This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links

Version management

Difference between version and

At line 1 added 26 lines
!!! Overview[1]
[{$pagename}] ([certificate_list] or [Certification path]) is a [Chain of trust] of [Certificates] beginning with a [Subject Certificate] and ending with the [Root Certificate], with [OPTIONAL] [intermediate Certificates] in between, each [Certificate] being [Signed|Digital Signature] relatively to the [Public Key] which is encoded in the previous [Certificate].
Validation of the [{$pagename}] is a critical part within any [Certificate-based Authentication] process.
[{Image src='Certificate Chain/certificate-chain-two.png' caption='Certificate Chain' align=left style='font-size: 120%}]. \\
!! [Browsers] and [{$pagename}]
Some [browsers] may complain about a [certificate] signed by a well-known [Trust Anchor], while other browsers may accept the [certificate] without issues.
This occurs because the issuing authority has signed the server certificate using an [Intermediate Certificate] that is not present in the base of well-known trusted [Certificate Authority] which is distributed in a particular browser. In this case the authority provides a bundle of chained certificates that should be concatenated to the signed server certificate. The [Site Certificate] must appear before the chained certificates in the combined file:
%%prettify
{{{
$ cat www.example.com.crt intermediate.crt > www.example.com.chained.crt
}}} /%
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [SSL Certificate framework 101: How does the browser actually verify the validity of a given server certificate?|https://security.stackexchange.com/questions/56389/ssl-certificate-framework-101-how-does-the-browser-actually-verify-the-validity|target='_blank'] - based on 2015-03-16
* [#2] - [The First Few Milliseconds of an HTTPS Connection|http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html|target='_blank'] - based on 2015-03-16