So Is It SSL or TLS? Synonyms, Misnomers, and Just Plain Mistakes in Certificate Nomenclature

Scott Rogers Introduction-To

Digital certificates are a terminology-heavy technology space.  Here are some of the terms that are used differently in various circumstances.  Where appropriate we include a little bit of the why and how we've chosen to use these terms.


The SSL standard was the original IETF standard that browsers, CAs, and other infrastructure providers created and rallied behind in order to enable commerce and other confidential communications on the internet.  The IETF superseded the SSL standard with Transport Layer Security (TLS) 1.0 all the way back in 20XX, but by then the word SSL had such a stronghold that it never left.

We usually say SSL just because it's the convention and what people understand.  We do try to weave in some use of the word TLS just because it's the technically correct term.  Most of the time when GeoCerts says SSL it can be interpreted as meaning TLS, and if that's not the case we'll make that clear.

Certificate Authority vs. Certification Authority

Certification Authority is kind of the old-school term.  If you worked for RSA back in the 1980s you definitely would have been saying Certification Authority.  That's because if was the authority that performed certification.  As digital certificates moved from the exclusive purview of niche specialists to the broader world of IT employees in general and even regular old computer users, the dialog around that whole ecosystem became less about PKI systems and trust models and more about the pragmatics of putting certificates on servers and code and whatnot.  And as that transformation happened, we saw the awkward term Certification become replaced by the easier term Certificate.

When we're not just writing CA, we say Certificate Authority because it's less awkward and is in fact the most common usage by far.  But we view both terms as synonymous and think either is perfectly fine.

Domain Validation vs. Domain Validated

This is a similar situation to the previous one.  The technical term is Domain Validation because it describes the level of validation an SSL certificate undergoes.  

HTTPS vs. https

HTTP stands for HyperText Transfer Protocol.  That makes HTTP an acronym, and therefore capitalized.  (Note the very computerish use of the capital letter in the middle of the conjoined word.)  However, URLs, which are always lowercase, start with http for web sites.  (There are of course ftp and other potential openings for URLs, but http is what we usually see.)

When it's secured by SSL, we put an S on the end, so we get either HTTPS or https.

So which is correct?  If you want to get nitpicky about it (and isn't that the whole point of this post?), HTTPS is a noun and https is an adjective.  So you could write, "Without HTTPS we couldn't have https pages."

In reality we don't give this one much thought.  Writing these four paragraphs is the most consideration we've every given the question.  They're basically synonymous in our minds.

Secure Sockets Layer vs. Secure Socket Layer

SSL actually stands for Secure Sockets Layer (plural) because it's a layer of secure sockets.  The noun in the phrase is layer and sockets is part of an adjective phrase modifying the noun.  Many people say Secure Socket Layer, so you'll see that a lot, but the plural is in fact correct.

Cert vs. certificate

Cert is a convenient shorthand for certificate, and it makes good sense why people say it.  In official communications like this web site we mostly say certificate, but in direct communication or occasionally in other formats you'll sometimes see us saying cert.