Learn

A practical knowledge base for software architects and developers working with X.509 certificates, TLS, and public key infrastructure.

Fundamentals

What is X.509?

The standard behind every TLS certificate — its history, structure, and where it is used.

4 min read

Certificate Fields Explained

Every field and extension in an X.509v3 certificate, from Serial Number to Authority Key Identifier.

6 min read

Certificate Formats

PEM, DER, PKCS#7, PKCS#12 — how to identify, use, and convert between certificate formats.

5 min read

Concepts

How Certificate Chains Work

Root CAs, intermediates, leaf certificates, and how browsers build and verify trust.

4 min read

Self-Signed vs CA-Signed

When to use each, trust implications, browser warnings, and the role of Let's Encrypt.

4 min read

Common Certificate Errors & Fixes

Practical fixes for ERR_CERT_AUTHORITY_INVALID, hostname mismatch, expired certs, and more.

5 min read

mTLS Explained

Mutual TLS authentication — how it works, where it is used, and how to set it up.

4 min read

How PKI Works

Certificate Authorities, lifecycle management, OCSP, CRL, Certificate Transparency, and ACME.

5 min read