There are things about SSL certificates that are sometimes vague for some website owners and Internet users that are not being covered in most, if not all, tutorials, how-to videos and other kinds of articles. That’s why these things remain as questions that are unanswered. Thankfully, there are some people on the Internet that are spirited enough to seek answers and get these things clear for their sake and for the sake of other Internet users. Here are three interesting questions and answers about SSL certificates that some people forget to ask or discuss.
Why do SSL certificates expire?
We all know that SSL certificates expire. Depending on the contract, SSL certificates may expire after a year or more after the contract has been signed and the certificate has been made or issued. But many Internet users don’t know why these certificates expire.
If these certificates can still be used after they expire, why do certificate buyers need to renew their certificate contracts with their providers?
SSL certificates do not really expire. They are just being ‘abandoned’ by their provider because their contract has been concluded. Meaning, the SSL certificate that has already expired is no longer tracked and updated by the provider. This might result in the certificate to be ineffective because the encryption may become outdated.
Why do some organizations need more than one certificate?
Yeah, why can’t organizations just use one certificate for their website?
Some organizations have multiple domain names; that’s why they need more than one certificates. Because different domains need separate certificates, most organization need more than one certificate to protect their websites.
Why do certificate providers give out ‘child certificates’ from ‘root certificates’ instead of just providing a ‘root certificate’ copy?
Why can’t companies get a copy of a ‘root certificate’ – instead of a ‘child certificate’ – when they ask for their ‘root certificate’?
Because the private key of an SSL certificate is important, certificate authorities cannot just give out this piece of information. CA companies will only provide a copy of the ‘root certificate’ containing a different private key (the ‘child certificate’) so that the original private key will not be exposed to entities that could use it for their malicious intents.
If one or some of the questions above have been your question in the past, you know that it is not widely discussed on tutorials because even though they are useful, they are not often included in the tutorial topics. So though the questions above are not being asked by everyone, they are still important inquiries that most Internet users are ending up ignoring. Thankfully, there are some people who are genuinely interested on the topics and there are also some Internet users who are enthusiastic enough to take time and answer these interesting yet often forgotten SSL certificate questions.