One area I struggle with a lot is the tendency to seek my righteousness outside of Jesus. I try to justify my existence or declare myself good by trying to do good or impressive things or by trying to be someone other than I am. (The Greek word dikaiosyne in the New Testament is commonly translated with righteousness and means precisely this: What it is about a person that makes them “right” or “good”?)

When Jesus entered the scene of human history, He announced the availability of the Kingdom of God to all humans, especially the ones we normally think are completely out of luck in this life (including me). This means we can step into a different kind of life of eternal quality (He is even so bold as to call it The Life), and we can do that here and now. And part of that eternal reality of “God always present with us” is that we no longer have to try justifying our lives on our own.

Recently, I came upon a wonderful metaphor or analogy for how Jesus justifies us: SSL Certificates.

You may remember that many websites run on HTTPS. (The “S” in HTTPS stands for SSL (or rather TLS, the more current version of SSL).) If you check the address bar in your browser, it should show a padlock 🔐 symbol. That means the communication with a website (e.g. this blog) is secured and the information you send to a website (e.g. to this blog which is hosted on GitHub) is only readable by you and the receiver (and no third party, possibly malicious, in between).

Part of this secure communication are SSL certificates. They basically state that a server hosting a certain website on a domain (e.g. on the domain jscheytt.github.io) is really the owner of that domain. To establish a certain level of trust, these certificates are signed by a Certificate Authority (CA) or multiple CAs. These are legal entities that basically everybody on the internet has agreed upon to be trustworthy.

You can of course easily create a certificate and sign it yourself. But if you try to access a website secured by such a self-signed certificate, you are going to see lots of warnings (because browsers don’t trust such certificates by default — and you should not either!). This also applies to our personal dikaiosyne: We simply cannot justify ourselves. We need someone external, someone who is not us to approve of us and call us good. Just like the saying goes in 2 Corinthians 10:

For it is not the one who commends himself who is approved, but the one whom the Lord commends.

Every SSL certificate is only valid for a certain domain or range of domains. Short recap: A domain consists of multiple strings (“elements”) that are delimited by dots. The further to the right an element stands, the more importance it has. The rightmost element is the Top-Level Domain (TLD), e.g. .com. Next come the second- and third-level domains. (Everything below the second level is colloquially called a “subdomain”.) If you wanted to secure this website, you could either create a certificate for jscheytt.github.io or a so-called wildcard certificate for *.github.io. With the latter you could secure all domains running as direct subdomains of github.io.

Now if I try to justify my life on my own (e.g. by relying on my own efforts), I am running my life on my own domain (e.g. josia-schey.tt), basically my own kingdom. I can try as hard as I want to get someone to sign my SSL certificate, and maybe sometimes someone might even approve of me. But in the end the best I can achieve is an untrustworthy self-signed certificate for my existence.

However, what Jesus achieved through His life, death on the cross, and resurrection is a wildcard certificate for *.eternal.life. He as the Highest Authority in the universe signed this certificate with His blood. And He invites everybody to host their lives under His domain. Everybody who places their trust in Him, dies to themselves, and chooses to live in His loving dominion, will have a valid SSL certificate that cannot be corrupted and will never expire. They just have give up their life (or rather half-life) which they have tried living so far on their own domain (e.g. josia-schey.tt) and choose to live instead under e.g. josia-scheytt.eternal.life.

There is another neat small catch implied here: I recently learned that a wildcard certificate is only valid for one level of depth. You cannot secure domains with it that sit deeper than the asterisk. That is, if I have a wildcard certificate for *.eternal.life, it is only valid for domains like josia-scheytt.eternal.life but not for any domain like my-personal-kingdom.josia-scheytt.eternal.life or the-things-from-my-old-life-i-still-try-to-keep.josia-scheytt.eternal.life. (To do that I would need another wildcard certificate for *.josia-scheytt.eternal.life.) When I submit to Him and let Him live His life through me, there will be no room left for establishing my own kingdom, trying to get things or other people under my control. God really wanted to have a big family of brothers and sisters all on eye level, and with Him at the center and as the Head — and praise Him for getting it!