An SSL certificate chain, also known as a certificate chain or certificate hierarchy, refers to the series of SSL certificates that are used to establish the authenticity and trustworthiness of a website's SSL certificate.
When a web browser connects to a website secured with SSL/TLS, it receives the server's SSL certificate. The browser then checks the validity of the certificate by verifying the digital signature using the public key of the root certificate authority. If the root certificate authority is trusted and the signature is valid, the browser proceeds to check the entire certificate chain, ensuring that each certificate is valid and properly signed by the next certificate in the chain until it reaches the end entity certificate. This process helps to establish a secure and encrypted connection between the browser and the website.
An SSL Certificate chain is made of three components;
The end entity certificate, also known as the SSL certificate or server certificate, is the certificate issued to the specific domain or server for which SSL encryption is being used. It contains information such as the domain name, organization name, public key, expiration date, and digital signature.
Intermediate certificates are issued by a trusted root certificate authority (CA) and are used to bridge the gap between the end entity certificate and the root certificate. These certificates are often used by certificate authorities to create a hierarchical structure, where the root certificate is kept offline for security purposes, and intermediate certificates are used for issuing end entity certificates. Intermediate certificates help to establish a chain of trust between the end entity certificate and the root certificate.
The root certificate authority is the top-level certificate in the SSL certificate hierarchy. Root certificates are self-signed certificates issued by trusted certificate authorities. They are used to establish trust in intermediate certificates and ultimately in the end entity certificates. Root certificates are pre-installed in web browsers and operating systems to provide a foundation of trust for SSL/TLS connections.