Logo
Dashboard
Security

SSL Certificate

A digital certificate that authenticates a website's identity and enables encrypted HTTPS connections between web servers and clients using SSL/TLS protocols.

What is an SSL Certificate?

An SSL Certificate (Secure Sockets Layer Certificate) is a digital certificate that authenticates the identity of a website and enables an encrypted connection between a web server and a client’s browser. SSL certificates are issued by Certificate Authorities (CAs) and contain the website’s public key and identity information.

SSL Certificate Components

Public Key

Used by clients to encrypt data sent to the server

Private Key

Kept secret by the server, used to decrypt incoming data

Certificate Information

Types of SSL Certificates

Domain Validation (DV)

# Free from Let's Encrypt
certbot certonly --standalone -d example.com

Validates domain ownership only, issued quickly.

Organization Validation (OV)

Validates organization identity, shows company name in certificate.

Extended Validation (EV)

Highest validation level, displays company name in browser address bar (some browsers).

Wildcard Certificates

*.example.com
# Covers:
# - www.example.com
# - api.example.com
# - blog.example.com

Multi-Domain (SAN)

example.com
www.example.com
api.example.com
example.org

SSL/TLS Handshake

Client → Server: ClientHello
Server → Client: ServerHello + Certificate
Client: Verifies certificate
Client → Server: Encrypted session key
Server ← → Client: Encrypted communication begins

Obtaining SSL Certificates

Let’s Encrypt (Free)

# Install Certbot
sudo apt install certbot

# Obtain certificate
sudo certbot certonly --standalone -d example.com -d www.example.com

# Auto-renewal
sudo certbot renew --dry-run

Commercial CAs

SSL in Web Development

// Check SSL certificate validity
const checkSSL = async (domain: string) => {
  const response = await fetch(\`https://\${domain}\`);
  
  // Certificate info available in some environments
  console.log('Protocol:', response.url.startsWith('https://'));
  console.log('Status:', response.status);
};

// Force HTTPS
if (location.protocol !== 'https:') {
  location.replace(\`https:\${location.href.substring(location.protocol.length)}\`);
}

Certificate Pinning

// Mobile app example
const expectedFingerprint = 'AA:BB:CC:DD...';

// Verify certificate matches expected fingerprint
if (cert.fingerprint !== expectedFingerprint) {
  throw new Error('Certificate mismatch - possible MITM attack');
}

SSL Certificate Errors

Common Issues

  1. Expired Certificate

    • Certificate past expiration date
    • Solution: Renew certificate

  2. Self-Signed Certificate

    • Not signed by trusted CA
    • Solution: Use CA-signed certificate

  3. Domain Mismatch

    • Certificate doesn’t match domain
    • Solution: Obtain certificate for correct domain

  4. Incomplete Certificate Chain

    • Missing intermediate certificates
    • Solution: Install full certificate chain

CorsProxy and SSL

// CorsProxy handles SSL/TLS automatically
const data = await fetch(
  'https://corsproxy.io/?url=https://secure-api.com',
  {
    headers: {
      'x-cors-api-key': process.env.CORS_API_KEY
    }
  }
);

// Certificate validation happens at proxy level
// Your app → CorsProxy: TLS with CorsProxy cert
// CorsProxy → Destination: TLS with destination cert

Learn More

Create a free Account to fix CORS Errors in Production

Say goodbye to CORS errors and get back to building great web applications. It's free!

See Pricing Create Account
CORSPROXY Dashboard

Related Terms

Encryption HTTPS SSL TLS

Encryption

The process of converting plaintext data into ciphertext using cryptographic algorithms to protect information from unauthorized access during transmission or storage.

HTTPS

HyperText Transfer Protocol Secure - The secure version of HTTP that encrypts data transmitted between browsers and web servers using SSL/TLS protocols.

SSL

Secure Sockets Layer - A deprecated cryptographic protocol for establishing encrypted connections between web servers and clients, now superseded by TLS.

TLS

Transport Layer Security - The cryptographic protocol that provides secure communication over networks, succeeding the deprecated SSL protocol for HTTPS and other secure connections.

More in Security

Anti-Detect Browser

An anti-detect browser is a specialized web browser designed to mask and manage multiple digital fingerprints, allowing users to create and maintain separate browser profiles with unique identities to avoid detection and tracking by websites.

CAPTCHA

Completely Automated Public Turing test to tell Computers and Humans Apart - A challenge-response test designed to determine whether the user is human or an automated bot.

CORB

Cross-Origin Read Blocking (CORB) and Opaque Response Blocking (ORB) - Browser security mechanisms that prevent malicious websites from reading sensitive cross-origin data, protecting against Spectre-class side-channel attacks.

Related guides

Web Scraping

features

Avoid These Mistakes When Handling CORS

Cross-Origin Resource Sharing (CORS) is a fundamental security feature implemented in web browsers to control how resources are shared between different origins.

PlayFab Browser CORS Fix: Solve Cross-Origin Errors in Web Games

Learn how to fix CORS errors when using PlayFab SDK in browser games. Covers JavaScript SDK setup, authentication, and proxy solutions for web-based games.

What is the Difference Between a Proxy Server and a VPN? A Comprehensive Guide

Two common tools for protecting your online presence are Proxy Servers and VPNs (Virtual Private Networks).
Back to Glossary