What is certificate chains?
How does certificate chains work?
courtesy @ digicert.com
What is certificate chains?
A certificate chain is an ordered linked list of certificates, it contains an SSL Certificate and Certificate Authority (CA) Certificates, that enable the client to verify that the server and all signing CA's are trustworthy.
SSL Certificate:
SSL Certificates are small data files that digitally bind a cryptographic key to an organization’s details.
SSL Certificates bind together:
A domain name, server name or hostname.
An organizational identity (Country Name (C),State or Province (ST),Locality (L),Organization (O),Organizational Unit (OU) and Common Name (CN)).
Intermediate Certificate (Chain):
Any certificate that sits between the SSL Certificate and the Root Certificate (CA Certificate) is called a chain or Intermediate Certificate.
The Intermediate Certificate is the signer/issuer of the SSL Certificate.
The Root CA Certificate is the signer/issuer of the Intermediate Certificate.
Root CA Certificate:
The Root CA Certificate is a Certificate Authority Certificate himself.
The signatures of all certificates in the chain must be verified up to the Root CA Certificate.
The chain terminates with a Root CA Certificate.
How does it work ?
In order to make the SSL certificate compatible with all clients, it is necessary that the Certificate chain be installed.
If the Intermediate Certificate is not installed on the server (where the SSL certificate is installed) it may prevent the clients from trusting the SSL certificate. In order to make the SSL certificate compatible with all clients, it is necessary that the Intermediate Certificate be installed.
While creating an identity store, the complete chain must be used,
0 Comments