A certificate authority (CA) is an entity that issues SSL/TLS licenses. They have their own private key to sign the issued certificate, which is known as the root certificate. Websites with root certificates are considered “trusted sites” by commonly-used browsers. If a website has an SSL/TLS certificate that’s not issued by a root certificate authority, you will get a pop-up window warning you the security certificate isn’t from a trusted source.
The most well-known certificate authority is Verisign, but other popular ones include GeoTrust, Thawte, Symantec, and Comodo.
SSL/TLS certificates come in three different types: single-domain, multi-domain, or wildcard:
- A single-domain certificate can be used on one website, such as pspinc.com.
- A multi-domain certificate can be used on more than one website, such as pspinc.com, dreamersi.com, pspchildrensfoundation.org.
- A wildcard certificate can be used on one domain with an unlimited number of subdomains, such as pspinc.com, blog.pspinc.com, admin.pspinc.com, mailserver.pspinc.com.
It’s good to know this information in advance, so you aren’t completely in the dark when determining what kind of security certificate your website needs, and where to buy it. Next up, we’ll discuss how these certificates help validate the legitimacy of a website.