Professional Documents
Culture Documents
Server Certificates
Personal Certificates
Organization Certificates
Developer Certificates
Public and Private Key pairs comprise of two uniquely related cryptographic
keys.
In Conclusion
The strength of Digital Certificates through X.509 lies, inter alia, in the
fact that they have been standardized by the ITU-T.
Certificate chains
Each certificate is signed with the private key of its issuer. The signature
can be verified with the public key in the issuer's certificate, which is the
next certificate in the certificate chain. In this figure, the public key in the
certificate for CA Three can be used to verify the CA Three's digital
signature on the certificate for CA Six.
The following procedure forms and verifies a certificate chain, beginning with the
certificate that is presented for authentication:
The issuer's certificate is located. The source can be the verifier's local certificate
database on that client or server, or the certificate chain that is provided by the subject.
The certificate signature is verified using the public key in the issuer's certificate.
The validity period for the certificate is verified against the current time provided by the
verifier's system clock.
If the issuer's certificate is trusted by the verifier, verification is successful and stops
here. Otherwise, the issuer's certificate is checked to ensure that it contains the
appropriate subordinate certificate authority (CA) and verification of the certificate chain
begins again with step 1 with the new certificate.
Figure 1 shows what occurs when only a root CA is included in the verifier's local
database.
If a certificate for one of the immediate CAs shown in Figure 1, such as CA Two, is found
in the verifier's local database, verification stops with that certificate as shown in Figure
2.