ServerCertificate describes a Step within the TLS Handshake process.

The server sends a certificate, which contains its Public Key. This message is almost always sent, except if the Cipher Suite mandates a handshake without a certificate.

If the server requires a digital certificate for client authentication, the server sends a "digital certificate request" message. In the "digital certificate request" message, the server sends a list of the types of digital certificates supported and the distinguished names of acceptable certificate authorities.


Actually, the server sends a "certificate_list" which is described in RFC 5246 as: This is a sequence (chain) of certificates. The sender's certificate MUST come first in the list. Each following certificate MUST directly certify the one preceding it. Because certificate validation requires that root keys be distributed independently, the Self-signed Certificate that specifies the root certificate authority MAY be omitted from the chain, under the assumption that the remote end must already possess it in order to validate it in any case.

If the certificate_list contains the Root Certificate SSL/TLS will work but is NOT recommended. The properly implemented client must have all the valid Root Certificates in its Trust Anchor Store and MUST NOT trust a Root Certificates distributed over an insecure connection from a random site.

If a client wants to exempt your site from certificate validation, they SHOULD NOT add your Root Certificate to Certificate Trust Store. More than likely that user is not aware that they open door to nearly all their SSL connections (except pinned ones). They should only ever trust your Site Certificate (aka the leaf certificate).

The popular ssllabs.com test site issues a minor warning in case a root is concatenated, describing the connection with something like "contains anchor".

Technically, the only bad thing that can be told about sending the Root Certificate in the chain is that it uses a bit of network bandwidth needlessly. That's about 1 kB data per connection which includes a Full TLS Handshake. In a typical session between a client (Web browser) and a server, only one connection will be of that type as the other connections from the client will use "Abbreviated TLS Handshake" which build on the initial handshake, and do not use certificates at all. And each connection will be kept alive for many successive HTTP requests. So the network overhead implied by the placing the Root Certificate in the certificate_list is slight.

More Information#

There might be more information for this subject on one of the following: