OpenSSL
Practical OpenSSL reference covering key generation, CSRs, self-signed certificates, inspection, format conversion, OCSP stapling, Certbot, and x509 client authentication with CRLs.
Certificates
TLS Handshake
How a client and server negotiate encryption, authenticate, and derive session keys over TLS 1.2 and 1.3. Covers cipher suite negotiation, certificate chain validation, session resumption, and JA3/JA4 fingerprinting.