There are several types of certificate:
- intermediate certificate. The beginning of a branch of the tree (signed by the root)
- the certificate. The leaf of the tree signed by the intermediate.
- from the chrome dev tool (F12) > security.
- Direct issuer (first level)
openssl x509 -noout -subject -issuer -in file.pem
subject= /CN=server01.bytle.net issuer= /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
- with Cryptography - Keytool (Key and Certificate Management Tool) and the -v option
keytool -list -v -storetype jks -keystore truststore.jks -storepass changeit
... Certificate chain length: 1 ...
The shows the chain from the root to the leaf
openssl s_client -connect gerardnico.com:443 -servername gerardnico.com -showcerts -prexit
- Certificate chain verification
Loading 'screen' into random state - done CONNECTED(000001A4) depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root verify return:1 depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO ECC Certification Authority verify return:1 depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO ECC Domain Validation Secure Server CA 2 verify return:1 depth=0 OU = Domain Control Validated, OU = PositiveSSL Multi-Domain, CN = sni137003.cloudflaressl.com verify return:1