IP Office Security Guidelines

Certificate Terminology

Last Updated : Apr 27, 2022 |

Throughout this document the following terms and definitions will be used in the context of certificates:


Term	Description
Certificate	A digital certificate containing identity information, a public key and other digital security data conforming to the X.509 v3 standard.
Certificate Authority	An entity that can issue identity certificates signed by another certificate.
Root CA Certificate	A 'self-signed' certificate (that is, a certificate that has been signed by itself) representing the certificate authority's root of the certificate hierarchy whose private key can be used for signing other certificates. Most operating systems and browsers ship with many root CA Certificates from public authorities that are trusted by default.
Intermediate CA Certificate	A certificate which has been created and signed by a CA for the purpose of signing other certificates.
Identity Certificate	A certificate used to represent an entity's identity. To be used as an identity certificate the associated private key must also be present.
Trusted Certificate	A certificate that is trusted by an entity.
Trusted Certificate Store	A store of trusted certificates.
Trusted Root/Trust Anchor	The top level certificate that is trusted by an entity.
Certificate Chain	A list of certificates, starting with the Identity Certificate followed by one or more CA certificates (usually the last one being Root CA certificate) where each certificate in the chain is signed by the subsequent certificate.
Trust domain	A single PKI trust structure, for example, an 'island of authority'.
Server Authentication	The checking of a server's certificate by a client.
Mutual Authentication	The checking of a client's certificate by a server.
Certificate Identity Verification	The source of the certificate (IP address, URL, and so on) is checked against the contents of the certificate's Name and Subject Alternative Name fields.
Single Domain Certificate	A certificate created for a single server with just one name field/domain (that is, one identity).
Multi Domain Certificate	Also called 'Multi-SAN' or 'Unified Communications' certificate. A certificate created for a single server with many domains/identities, each identity is one name entry.
Wildcard Certificate	A certificate created for a multiple servers or a single server with many domains/identities. The name entry is of the form '*.example.com'. Wildcard certificates carry additional security risks and limitations. See Certificate Name Content.

Send Feedback