Sticky Banner Visual Mobile 3

Spring deal: Get a free upgrade for 3 months on annual offers.

Spring deal: Free upgrade on annual offers. Claim now!

Claim Now!
  • Glossary
  • What is a security certificate? | ExpressVPN Glossary

Expressvpn Glossary

Security certificate

Security certificate

What is a security certificate?

A security certificate is a digital credential that authenticates the identity of a website, server, or service. It’s used to establish trust and support secure communication between clients, such as browsers or applications, and the systems they connect to.

How does a security certificate work?

When a browser connects to a secure website, the site presents its security certificate, which contains identity information and a public cryptographic key. The browser verifies the certificate by checking that it was issued and digitally signed by a trusted Certificate Authority (CA) and that it matches the website’s address.

If these checks succeed, the browser and server use the certificate to establish encrypted communication, protecting data from interception or tampering. If the certificate is missing, expired, or issued by an untrusted authority, the browser displays a warning indicating that the connection may not be secure.How a security certificate enables HTTPS

Types of security certificates

Security certificates are grouped into three main categories.

First, certificates differ by how they verify identity, which determines the level of trust a user can place in the entity behind a certificate:

  • Domain Validation (DV) certificates: Verify control of a domain name only.
  • Organization Validation (OV) certificates: Confirm the identity of the organization behind the domain.
  • Extended Validation (EV) certificates: Use enhanced checks to verify organizational identity.

They can also be grouped by scope, or how many domains a single certificate secures:

  • Single-domain certificates: Secure one specific domain.
  • Multi-domain certificates: Secure multiple domains with one certificate.
  • Wildcard certificates: Secure a domain and all its subdomains.
  • Unified Communications Certificates (UCCs): A multi-domain certificate commonly used for email and enterprise systems.

Finally, certificates can be categorized by purpose or use case, which defines what they authenticate or protect:

  • Server certificates: Authenticate websites and servers to users.
  • Client certificates: Authenticate users or devices to servers.
  • Root and intermediate certificates: Form the trust chain that lets browsers and operating systems verify certificates.
  • Special-purpose certificates: Used for specific functions like code signing or email encryption.

Why is a security certificate important?

A security certificate allows systems to verify that they are communicating with the intended party and protects the data exchanged between them. By enabling identity verification before any sensitive information is sent, certificates help ensure that users connect to the real server and not an impostor, which can reduce the risk of impersonation and man-in-the-middle (MITM) attacks.

Once trust is established, the certificate also plays a role in enabling encrypted communication so that data remains private and integral while in transit between a client and a server. This protection is fundamental to safeguarding login credentials, payment details, and other sensitive information on the internet.

Risks and privacy concerns

Security certificates are designed to protect communication, but failures in how they are issued, configured, or maintained can create security and privacy risks. If a certificate is expired, misconfigured, or not properly validated, users may unknowingly connect to an impersonated or compromised service, exposing sensitive data to interception or manipulation. Improper certificate management can also lead to service outages or browser warnings that undermine user trust.

Further reading

FAQ

What’s the difference between SSL and TLS certificates?

Secure Sockets Layer (SSL) and Transport Layer Security (TLS) certificates are both server certificates. SSL is an outdated protocol, while TLS is its modern, more secure replacement; the certificate itself functions the same in both cases. In practice, when people refer to an “SSL certificate” today, they’re typically referring to a TLS certificate, since TLS is the protocol modern systems actually use.

How can I check if a certificate is valid?

Browsers automatically check certificates during the secure connection process. Users can view details like issuer, expiration date, and domain by clicking the padlock icon in the address bar.

What do DV, OV, and EV mean?

DV (Domain Verification), OV (Organization Verification), and EV (Extended Validation) refer to validation levels, indicating how much identity checking a Certificate Authority (CA) performs before issuing a certificate.

What causes “certificate not trusted” warnings?

These warnings appear when a browser can’t verify the certificate trust chain, such as when a certificate is expired, misconfigured, self-signed, or issued by an untrusted authority.
Get Started