Glossary

A service account configured in MTG CLM that enables programmatic access to certificate operations through REST APIs.

A multistep process requiring authorization from designated approvers before sensitive certificate operations can be completed.

Comprehensive recording of all certificate-related activities, including issuance, renewal, revocation, and administrative actions for compliance and forensic analysis.

The process of verifying the identity of users, devices, or services requesting access to certificate management operations.

A simple HTTP authentication method using username and password credentials, as defined in RFC 7617.

A Certificate Authority that acts as a central point connecting multiple PKI hierarchies, simplifying complex trust relationships.

A trusted entity that issues digital certificates by verifying the identity of certificate requesters and digitally signing the certificates.

The automated process of finding and inventorying existing certificates across an organization’s infrastructure.

The complete process from certificate request through expiration, including issuance, distribution, usage, renewal, and revocation.

A set of rules and parameters that define how certificates are issued, what information they contain, and how they should be managed.

A centralized storage system that stores and distributes certificates and certificate revocation information.

A periodically published list of certificates that have been revoked before their expiration date.

A message sent to a Certificate Authority containing a public key and identifying information for certificate issuance.

A digital certificate that functions like a digital ID card for users and devices, providing authentication and secure access to systems.

A digital certificate used by software developers to digitally sign applications, proving the software’s authenticity and integrity.

Adherence to regulatory requirements, security standards, and organizational policies governing certificate management practices.

A trust relationship established between separate PKI hierarchies, allowing certificates from one hierarchy to be trusted in another.

Mathematical procedures used for encryption, decryption, digital signing, and key generation in certificate operations.

Specialized certificates installed on IoT devices and other hardware to enable secure machine-to-machine communication.

A cryptographic mechanism that provides authentication, non-repudiation, and data integrity for digital documents and certificates.

A basic TLS certificate that confirms domain ownership through simple verification processes.

The subject of a certificate - an individual, device, or service that uses certificates for secure operations.

Authentication credentials that enable end entities to request certificates through self-service operations.

A standardized protocol (RFC 7030) for automated certificate enrollment and management over HTTPS.

The highest level of TLS certificate validation, requiring rigorous verification of organization details and providing strong visual trust indicators.

A dedicated cryptographic device that provides secure key storage and cryptographic operations for protecting Certificate Authority private keys.

A PKI trust model organized with a single Root CA at the top, with trust flowing downward through Intermediate CAs.

A Certificate Authority that operates under a Root CA in a hierarchical PKI structure, typically used to issue end entity certificates.

Security measures and technologies used to safeguard cryptographic private keys from unauthorized access or compromise.

A certificate that secures multiple unrelated domains using Subject Alternative Names (SAN), also known as a SAN certificate.

A protocol that provides real-time certificate validation by checking revocation status with the issuing CA.

A mechanism that allows servers to include OCSP responses with their certificates, improving performance and privacy.

A TLS certificate that includes verification of the organization’s identity in addition to domain ownership.

A framework of technologies, policies, and procedures that enables secure communication through digital certificates and cryptographic keys.

A set of standards for cryptographic operations, including certificate requests (PKCS#10) and key storage (PKCS#12).

The automatic application of certificate policies to ensure all issued certificates meet organizational and regulatory requirements.

A documentation strategy that presents information in layers, allowing users to access increasingly detailed information as needed.

A user role that manages certificates within assigned realms, typically handling day-to-day certificate operations.

A logical container that provides separation between different certificate environments, each with its own policies, end entities, and certificates.

An entity that handles the verification of certificate requests before they reach the Certificate Authority.

A security model that assigns permissions based on user roles and job functions within the organization.

The top-level Certificate Authority in a PKI hierarchy, whose certificate is self-signed and serves as the trust anchor.

A certificate used for encrypting, decrypting, and digitally signing email messages according to the S/MIME standard.

The capability for end entities to request, renew, and manage their own certificates without administrator intervention.

A TLS certificate that secures one specific domain name.

A digital credential that enables encrypted connections between servers and clients, commonly used to secure websites with HTTPS.

The framework that defines how trust relationships are established and maintained within a PKI system.

A decentralized trust model where individuals vouch for the authenticity of others' keys through a network of relationships.

A TLS certificate that covers a main domain and all its first-level subdomains using a wildcard notation (*.example.com).

The standard format for public key certificates that defines the structure and content of digital certificates.

A security model that uses certificate-based authentication for continuous verification of users and devices, assuming no implicit trust.