More about SAN certificates, refer to the separate page, which also contains examples of the use of SAN names.

SNI (Server Name Indication) is a method that allows using multiple domains and TLS certificates on one webserver with one IP address. With SNI the server is able to connect the client to the right server the client wants to see, and send them the correct TLS certificate for the correct domain. Without SNI support browser will receive random certificate and this will cause an error; the server does not know the customer's preference.

The SSL protocol was discontinuited, see a TLS protocol below.

When you establish a connection with the server with your browser through HTTPS protocol, it is necessary to arrange the details of communication, especially the depth and ciphersuite of encryption. This "dialog" is called "SSL/TLS handshake". In the end the server sends the TLS certificate to the customer and he can start to encrypt and transfer data. The connection is set.

TLS is a communication protocol which is replacing the old SSL protocol. Both protocols work similarly, but using the TLS protocol is more secure and still used; SSL protocols are depreciated.

The UC (Unified Communication) certificate is a synonymum for a SAN certificate. This name is used mainly by software manufacturers (Microsoft). The function is the same as a SAN certificate.

A public key (CSR) is required for issuing a TLS certificate. This public key (or CSR request) will be generated by the administrator of your website (or webhosting company) on the server where the domain for which the TLS certificate is issued is located. You can also create it in SSLmarket order or in order details.

For more information and how to generate a public key, see an article about the public key.

A Wildcard TLS Certificate allows you to secure all subdomains under one main domain. A Wildcard certificate contains the asterisk before the domain (eg. * and covers all subdomains on the asterisk place (subdomains of higher domain). Find more information about Wildcard certificates in Wildcard certificates section.

Read answers to frequently asked questions

In the FAQ section, our certified staff answer the most frequently asked questions about our SSLmarket system and TLS certificates in general.

Read answers

Has this article been useful?