# Certificate Types Not all certificates are interchangeable. Each type carries distinct usage requirements, validation standards, and lifecycle characteristics - and CERTInext tracks and automates all of them. Here's what the platform manages: * **TLS/SSL Certificates** - Secure transport for web applications, APIs, microservices, load balancers, and internal services. These are probably the most common type you'll encounter, and they're subject to the industry-wide validity period reductions that have driven much of the urgency around CLM. * **Client and Device Certificates** - Identify and authenticate users, machines, servers, and network devices for secure access and mutual TLS communication. For instance, a device certificate on a corporate laptop can be used to enforce network access policy without relying on username/password alone. * **Code Signing Certificates** - Ensure software integrity and verify publisher identity for applications, scripts, drivers, and software updates. Without these, there's no reliable way to confirm that the binary a user is running hasn't been tampered with after the developer shipped it. * **Document Signing Certificates** - Support digital signing of PDFs, contracts, invoices, and official records, providing authenticity, integrity, and non-repudiation. * **IoT and Embedded Certificates** - Provide secure identity for internet-connected devices, sensors, gateways, and industrial endpoints. These typically require high-volume, low-touch issuance workflows, since you're often provisioning thousands of devices at a time. * **Private Certificates (Any Profile)** - Support internally issued certificates for enterprise applications, internal domains, DevOps environments, VPNs, and custom trust models under private PKI policies. * **Private CA Hierarchies** - Manage full private PKI hierarchies, including Root and Intermediate CAs. This gives you controlled issuance, policy enforcement, key management, and trust chain administration across internal environments. Each of these types has its own lifecycle requirements. A TLS certificate might have a 90-day validity window today, while a code signing certificate or device certificate operates on a very different schedule. CERTInext tracks those differences and applies the appropriate automation and governance to each. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.certinext.io/documentation/getting-started/key-concepts-and-terminology/certificate-types.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.