- CSR / PKCS#10 / P10 / request
- This is the public portion of a keypair. It includes the public RSA key, plus some metadata about the final certificate. Once a
request is signed it becomes a
- CRT / certificate / PKCS#7
- This is a certificate, which means it is a
request which has been signed by a
certificate authority. Like a request, it contains the public key of the key pair.
- PKCS#12 / P12
- A file format for storying an encrypted key, it's certificate, and optionally the certificate chain. Private key is required.
- The private key of a keypair. While the word "key" can refer to either the private key or the public key, generally within X509 and SSL, key refers to the private key specifically.
- A public and private key. The public key is usually in the form of a
- certificate authority / CA
- An entity that signs
CSRs, thus making them into
CRTs. Technically speaking, a
CA is just a
certificate used to sign CSRs. This
certificate is generally trusted by all relevant parties. CAs are often, but not always,
- certificate revocation list / CRL
- This is a list of
certificates that have been revoked by a
CA. It must be signed by the
CA to be valid.
- CRL distribution point
- This is the URI where a
CRL can be retrieve. Should not be protected by SSL
- self-signed / root certificate
certificate whose signer is itself.