Certificate Chain

A certificate chain is a hierarchal collection of certificates that leads from the end user or computer back to a root of trust, typically the root certification authority (CA) of an organization. Because all parties presumably trust the root certificate, a party can gain trust in an end-entity certificate by verifying the certificate chain. Verification typically requires establishing that each certificate in the chain:

  • Is signed by the public key in the prior certificate.
  • Has not expired.
  • Has not been revoked.
  • Conforms to the policies specified by prior certificates.

Certificate Hierarchy

Cross Certification

Trust Models