



A Public Key Infrastructure (PKI) is the set of hardware, software, policies, process and the procedures required to create manage, use, distribute and revoke the digital certificate and public keys. A Public Key allows you to bind public keys with the person in a way that allows you to trust the certificate. PKI like the one used to secure the internet most commonly used a certificate authority to verify the identity of an entity and create an unforgeable certificate. Web browsers, web servers, email clients, smart cards and many other types of hardware and software all have integrated, standard-based PLI Support that can be used with each other.





Explaining Chain of Trust





One of the most common questions we field is in relation to the “Chain of Trust”. If you ever had any inquiries regarding roots, intermediates or how SSL Certificate are chained, you are examining the Chain of Trust. This article will explain how certificate chaining works and how a browser determines that your certificate can be trusted.





What is Chain of Trust?













The Chain of Trust refers to your SSL certificate and how it is linked back to a trusted Certificate Authority.





Authority: - For an SSL Certificate to be trusted it must be traceable back to the trusted root it was signed it off, meaning all the certificates in the chain, server intermediate, and root, need to be properly trusted. There are 3 parts to the chain of trust. For an SSL Certificate to be trusted it must be traceable back to the trusted root it was signed it off, meaning all the certificates in the chain, server intermediate, and root, need to be properly trusted. There are 3 parts to the chain of trust.





Root Certificate: - A root certificate is a digital certificate that belongs to the issuing Certificate Authority. It Comes pre-downloaded in the most browser and is stored in what is called “trust store”. The root certificate is closely guarded by the Certificate Authorities. A root certificate is a digital certificate that belongs to the issuing Certificate Authority. It Comes pre-downloaded in the most browser and is stored in what is called “trust store”. The root certificate is closely guarded by the Certificate Authorities.





Intermediate Certificate: - Intermediate Certificates branch off the root certificate like branches of trees. They act as middlemen between the protected root certificates and the server certificate issued out to the public. There will always be at least one intermediate certificate in a chain, but there can be more than one. Intermediate Certificates branch off the root certificate like branches of trees. They act as middlemen between the protected root certificates and the server certificate issued out to the public. There will always be at least one intermediate certificate in a chain, but there can be more than one.





Server Certificate: - The server certificate is the one issued to the specific domain the user needing coverage. The server certificate is the one issued to the specific domain the user needing coverage.





How does the Chain of Trust Work?





When you install your SSL Certificate you will be also sent an intermediate root certificate. When a browser downloads your website SSL Certificate upon arriving at your homepage it begins the chaining that certificate back to its root. It will begin by following the chain to intermediate that has been installed, from where it continues to trace backward until it arrives at a trusted root certificate. If the certificate is valid and can be chained back to a trusted root it will be trusted. If it can be chained back to a trusted root the browser will issue a warning about the certificate.





Troubleshooting Chain of Trust Issues





You will occasionally receive an error regarding your certificate’s Chain of Trust if something has been configured incorrectly. Here are the some of the things to consider if you receive an error relating to your chain of trust.





· Was your SSL Certificate issued by a Trusted CA? If not, your SSL Certificate will not be trusted by the browser. This would also be an issue if your self-signed certificate. Was your SSL Certificate issued by a Trusted CA? If not, your SSL Certificate will not be trusted by the browser. This would also be an issue if your self-signed certificate.





· Did you install your intermediates properly? While some browsers will try to fill in any gaps in the certificate chain, you don’t want to leave things to chance. Make sure that you successfully install all intermediate certificate at the time you install your SSL Certificate. Did you install your intermediates properly? While some browsers will try to fill in any gaps in the certificate chain, you don’t want to leave things to chance. Make sure that you successfully install all intermediate certificate at the time you install your SSL Certificate.





· Is your server configured properly? Just because you have installed your SSL Certificate and any accompanying intermediated doesn’t mean you have configures your server properly. Is your server configured properly? Just because you have installed your SSL Certificate and any accompanying intermediated doesn’t mean you have configures your server properly.





About Us: -











