Introduction

If you’ve ever visited a website using HTTPS, connected securely to an API, or configured TLS for an application, you’ve relied on a digital certificate. Certificates are a foundational component of modern internet security, helping establish trust between systems and ensuring that data remains private while in transit.

In this article, we’ll explore what a certificate is, why it’s important, and break down the key components that make up a digital certificate.

What Is a Digital Certificate?

A digital certificate is an electronic document that proves the identity of a website, server, application, or device. Think of it as a digital passport that allows systems to verify they are communicating with the correct entity.

Certificates are commonly used for:

• Securing websites with HTTPS
• Encrypting API traffic
• Authenticating servers and applications
• Securing email communications
• Authenticating users and devices

Without certificates, anyone could pretend to be your bank, email provider, or favorite website.

What Problem Do Certificates Solve?

When your browser connects to a website, it needs answers to two important questions:

1. Am I talking to the real server?
2. Can my communication be encrypted so nobody can read it?

Certificates help answer both questions.

During a TLS handshake, the server presents its certificate to the client. The client validates the certificate and, if trusted, establishes an encrypted connection.

This process enables:

• Authentication
• Encryption
• Integrity

Together, these principles form the foundation of secure communications on the internet.

The Major Components of a Certificate

A certificate contains several important pieces of information.

1. Subject

The subject identifies who the certificate belongs to.

Examples:

CN=www.example.com

or

CN=api.company.com

The subject represents the identity being authenticated.

2. Subject Alternative Name (SAN)

Modern certificates use SANs to define all valid hostnames.

Example:

www.example.com
example.com
api.example.com

A certificate can secure multiple domains using SAN entries.

Wildcard certificates also use SANs:

*.example.com

This allows the certificate to secure many subdomains.

3. Public Key

Every certificate contains a public key.

This key is shared openly and is used during encryption and authentication processes.

The public key works together with a corresponding private key.

Example algorithms:

• RSA
• ECDSA
• Ed25519

The public key can be distributed safely.

4. Private Key

The private key is not stored inside the certificate.

Instead, it is securely stored on the server or device.

The private key:

• Proves ownership of the certificate
• Decrypts information intended for the server
• Signs data during the TLS handshake

If a private key is compromised, the certificate should be revoked and replaced immediately.

5. Issuer

The issuer identifies the Certificate Authority (CA) that created and signed the certificate.

Examples include:

• DigiCert
• Sectigo
• Let’s Encrypt
• GlobalSign

The issuer acts as a trusted third party that verifies identities before issuing certificates.

6. Serial Number

Each certificate contains a unique serial number assigned by the Certificate Authority.

Example:

03:A4:8F:72:11:BC

The serial number uniquely identifies the certificate and is often used during troubleshooting and revocation checks.

7. Validity Period

Certificates have expiration dates.

They contain:

• Not Before
• Not After

Example:

Valid From:
January 1, 2026
Valid To:
January 1, 2027

Modern public certificates are intentionally short-lived to improve security.

8. Signature Algorithm

The Certificate Authority digitally signs the certificate.

Examples:

• SHA256withRSA
• ECDSA-SHA384

The signature proves that the certificate was issued by a trusted authority and has not been modified.

9. Key Usage

This field defines what the certificate is allowed to do.

Examples:

• Digital Signature
• Key Encipherment
• Certificate Signing
• Client Authentication
• Server Authentication

These restrictions help prevent misuse.

10. Certificate Chain

Certificates rarely stand alone.

A typical chain includes:

Root CA
    ↓
Intermediate CA
    ↓
Server Certificate

Root Certificate

The ultimate trust anchor.

Operating systems and browsers maintain a trusted root certificate store.

Intermediate Certificate

Used to issue end-user certificates while protecting the root certificate.

Server Certificate

The certificate presented by the application or website.

The client validates the entire chain before trusting the connection.

How Certificates Work During HTTPS

When a browser visits a secure website:

1. Browser connects to the server.
2. Server presents its certificate.
3. Browser validates:
   • Certificate chain
   • Hostname
   • Expiration date
   • Digital signature
4. Browser and server negotiate encryption keys.
5. Secure communication begins.

This entire process typically happens in milliseconds.

Common Certificate File Types

You may encounter several certificate formats:

Support engineers frequently work with these files when installing or troubleshooting certificates.

Common Certificate Issues

Some of the most common certificate-related problems include:

Expired Certificates

The certificate’s validity period has ended.

Hostname Mismatch

The website name does not match the SAN entries.

Missing Intermediate Certificates

The certificate chain is incomplete.

Private Key Mismatch

The server certificate and private key do not belong together.

Untrusted Certificate Authority

The issuing CA is not trusted by the client.

Conclusion

Digital certificates are the trust mechanism behind secure internet communications. They verify identity, enable encryption, and protect data from interception. Understanding the key components of a certificate—including the subject, public key, issuer, validity period, and certificate chain—provides a strong foundation for anyone working in networking, security, cloud infrastructure, or application support.

Whether you’re troubleshooting TLS issues, deploying applications, or managing enterprise infrastructure, certificate knowledge is an essential skill in today’s technology landscape.