http://rasimsen.com/index.php?title=SSL_Certificate_Chain&feed=atom&action=historySSL Certificate Chain - Revision history2024-03-29T12:11:02ZRevision history for this page on the wikiMediaWiki 1.31.1http://rasimsen.com/index.php?title=SSL_Certificate_Chain&diff=1006&oldid=prevRasimsen: Created page with " =SSL Certificate Chain= There are two types of certificate authorities (CAs): root CAs and intermediate CAs. In order for an SSL certificate to be trusted, that certificate m..."2020-04-04T12:48:26Z<p>Created page with " =SSL Certificate Chain= There are two types of certificate authorities (CAs): root CAs and intermediate CAs. In order for an SSL certificate to be trusted, that certificate m..."</p>
<p><b>New page</b></p><div><br />
=SSL Certificate Chain=<br />
There are two types of certificate authorities (CAs): root CAs and intermediate CAs. In order for an SSL certificate to be trusted, that certificate must have been issued by a CA that is included in the trusted store of the device that is connecting.<br />
<br />
If the certificate was not issued by a trusted CA, the connecting device (eg. a web browser) will then check to see if the certificate of the issuing CA was issued by a trusted CA, and so on until either a trusted CA is found (at which point a trusted, secure connection will be established) or no trusted CA can be found (at which point the device will usually display an error).<br />
<br />
The list of SSL certificates, from the root certificate to the end-user certificate, represents the SSL certificate chain.<br />
<br />
https://d33wubrfki0l68.cloudfront.net/67d491036d6e40015f275fc78daa1de4b9ab6d71/b2364/files/dnsimple-ssl-chain-robowhois.png<br />
<br />
==Example of an SSL Certificate chain==<br />
<br />
Here’s a practical example. Let’s suppose that you purchase a certificate from the Awesome Authority for the domain example.awesome.<br />
<br />
Awesome Authority is not a root certificate authority. In other words, its certificate is not directly embedded in your web browser and therefore it can’t be explicitly trusted.<br />
<br />
* Awesome Authority utilizes a certificate issued by Intermediate Awesome CA Alpha.<br />
* Intermediate Awesome CA Alpha utilizes a certificate issued by Intermediate Awesome CA Beta.<br />
* Intermediate Awesome CA Beta utilizes a certificate issued by Intermediate Awesome CA Gamma.<br />
* Intermediate Awesome CA Gamma utilizes a certificate issued by The King of Awesomeness.<br />
* The King of Awesomeness is a Root CA. Its certificate is directly embedded in your web browser, therefore it can be explicitly trusted.<br />
<br />
In our example, the SSL certificate chain is represented by 6 certificates:<br />
<br />
* End-user Certificate - Issued to: example.com; Issued By: Awesome Authority<br />
* Intermediate Certificate 1 - Issued to: Awesome Authority; Issued By: Intermediate Awesome CA Alpha<br />
* Intermediate Certificate 2 - Issued to: Intermediate Awesome CA Alpha; Issued By: Intermediate Awesome CA Beta<br />
* Intermediate Certificate 3 - Issued to: Intermediate Awesome CA Beta; Issued By: Intermediate Awesome CA Gamma<br />
* Intermediate Certificate 4 - Issued to: Intermediate Awesome CA Gamma; Issued By: The King of Awesomeness<br />
* Root certificate - Issued by and to: The King of Awesomeness</div>Rasimsen