- X.509 - format of certificate for public and private keys
- CMK - customer master key, to encrypt the private key
- CA - certificate authority, entity that issues digital certificates. this is set in DNS record CAA to allow a CA to issue certificate for that domain
- https://crt.sh/?q=darwinbiler.com. - lets you see the certificates issued to your domain (certificate transparency log). browsers used this to detect any anomaly in certificate
- SCT - Signed Certificate Timestamp, ACM submits the certificate to at least two certificate transparency log servers. These servers add the certificate to their public databases and return a signed certificate timestamp (SCT) to the Amazon CA. it is then included in your X.509 certificate
- TLD - rightmost label in the domain name, like .com .edu .gov
- Apex domain - domain name + TLD example.com
- FQDN - complete DNS name
- ICANN - where registrar seeks accreditation
- PKI - public key infrastructure, hardware, software, people, policies, documents, and procedures that are needed to create, issue, manage, distribute, use, store, and revoke digital certificates
- Root Certificate - CA has hierarchy of child-parent relationship. the root CA certificate is called root certificate
- SSL - cryptographic protocol, uses X.509 certificates to authorize server. TLS is the successor of SSL
- ACM certificates is only valid for 13 months
resources: