Certificate Chain (certificate_list) is a collection of Certificates beginning with a root Certificate Authority and ending with the Digital Subject's Certificate, with OPTIONAL intermediate Certificate in between, each Certificate being Signed relatively to the Public Key which is encoded in the previous Certificate.

Validation of the Certificate Chain is a critical part within any Certificates and Authentication process.

Certificate Chain

Browsers and Certificate Chain#

Some browsers may complain about a certificate signed by a well-known certificate authority, while other browsers may accept the certificate without issues.

This occurs because the issuing authority has signed the server certificate using an Intermediate Certificate that is not present in the base of well-known trusted Certificate Authority which is distributed in a particular browser. In this case the authority provides a bundle of chained certificates that should be concatenated to the signed server certificate. The Site Certificate must appear before the chained certificates in the combined file:

$ cat www.example.com.crt intermediate.crt > www.example.com.chained.crt

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
certificate-chain-two.png 49.8 kB 1 19-Aug-2016 13:48 jim More details
certificate-chain.png 24.2 kB 1 16-Mar-2015 18:12 jim Certificate Chain
« This page (revision-12) was last changed on 25-Jan-2017 13:24 by jim