HTTP & Networking

What is an SSL certificate?

A digital document that binds a public key to a domain name, used by browsers to verify that a site is who it claims to be when establishing an HTTPS connection.

Also known as: TLS certificate, X.509 certificate, HTTPS certificate

Despite the name, modern "SSL certificates" are actually X.509 certificates used with TLS (the protocol that replaced SSL years ago). The certificate carries the domain name (or names, via Subject Alternative Names), an expiration date, the issuing certificate authority, and the public key. A browser trusts the cert if a chain of signatures leads to a CA in its trusted root store.

During the TLS handshake, the server presents its certificate. The client verifies the chain, checks the expiration, confirms the domain matches, and (with HSTS) refuses any downgrade. Once verified, the public key bootstraps a session key that encrypts the rest of the connection. The cert proves identity; the encryption that follows is symmetric for performance.

For crawlers, certificates are useful even outside the security check. The Subject Alternative Names list every hostname a cert covers, which is a low-cost way to discover related subdomains. Certificate Transparency logs (publicly auditable) can be queried to enumerate every cert ever issued for a domain, which is a goldmine for asset discovery.

In the wild

  • A browser refusing to connect to a site whose cert expired yesterday
  • A subdomain enumeration tool querying crt.sh to find every SAN listed across all of a brand's historical certs
  • A health monitor paging on-call 14 days before any production cert expires

How Brand.dev uses ssl certificate

Endpoints in the Brand.dev API where this concept comes up directly.

Company Data APIWeb Scrape HTML API

FAQ

Are SSL and TLS the same thing?

Practically yes. SSL was the original protocol; TLS replaced it (TLS 1.0 in 1999, TLS 1.3 in 2018). "SSL certificate" is a vestigial name; what you actually deploy is a TLS cert.

How long are SSL certificates valid?

Public CAs now cap at 398 days, and the industry is trending toward 90-day certs (Let's Encrypt has been there for a decade). Auto-renewal is essential.

What is Certificate Transparency?

A public, append-only log of every cert issued by participating CAs. It catches mis-issuance and gives security and brand teams a public record of every cert that names their domains.

Related terms

SSL

A deprecated cryptographic protocol that secured network traffic before TLS replaced it. The name persists colloquially.

TLS

The cryptographic protocol that encrypts and authenticates network traffic—the security layer under HTTPS, SMTPS, and most modern protocols.

HTTPS

HTTP encrypted with TLS, the same protocol, but every byte on the wire is authenticated and protected from eavesdroppers.

Domain

The human-readable name that identifies a site on the internet, the part that maps to an IP address through DNS.

Subdomain

A prefix added to a parent domain to identify a separate section, app, or service, like `blog.example.com` or `api.example.com`.

All glossary terms

Ship an agent that actually knows things.

Free tier, 10-minute integration, and the same API powering agents at Mintlify, daily.dev, and Propane. No credit card to start.

Get API Access
Book a call