Certificate Chain
The sequence of certificates from end-entity to trusted root
A Certificate Chain, also known as a chain of trust, is the sequence of certificates that links an end-entity (server) certificate to a trusted root certificate in a browser's trust store. The chain typically consists of three levels: the end-entity certificate (installed on the server), one or more intermediate certificates (issued by the CA), and the root certificate (embedded in browsers and operating systems). Each certificate in the chain is digitally signed by the certificate above it, creating a verifiable path of trust.
The root certificate is self-signed and must be explicitly trusted by browsers. Intermediate certificates are used to protect the root certificate's private key - if an intermediate is compromised, it can be revoked without affecting the trusted root. During SSL handshake, the server presents its certificate along with the necessary intermediate certificates to help the browser build the complete chain to a trusted root.
Proper chain configuration is crucial for SSL validation - missing intermediate certificates can cause trust errors even if the end-entity certificate is valid.
Where You'll See This Term
This term commonly appears in:
- SSL certificate details pages
- Certificate Authority validation processes
- SSL configuration documentation
- Security audit reports
- Certificate management interfaces