What is the SSL Certificate Chain? (2024)

Table of Contents
Example of an SSL Certificate chain Frequently Asked Questions

There are two types of certificate authorities (CAs): root CAs and intermediate CAs. For an SSL certificate to be trusted, that certificate must have been issued by a CA that’s included in the trusted store of the device that’s connecting.

If the certificate wasn’t issued by a trusted CA, the connecting device (eg. a web browser) checks to see if the certificate of the issuing CA was issued by a trusted CA. It continues checking until either a trusted CA is found (at which point a trusted, secure connection will be established), or no trusted CA can be found (at which point the device will usually display an error).

The list of SSL certificates, from the root certificate to the end-user certificate, represents the SSL certificate chain.

What is the SSL Certificate Chain? (1)

Example of an SSL Certificate chain

As an example, suppose you purchase a certificate from the Awesome Authority for the domain example.awesome.

See Also
What Are the Types of SSL? We Are Global SignWhat Is a Professional Certification? | BestCollegesInstantSSL Official Site | Difference Multi-Domain, UCC and Wildcard SSL CertificatesWhat’s the difference between DV, OV & EV SSL certificates?

Awesome Authority isn’t a root certificate authority. Its certificate isn’t directly embedded in your web browser, so it can’t be explicitly trusted.

  • Awesome Authority utilizes a certificate issued by Intermediate Awesome CA Alpha.
  • Intermediate Awesome CA Alpha utilizes a certificate issued by Intermediate Awesome CA Beta.
  • Intermediate Awesome CA Beta utilizes a certificate issued by Intermediate Awesome CA Gamma.
  • Intermediate Awesome CA Gamma utilizes a certificate issued by The King of Awesomeness.
  • The King of Awesomeness is a Root CA. Its certificate is directly embedded in your web browser, therefore it can be explicitly trusted.

In our example, the SSL certificate chain is represented by 6 certificates:

  1. End-user Certificate - Issued to: example.awesome; Issued By: Awesome Authority
  2. Intermediate Certificate 1 - Issued to: Awesome Authority; Issued By: Intermediate Awesome CA Alpha
  3. Intermediate Certificate 2 - Issued to: Intermediate Awesome CA Alpha; Issued By: Intermediate Awesome CA Beta
  4. Intermediate Certificate 3 - Issued to: Intermediate Awesome CA Beta; Issued By: Intermediate Awesome CA Gamma
  5. Intermediate Certificate 4 - Issued to: Intermediate Awesome CA Gamma; Issued By: The King of Awesomeness
  6. Root certificate - Issued by and to: The King of Awesomeness

Certificate 1, the one you purchase from the CA, is your end-user certificate. Certificates 2 to 5 are intermediate certificates. Certificate 6, the one at the top of the chain (or at the end, depending on how you read the chain), is the root certificate.

When you install your end-user certificate for example.awesome, you must bundle all the intermediate certificates and install them along with your end-user certificate. If the SSL certificate chain is invalid or broken, your certificate won’t be trusted by some devices.

Frequently Asked Questions

  1. Do I have to install the Root certificate on my server?

    No. The root certificate is usually embedded in your connected device. In the case of web browsers, root certificates are packaged with the browser software.

  2. How do I install the Intermediate SSL certificates?

    The procedure to install the Intermediate SSL certificates depends on the web server and the environment where you install the certificate.

    For instance, Apache requires you to bundle the intermediate SSL certificates and assign the location of the bundle to the SSLCertificateChainFile configuration. However, NGINX requires you to package the intermediate SSL certificates in a single bundle with the end-user certificate.

    We provide a certificate installation wizard which contains installation instructions for several servers and platforms. If you purchase a certificate with us you can use this wizard to obtain and install the files you need for your server.

    If your server isn’t on the wizard, you can still obtain the proper files through it, then follow your web server’s documentation to determine how to properly install your domain certificate and intermediate certificates.

  3. What happens if I don’t install an Intermediate SSL certificate?

    If you don’t install one or more intermediate SSL certificate, you break the certificate chain. That means you create a gap between a specific (end-user or intermediate) certificate and its issuer. When a device can’t find a trusted issuer for a certificate, the certificate and the entire chain, from the intermediate certificate down to the final cerficate, can’t be trusted.

    As a result, your final certificate won’t be trusted. Web browsers will display an “Invalid certificate” or “certificate not trusted” error.

  4. How can I shorten the SSL certificate chain in my browser?

    This isn’t possible. The only way to shorten a chain is to promote an intermediate certificate to root. Ideally, you should promote the certificate that represents your Certificate Authority – that way the chain will consist of just two certificates.

    Root certificates are packaged with the browser software. The list can only be altered by the browser maintainers.

See Also
What is an Extended Validation (EV) SSL Certificate?
What is the SSL Certificate Chain? (2024)
Top Articles
Understanding Fees on Magic Eden: A Comprehensive Guide to Maker and Taker Fees | Magic Eden Help Center
Smart FAQ | Augmented Help Centre | Smart Tribune
Tattoo Shops Lansing Il
Ffxiv Palm Chippings
The Atlanta Constitution from Atlanta, Georgia
Dollywood's Smoky Mountain Christmas - Pigeon Forge, TN
What are Dietary Reference Intakes?
Watch Mashle 2nd Season Anime Free on Gogoanime
Costco The Dalles Or
Palace Pizza Joplin
41 annonces BMW Z3 occasion - ParuVendu.fr
biBERK Business Insurance Provides Essential Insights on Liquor Store Risk Management and Insurance Considerations
Jcpenney At Home Associate Kiosk
Santa Clara Valley Medical Center Medical Records
A Guide to Common New England Home Styles
Nene25 Sports
Craigslist Farm And Garden Tallahassee Florida
Bing Chilling Words Romanized
Zack Fairhurst Snapchat
Accident On 215
Allybearloves
Ford F-350 Models Trim Levels and Packages
When His Eyes Opened Chapter 3123
Craigslist Northern Minnesota
Santa Barbara Craigs List
Martins Point Patient Portal
Craig Woolard Net Worth
Used Safari Condo Alto R1723 For Sale
Missing 2023 Showtimes Near Grand Theatres - Bismarck
Chadrad Swap Shop
Rvtrader Com Florida
Netherforged Lavaproof Boots
Craigslist Org Sf
All Things Algebra Unit 3 Homework 2 Answer Key
Heavenly Delusion Gif
Wsbtv Fish And Game Report
Myfxbook Historical Data
Finland’s Satanic Warmaster’s Werwolf Discusses His Projects
Immobiliare di Felice| Appartamento | Appartamento in vendita Porto San
Best GoMovies Alternatives
Craigslist Farm And Garden Reading Pa
Gotrax Scooter Error Code E2
What to Do at The 2024 Charlotte International Arts Festival | Queen City Nerve
Denise Monello Obituary
20 Mr. Miyagi Inspirational Quotes For Wisdom
San Diego Padres Box Scores
The Plug Las Vegas Dispensary
Nfl Espn Expert Picks 2023
The Significance Of The Haitian Revolution Was That It Weegy
How Did Natalie Earnheart Lose Weight
Worlds Hardest Game Tyrone
Latest Posts
GCash and 7-Eleven: How to cash-in, fees, FAQs | NoypiGeeks
Magellan Midstream Partners, L.P.
Article information

Author: Manual Maggio

Last Updated:

Views: 5728

Rating: 4.9 / 5 (49 voted)

Reviews: 80% of readers found this page helpful

Author information

Name: Manual Maggio

Birthday: 1998-01-20

Address: 359 Kelvin Stream, Lake Eldonview, MT 33517-1242

Phone: +577037762465

Job: Product Hospitality Supervisor

Hobby: Gardening, Web surfing, Video gaming, Amateur radio, Flag Football, Reading, Table tennis

Introduction: My name is Manual Maggio, I am a thankful, tender, adventurous, delightful, fantastic, proud, graceful person who loves writing and wants to share my knowledge and understanding with you.