Glossary

Terms	Definition
ACME	Automatic Certificate Management Environment (ACME) protocol is a communications protocol for automating the certificate enrollment to the CA and provisioning the certificate on the requesting entity.
Certificate Authority (CA)	A certificate authority or certification authority is an entity that issues digital certificates. It certifies the ownership of the key pair belongs to the subject within the certificate.
CAA Record	A Certificate Authority Authorization Record specifies which certificate authority is allowed to issue certificate for a domain. If a certificate has CAA record, it means only the CAs listed in the CAA record are allowed to issue a certificate for the domain. If there is no CAA Record, it means any CA can issue certificate for the domain.
X.509 Digital Certificate	X.509 is a standard defining the format of public key certificates. An X. 509 certificate is using the widely accepted public key infrastructure (PKI) standard to verify that a public key belongs to the user, computer or service identity contained within the certificate.
Identity	The digital certificate can also be called a Digital ID or Identity for the subject to whom it is certified.
PKI	A public key infrastructure (PKI) is a technology containing a set of roles, policies, and procedures needed to create, distribute, store and revoke digital certificates and manage public-key encryption.
KMIP	The Key Management Interoperability Protocol is a communication standard protocol that defines message formats for the management of cryptographic keys on a key management server.
MDM	Mobile Device Management (MDM) is the administration of mobile devices, such as smart phones, tablet computers, and laptops.
EST	The Enrollment over Secure Transport or EST is a cryptographic protocol that describes an X. 509 certificate management protocol targeting public key infrastructure (PKI) clients that need to acquire client certificates and associated certificate authority (CA) certificates. EST is described in RFC 7030
SCEP	Simple Certificate Enrollment Protocol (SCEP) is an IETF RFC. This enables network user to request their digital certificate electronically and as simply as possible. Supported by most of the network devices.
SSL/TLS Certificates	SSL refers to Secure Sockets Layer whereas TLS refers to Transport Layer Security. Both are cryptographic protocols providing secure data communication in a network.
Certificate authority (CA)	CA is an entity that verifies the identities of entities such as websites, email addresses, companies, or individuals and links them to cryptographic keys using digital certificates.
Certificate enrollment	This is the process by which a user requests a digital certificate from a Certificate Authority (CA).
Certificate revocation	It is the way in which a certificate is invalidated or revoked before its expiration date. Revoked certificates are listed in the Certificate Revocation List (CRL) maintained by each certificate authority.
Certificate Revocation List (CRL)	Contains a list of digital certificates that have been revoked by the issuing certificate authority before their scheduled expiration date and should no longer be trusted.
Certificate Signing Request (CSR)	It is a message sent to a certificate authority to request a digital identity certificate.
Private key	A private key is a secret key that is used to decrypt data and create digital signatures. It must be kept secret and never shared with anyone. The private key is used to authenticate the user and establish a secure connection with the server.
RA (Registration Authority)	It is an entity that verifies the identity of individuals or organizations requesting digital certificates from a CA to ensure only legitimate entities receive them.

ACME

Automatic Certificate Management Environment (ACME) protocol is a communications protocol for automating the certificate enrollment to the CA and provisioning the certificate on the requesting entity.

Certificate Authority (CA)

A certificate authority or certification authority is an entity that issues digital certificates. It certifies the ownership of the key pair belongs to the subject within the certificate.

CAA Record

A Certificate Authority Authorization Record specifies which certificate authority is allowed to issue certificate for a domain. If a certificate has CAA record, it means only the CAs listed in the CAA record are allowed to issue a certificate for the domain. If there is no CAA Record, it means any CA can issue certificate for the domain.

X.509 Digital Certificate

X.509 is a standard defining the format of public key certificates. An X. 509 certificate is using the widely accepted public key infrastructure (PKI) standard to verify that a public key belongs to the user, computer or service identity contained within the certificate.

Identity

The digital certificate can also be called a Digital ID or Identity for the subject to whom it is certified.

PKI

A public key infrastructure (PKI) is a technology containing a set of roles, policies, and procedures needed to create, distribute, store and revoke digital certificates and manage public-key encryption.

KMIP

The Key Management Interoperability Protocol is a communication standard protocol that defines message formats for the management of cryptographic keys on a key management server.

MDM

Mobile Device Management (MDM) is the administration of mobile devices, such as smart phones, tablet computers, and laptops.

EST

The Enrollment over Secure Transport or EST is a cryptographic protocol that describes an X. 509 certificate management protocol targeting public key infrastructure (PKI) clients that need to acquire client certificates and associated certificate authority (CA) certificates. EST is described in RFC 7030

SCEP

Simple Certificate Enrollment Protocol (SCEP) is an IETF RFC. This enables network user to request their digital certificate electronically and as simply as possible. Supported by most of the network devices.

SSL/TLS Certificates

SSL refers to Secure Sockets Layer whereas TLS refers to Transport Layer Security. Both are cryptographic protocols providing secure data communication in a network.

Certificate authority (CA)

CA is an entity that verifies the identities of entities such as websites, email addresses, companies, or individuals and links them to cryptographic keys using digital certificates.

Certificate enrollment

This is the process by which a user requests a digital certificate from a Certificate Authority (CA).

Certificate revocation

It is the way in which a certificate is invalidated or revoked before its expiration date. Revoked certificates are listed in the Certificate Revocation List (CRL) maintained by each certificate authority.

Certificate Revocation List (CRL)

Contains a list of digital certificates that have been revoked by the issuing certificate authority before their scheduled expiration date and should no longer be trusted.

Certificate Signing Request (CSR)

It is a message sent to a certificate authority to request a digital identity certificate.

Private key

A private key is a secret key that is used to decrypt data and create digital signatures. It must be kept secret and never shared with anyone. The private key is used to authenticate the user and establish a secure connection with the server.

RA (Registration Authority)

It is an entity that verifies the identity of individuals or organizations requesting digital certificates from a CA to ensure only legitimate entities receive them.