Glossary

Terms	Definition
ACME	Automatic Certificate Management Environment (ACME) protocol is a communications protocol for automating the certificate enrollment to the CA and provisioning the certificate on the requesting entity.
CAA Record	A Certificate Authority Authorization Record specifies which certificate authority is allowed to issue certificate for a domain. If a certificate has CAA record, it means only the CAs listed in the CAA record are allowed to issue a certificate for the domain. If there is no CAA Record, it means any CA can issue certificate for the domain.
Certificate authority (CA)	CA is an entity that verifies the identities of entities such as websites, email addresses, companies, or individuals and links them to cryptographic keys using digital certificates.
Certificate Authority (CA)	A certificate authority or certification authority is an entity that issues digital certificates. It certifies the ownership of the key pair belongs to the subject within the certificate.
Certificate enrollment	This is the process by which a user requests a digital certificate from a Certificate Authority (CA).
Certificate revocation	It is the way in which a certificate is invalidated or revoked before its expiration date. Revoked certificates are listed in the Certificate Revocation List (CRL) maintained by each certificate authority.
Certificate Revocation List (CRL)	Contains a list of digital certificates that have been revoked by the issuing certificate authority before their scheduled expiration date and should no longer be trusted.
Certificate Signing Request (CSR)	It is a message sent to a certificate authority to request a digital identity certificate.
EST	The Enrollment over Secure Transport or EST is a cryptographic protocol that describes an X. 509 certificate management protocol targeting public key infrastructure (PKI) clients that need to acquire client certificates and associated certificate authority (CA) certificates. EST is described in RFC 7030
Heart bleed	Heartbleed is a serious vulnerability in the OpenSSL cryptographic library (versions 1.0.1 to 1.0.1f) that allows attackers to access a server's or client's memory, potentially exposing sensitive data such as private keys, passwords, or session cookies. The flaw lies in OpenSSL's implementation of the TLS heartbeat extension, which an attacker can exploit to trick the server into returning chunks of memory that may contain confidential information.
Identity	The digital certificate can also be called a Digital ID or Identity for the subject to whom it is certified.
KMIP	The Key Management Interoperability Protocol is a communication standard protocol that defines message formats for the management of cryptographic keys on a key management server.
MDM	Mobile Device Management (MDM) is the administration of mobile devices, such as smart phones, tablet computers, and laptops.
PKI	A public key infrastructure (PKI) is a technology containing a set of roles, policies, and procedures needed to create, distribute, store and revoke digital certificates and manage public-key encryption.
POODLE	Padding Oracle on Downgraded Legacy Encryption (POODLE) is a vulnerability in the outdated SSL 3.0 protocol that allows a man-in-the-middle attacker to decrypt encrypted data, especially in browsers that fallback to SSL 3.0 for compatibility.
Private key	A private key is a secret key that is used to decrypt data and create digital signatures. It must be kept secret and never shared with anyone. The private key is used to authenticate the user and establish a secure connection with the server.
RA (Registration Authority)	It is an entity that verifies the identity of individuals or organizations requesting digital certificates from a CA to ensure only legitimate entities receive them.
ROCA	Return of Coppersmith's Attack (ROCA) is a vulnerability in the RSA key generation algorithm that allows an attacker to recover the private key from a public key, potentially compromising systems relying on the affected keys.
SCEP	Simple Certificate Enrollment Protocol (SCEP) is an IETF RFC. This enables network user to request their digital certificate electronically and as simply as possible. Supported by most of the network devices.
SSL/TLS Certificates	SSL refers to Secure Sockets Layer whereas TLS refers to Transport Layer Security. Both are cryptographic protocols providing secure data communication in a network.
URI	URIs uniquely identify a resource and can take the form of either a URL or a URN. A URL is a resolvable address that specifies where a resource is located on the internet. It typically starts with http:// or https:// (for example., https://example.com). URLs are commonly used to identify web services or endpoints in certificates. The same is also applicable for SFTP. A URN is a persistent, non-resolvable identifier that names a resource without indicating its location. It typically follows the format urn:<namespace>:<resource> (for example, urn:oid:1.2.3.4). URNs are used in environments where stable identifiers are needed, such as IoT or standards-based systems. To add multiple URIs, separate them with commas. Each entry will be added as a distinct SAN value in the certificate.
X.509 Digital Certificate	X.509 is a standard defining the format of public key certificates. An X. 509 certificate is using the widely accepted public key infrastructure (PKI) standard to verify that a public key belongs to the user, computer or service identity contained within the certificate.

ACME

Automatic Certificate Management Environment (ACME) protocol is a communications protocol for automating the certificate enrollment to the CA and provisioning the certificate on the requesting entity.

CAA Record

A Certificate Authority Authorization Record specifies which certificate authority is allowed to issue certificate for a domain. If a certificate has CAA record, it means only the CAs listed in the CAA record are allowed to issue a certificate for the domain. If there is no CAA Record, it means any CA can issue certificate for the domain.

Certificate authority (CA)

CA is an entity that verifies the identities of entities such as websites, email addresses, companies, or individuals and links them to cryptographic keys using digital certificates.

Certificate Authority (CA)

A certificate authority or certification authority is an entity that issues digital certificates. It certifies the ownership of the key pair belongs to the subject within the certificate.

Certificate enrollment

This is the process by which a user requests a digital certificate from a Certificate Authority (CA).

Certificate revocation

It is the way in which a certificate is invalidated or revoked before its expiration date. Revoked certificates are listed in the Certificate Revocation List (CRL) maintained by each certificate authority.

Certificate Revocation List (CRL)

Contains a list of digital certificates that have been revoked by the issuing certificate authority before their scheduled expiration date and should no longer be trusted.

Certificate Signing Request (CSR)

It is a message sent to a certificate authority to request a digital identity certificate.

EST

The Enrollment over Secure Transport or EST is a cryptographic protocol that describes an X. 509 certificate management protocol targeting public key infrastructure (PKI) clients that need to acquire client certificates and associated certificate authority (CA) certificates. EST is described in RFC 7030

Heart bleed

Heartbleed is a serious vulnerability in the OpenSSL cryptographic library (versions 1.0.1 to 1.0.1f) that allows attackers to access a server's or client's memory, potentially exposing sensitive data such as private keys, passwords, or session cookies.

The flaw lies in OpenSSL's implementation of the TLS heartbeat extension, which an attacker can exploit to trick the server into returning chunks of memory that may contain confidential information.

Identity

The digital certificate can also be called a Digital ID or Identity for the subject to whom it is certified.

KMIP

The Key Management Interoperability Protocol is a communication standard protocol that defines message formats for the management of cryptographic keys on a key management server.

MDM

Mobile Device Management (MDM) is the administration of mobile devices, such as smart phones, tablet computers, and laptops.

PKI

A public key infrastructure (PKI) is a technology containing a set of roles, policies, and procedures needed to create, distribute, store and revoke digital certificates and manage public-key encryption.

POODLE

Padding Oracle on Downgraded Legacy Encryption (POODLE) is a vulnerability in the outdated SSL 3.0 protocol that allows a man-in-the-middle attacker to decrypt encrypted data, especially in browsers that fallback to SSL 3.0 for compatibility.

Private key

A private key is a secret key that is used to decrypt data and create digital signatures. It must be kept secret and never shared with anyone. The private key is used to authenticate the user and establish a secure connection with the server.

RA (Registration Authority)

It is an entity that verifies the identity of individuals or organizations requesting digital certificates from a CA to ensure only legitimate entities receive them.

ROCA

Return of Coppersmith's Attack (ROCA) is a vulnerability in the RSA key generation algorithm that allows an attacker to recover the private key from a public key, potentially compromising systems relying on the affected keys.

SCEP

Simple Certificate Enrollment Protocol (SCEP) is an IETF RFC. This enables network user to request their digital certificate electronically and as simply as possible. Supported by most of the network devices.

SSL/TLS Certificates

SSL refers to Secure Sockets Layer whereas TLS refers to Transport Layer Security. Both are cryptographic protocols providing secure data communication in a network.

URI

URIs uniquely identify a resource and can take the form of either a URL or a URN.

A URL is a resolvable address that specifies where a resource is located on the internet. It typically starts with http:// or https:// (for example., https://example.com). URLs are commonly used to identify web services or endpoints in certificates. The same is also applicable for SFTP.

A URN is a persistent, non-resolvable identifier that names a resource without indicating its location. It typically follows the format urn:<namespace>:<resource> (for example, urn:oid:1.2.3.4). URNs are used in environments where stable identifiers are needed, such as IoT or standards-based systems. To add multiple URIs, separate them with commas. Each entry will be added as a distinct SAN value in the certificate.

X.509 Digital Certificate

X.509 is a standard defining the format of public key certificates. An X. 509 certificate is using the widely accepted public key infrastructure (PKI) standard to verify that a public key belongs to the user, computer or service identity contained within the certificate.