Secure Socket Layer (SSL) certificates

SSL is a network protocol that allows for secure communication between two parties.  This section provides some information on certificates used in SSL


Applicable CAST Products



8.3.x (tick)
AIP Console (tick)
Dashboards (tick)
Imaging (tick)
CSS (tick)
Highlight (tick)


See the sections below for information on Certificates:


What is a Certificate?

  • Information that is required to allow for 2 parties to have a secure connection. The underlying protocol is using Secure Sockets Layer (SSL).
  • Certificates are generally issued by Certificate Authorities.
  • The Certificate contains information about:
    • the dates the certificate can be used
    • the issuing authority
    • public key information
    • Fingerprints (to confirm validity)

For further information, please see:

Types of Certificates

  • An initial request into a certificate authority can be done by a Certificate Signing Request (CSR). This normally is just a public key that is generated as part of the certificate request process. CSRs by themselves cannot be used
  • An application is normally given a base certificate in order to validate network traffic to this application.
  • Intermediate certificates link base certificates to a root certificate.  Intermediate certificates may come from certificate authority or a specific organization.
  • Root certificates are the end point in resolution and the certificate chain.  They are issued by a certificate authority

Certificate Format

  • A Certificate by itself can be in a *.CSR, *.crt, or *.pem format. These are basic formats which just contain the certificate itself.

    • These certificate formats often also require a private key when configuring for use by an application, so that you have a certificate and a key pair when configuring this for an application.

  • There are formats of keys which have both the key and certificate information combined. These are generally *.pfx, or *.p12 or *.p7 keys.  These have an associated passphrase for security.

Certificate Authority

  •  An organization that monitors and issues certificates to enable the safe and secure connection.
  • Issues root certificates and possibly intermediate certificates to allow for certificate resolution.

For further information, please see:


Self-Signed Certificate

  • A certificate which did not come from a certificate authority, but is verified to be true by the user themselves.
  • Generally, not safe and not to be used, but could be used for some limited testing

For further information, please see:


Certificate Chain

  •  The process of validating a certificate requires that the base certificate, intermediate certificate(s), and root certificate all align to form a certificate chain (or chain of trust) for certificate resolution to ensure the validity of the certificate.

For further information, please see:



Have more questions? Submit a request


Powered by Zendesk