Network applications often use a version of the secure sockets layer (SSL) or transport layer security (TLS) protocols to secure communications between computing devices, such as between a client and a server or between two servers. The SSL and TLS protocols typically provide both authentication and encryption functionality in order for the computing devices to verify each other's identity and for the computing devices to encrypt communications between each other. These functions are typically implemented through the use of certificates issued to one or more of the computing devices in communication with each other.
For example, a server can be issued a certificate from a certificate authority. The certificate will typically include information identifying the owner of the server, the identity of the owner of the certificate authority that issued the certificate, and additional information instructing client devices how to encrypt network traffic sent to the server. When a client attempts a secure communication with the server, the server will provide the certificate to the client. The client will then verify that the certificate was issued by the certificate authority. If the certificate authority is included in a list of trusted certificate authorities maintained by the client, the client will secure communications with the server using the encryption instructions included in the certificate. Typically, client devices will have a preinstalled list of trusted certificate authorities (e.g., a list bundled with the operating system, list bundled with a web browser, or a list bundled with some other client application), although individual certificate authorities can often be manually added to the list of trusted certificate authorities.
As a result, a client does not have to store or otherwise track certificate information for every server that the client can potentially communicate with. Instead, the client can track information pertaining to a smaller number of trusted certificate authorities that issue certificates. So long as the certificate of a server has been issued by one of these trusted certificate authorities, the client will be able to securely communicate with the server using a version of the SSL or TLS protocol.