What Is an SSL Certificate? A Plain-English Explainer

SSL certificates encrypt the connection between your browser and a web server. Learn what they are, how they work, and why every site needs one.

Every time you visit a website that starts with https://, an SSL certificate is working behind the scenes to keep your connection private. But what exactly is an SSL certificate, and why does it matter?

The Short Answer

An SSL certificate (more accurately called a TLS certificate today) is a small digital file installed on a web server. It does two things: it encrypts the data flowing between the server and your browser, and it verifies the server's identity so you know you're talking to the real website and not an imposter.

How It Works

When your browser connects to a site, the server presents its certificate. Your browser checks that the certificate was issued by a trusted Certificate Authority (CA) and that it hasn't expired. If everything checks out, the two sides perform a handshake to agree on encryption keys — and your session becomes private.

The certificate contains a public key that anyone can see. The matching private key lives only on the server. Data encrypted with the public key can only be decrypted by the private key, which is why eavesdroppers can't read your traffic even if they intercept it.

What's Inside a Certificate?

A certificate is a structured data file conforming to the X.509 standard. Its key fields include:

  • Common Name (CN) — the primary domain the certificate protects. See our Common Name explainer.
  • Subject Alternative Names (SANs) — additional domains covered. See Subject Alternative Names.
  • Validity period — the not-before and not-after dates.
  • Public key — the cryptographic key used for the handshake.
  • Issuer — the Certificate Authority that signed it.
  • Fingerprint — a unique hash of the certificate. See Certificate Fingerprint.

Certificate Types

Not all certificates are equal. A basic Domain Validation (DV) certificate only proves you control the domain. An Organization Validation (OV) certificate also verifies your business identity. An Extended Validation (EV) certificate requires the most thorough vetting. The right type depends on your site's purpose and your users' expectations.

Decode Any Certificate Instantly

Curious what's inside a certificate you've received or found? Paste the PEM text into our SSL Certificate Decoder to see every field in plain English — subject, issuer, validity dates, SANs, fingerprints, and more.

Decode any SSL certificate instantly

Paste any PEM certificate into the free decoder — see subject, issuer, SANs, fingerprints, validity dates, and all X.509 extensions explained in plain English.

Open the Decoder
All articles