Cyrptography - Certificate chain

1 - About

A certificate can have been issued (signed) by another CA creating a chain (or path). See certificate chain

There are several types of certificate:

  • root certificate. The root of the tree. (All root CA certificates are self signed)
  • intermediate certificate. The beginning of a branch of the tree (signed by the root)
  • the certificate. The leaf of the tree signed by the intermediate.

3 - Management

3.1 - See

  • from the chrome dev tool (F12) > security.

  • Direct issuer (first level)

openssl x509 -noout -subject -issuer -in file.pem


subject= /CN=server01.bytle.net
issuer= /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3

3.2 - Length


keytool -list -v -storetype jks -keystore truststore.jks -storepass changeit


...
Certificate chain length: 1
...

3.3 - Show remotely

The shows the chain from the root to the leaf

Example:


openssl s_client -connect gerardnico.com:443 -servername gerardnico.com -showcerts -prexit

  • Certificate chain verification

Loading 'screen' into random state - done
CONNECTED(000001A4)
depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
verify return:1
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO ECC Certification Authority
verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO ECC Domain Validation Secure Server CA 2
verify return:1
depth=0 OU = Domain Control Validated, OU = PositiveSSL Multi-Domain, CN = sni137003.cloudflaressl.com
verify return:1

3.4 - Check / verify


Data Science
Data Analysis
Statistics
Data Science
Linear Algebra Mathematics
Trigonometry

Powered by ComboStrap