Solution ID : SO16297
Last Modified : 11/01/2023
Solution
What is a Certificate Chain?
- Acertificate chainis an ordered list of certificates, containing an SSL/TLS Certificate and Certificate Authority (CA) Certificates, that enables the receiver to verify that the sender and all CA's are trustworthy.
- Thechain or path beginswith the SSL/TLS certificate, and each certificate in the chain is signed by the entity identified by the next certificate in the chain.
What is anIntermediate Certificate?
- Any certificate that sits between the SSL/TLS Certificate and the Root Certificate is called a chain or Intermediate Certificate.
- TheIntermediate Certificateis the signer/issuer of the SSL/TLS Certificate.
- The Root CA Certificate is the signer/issuer of the Intermediate Certificate.
- If the Intermediate Certificate is not installed on the server (where the SSL/TLS certificate is installed) it may prevent some browsers, mobile devices, applications, etc. from trusting the SSL/TLS certificate.
- In order to make the SSL/TLS certificatecompatiblewith all clients, it is necessary that the Intermediate Certificate be installed.
Manage every certificate in a single platform with DigiCert CertCentral.
What is the Root CA Certificate?
The chain terminates with a Root CA Certificate. TheRoot CA Certificateis always signed by the CA itself. The signatures of all certificates in the chain must be verified up to the Root CA Certificate.
Illustration of a certification path from the certificate owner to the Root CA, where the chain of trust begins:
