mirror of
https://github.com/certbot/certbot.git
synced 2026-02-28 12:23:14 -05:00
df8b374916
- adding what.rst to index.rst - Bigger link to instruction generator in intro.rst, some edits to what.rst in response to comments on What is a Certificate? section first draft #4370 - Responding to St_Ranger's comment on 4370 - Edits to using.rst related to --expand - Initial edit pass through challenges.rst - Edits to what.rst and challenges.rst to resolve #3664 and #4153 - Incorpoprating feedback from #4370 - Finally going after those last few comments before the restructuring of the plugin stuff (coming soon) - Fixing --expand example in using.rst and adding to Apache/NGINX bullet in challenges.rst
31 lines
1.7 KiB
ReStructuredText
31 lines
1.7 KiB
ReStructuredText
======================
|
|
What is a Certificate?
|
|
======================
|
|
|
|
A public key or digital *certificate* (formerly called an SSL certificate) uses a public key
|
|
and a private key to enable secure communication between a client program (web browser, email client,
|
|
etc.) and a server over an encrypted SSL (secure socket layer) or TLS (transport layer security) connection.
|
|
The certificate is used both to encrypt the initial stage of communication (secure key exchange)
|
|
and to identify the server. The certificate
|
|
includes information about the key, information about the server identity, and the digital signature
|
|
of the certificate issuer. If the issuer is trusted by the software that initiates the communication,
|
|
and the signature is valid, then the key can be used to communicate securely with the server identified by
|
|
the certificate. Using a certificate is a good way to prevent "man-in-the-middle" attacks, in which
|
|
someone in between you and the server you think you are talking to is able to insert their own (harmful)
|
|
content.
|
|
|
|
You can use Certbot to easily obtain and configure a free certificate from Let's Encrypt, a
|
|
joint project of EFF, Mozilla, and many other sponsors.
|
|
|
|
Certificates and Lineages
|
|
=========================
|
|
|
|
Certbot introduces the concept of a *lineage,* which is a collection of all the versions of a certificate
|
|
plus Certbot configuration information maintained for that certificate from
|
|
renewal to renewal. Whenever you renew a certificate, Certbot keeps the same configuration unless
|
|
you explicitly change it, for example by adding or removing domains. If you add domains, you can
|
|
either add them to an existing lineage or create
|
|
a new one.
|
|
|
|
See also:
|
|
:ref:`updating_certs`
|