So Is It SSL or TLS? Synonyms, Misnomers, and Just Plain Mistakes in Certificate Nomenclature

Scott Rogers Introduction-To

Digital certificates are a terminology-heavy technology space.  Here are some of the terms that are used differently in various circumstances.  Where appropriate, we include a little of the why and how we've chosen to use these terms.


The SSL standard was the original IETF standard that browsers, CAs, and other infrastructure providers created and rallied behind in order to enable commerce and other confidential communications on the Internet.  The IETF superseded the SSL standard with Transport Layer Security (TLS) 1.0 all the way back in 20XX, but by then, the word SSL had such a stronghold that it never left.

We usually say SSL just because it's the convention and what people understand.  We try to weave in some use of the word TLS because it's the technically correct term.  Most of the time, when GeoCerts says SSL, it can be interpreted as meaning TLS, and if that's not the case, we'll make that clear.

Certificate Authority vs. Certification Authority

Certification Authority is the old-school term.  If you worked for RSA in the 1980s, you definitely would have been saying Certification Authority.  That's because if was the authority that performed certification.  As digital certificates moved from the exclusive purview of niche specialists to the broader world of IT employees in general and even regular old computer users, the dialog around that whole ecosystem became less about PKI systems and trust models and more about the pragmatics of putting certificates on servers and code and whatnot.  And as that transformation happened, we saw the awkward term Certification replaced by the easier term Certificate.

When we're not just writing CA, we say Certificate Authority because it's less awkward and is, in fact, the most common usage by far.  But we view both terms as synonymous and think either is perfectly fine.

Domain Validation vs. Domain Validated

This is a similar situation to the previous one.  The technical term is Domain Validation because it describes the level of validation an SSL certificate undergoes.  

HTTPS vs. https

HTTP stands for HyperText Transfer Protocol.  That makes HTTP an acronym and, therefore, capitalized.  (Note the computerish use of the capital letter in the middle of the conjoined word.)  However, URLs, which are always lowercase, start with http websites.  (There are, of course, ftp and other potential URL openings, but http is what we usually see.)

When SSL secures it, we put an S on the end, so we get either HTTPS or https.

So which is correct?  If you want to get nitpicky about it (and isn't that the whole point of this post?), HTTPS is a noun and https is an adjective.  So you could write, "Without HTTPS we couldn't have https pages."

In reality, we don't give this one much thought.  Writing these four paragraphs is the most consideration we've ever given the question.  They're synonymous in our minds.

Secure Sockets Layer vs. Secure Socket Layer

SSL stands for Secure Sockets Layer (plural) because it's a layer of secure sockets.  The noun in the phrase is a layer, and sockets are part of an adjective phrase modifying the noun.  Many people say Secure Socket Layer, so you'll see that a lot, but the plural is, in fact, correct.

Cert vs. certificate

Cert is a convenient shorthand for a certificate, and it makes good sense why people say it.  In official communications like this website, we mostly say certificate, but in direct communication or occasionally in other formats, you'll sometimes see us saying cert.