Certificate Authority (CA)
This is a trusted organization or entity that issues digital certificates. These certificates are used to verify the identity of websites, individuals, and devices on a network. When you see “HTTPS” in a web address, it means the website has a digital certificate issued by a CA, ensuring that your connection is secure.
Certificate Revocation List (CRL)
A Certificate Revocation List (CRL) is a list of digital certificates that have been revoked by the CA before their expiration date. Certificates might be revoked for various reasons, such as if the private key is compromised, the certificate is no longer needed or if there is evidence or suspicion that the certificate is being used for fraudulent purposes. The CRL is published regularly by the CA, allowing systems to check if a certificate is still valid or has been revoked.
Certificate Signing Request (CSR)
A Certificate Signing Request (CSR) is a message sent from an applicant to a CA to apply for a digital certificate. It includes the public key that will be included in the certificate and information about the applicant (such as a domain name and organization details). The CA uses this information to create and issue a certificate.
Online Certificate Status Protocol (OCSP)
The Online Certificate Status Protocol (OCSP) is a protocol used for obtaining the revocation status of a digital certificate. Instead of downloading a full CRL, a client can query an OCSP responder (a server) to get the current status of a specific certificate. This provides a more efficient and timely way to check is a certain certificate is still valid or has been revoked.
