Overview[1]#
Certificate Chain (certificate_list or Certification path) is a Chain of trust of Certificates beginning with a Subject Certificate and ending with the Root Certificate, with OPTIONAL intermediate Certificates in between, each Certificate being Signed relatively to the Public Key which is encoded in the previous Certificate.Validation of the Certificate Chain is a critical part within any Certificate-based Authentication process.
 |
Browsers and Certificate Chain#
Some browsers may complain about a certificate signed by a well-known Trust Anchor, while other browsers may accept the certificate without issues.This occurs because the issuing authority has signed the server certificate using an Intermediate Certificate that is not present in the base of well-known trusted Certificate Authority which is distributed in a particular browser. In this case the authority provides a bundle of chained certificates that should be concatenated to the signed server certificate. The Site Certificate must appear before the chained certificates in the combined file:
$ cat www.example.com.crt intermediate.crt > www.example.com.chained.crt
More Information#
There might be more information for this subject on one of the following:- AuthorityKeyIdentifier
- BasicConstraints
- Certificate Formats
- Certificate Validation
- Certificate-based Authentication
- Certificate_list
- Certification path
- Distinguished Encoding Rules
- Event 4625
- Intermediate Certificate
- JWK Set
- Java KeyStore
- LDAPs and AD
- NameConstraints
- OAuth 2.0 Bearer Token Usage
- OCSP Stapling
- Obtain a Certificate from Server
- PKCS12
- PKCS7
- PathLenConstraint
- Privacy-Enhanced Mail
- Public Key Infrastructure Weaknesses
- Public Key Pinning Extension for HTTP
- SSL Handshake Failed
- SSL-TLS Interception
- Self-signed Certificate
- ServerCertificate
- SubjectKeyIdentifier
- Verifying Certificate Signatures
- [#1] - SSL Certificate framework 101: How does the browser actually verify the validity of a given server certificate?
- based on 2015-03-16
- [#2] - The First Few Milliseconds of an HTTPS Connection - based on 2015-03-16
Please see our Copyright And Intellectual Property Page and Standard Disclaimer Pages!