Join Sean Colins for an in-depth discussion in this video Certificates that chain to the root, part of Understanding Secure Sockets Layer.
- Now, we've mentioned in previous movies that the certificate chain is important here, because there's a trust chain that's established. The trust of the root level certificate is, of course, there and is installed in your base system whenever you get it, it's just there. But the other certificates are transferred around on the Internet, and they need to to chain through to that root certificate in order to be trusted, so I'm going to download a certificate from a domain that I own in order to show you what this process looks like.
I've already logged into the certificate provider, and I'm going to click on a download button here in order to download them. Whatever I do, it asks me what type of server I'm on. I happen to be on a Mac OS X system so I'm just going to download that. I'm going to click the Downlad button right here. It downloads into my downloads area. And here you can see in my downloads folder I've got two .crt files, one is the certificate itself and the other one says intermediate in it. That's an intermediate certificate that's automatically downloaded for me and it's because it has to chain to the root.
In order to show that off, I wanted to just show you briefly here in our Keychain Access. It's got a really great way to visually sort of understand what's happening here. Opening Keychain Access, and I'm going to the Certificate Assistant, and I'm going to Evaluate A Certificate, this is a great feature here. I'm just going to minimize that window. And I'm going to Generic, just Certificate Chain Validation Only, and click Continue. And you can see here I can specify the certificates that are being viewed and evaluated. So I'm just going to go in here, select the certificate, open it, and it tells me right here, that was signed by an unknown authority.
It knows it was issued by this company, but it doesn't chain through yet, so it's basically saying uh-uh, no, not trusted, that's my evaluation, sorry. But if I add in the intermediate cert, as soon as I do, it sees that the certificate is valid, and that's because it chains through here to the intermediate, which I just installed, and the system root, which was already there, all right? So that's how you can see very clearly the downloadable trusted public certificate being chained through to a publicly available system root.
- SSL communications
- Certificate authorities
- Public key infrastructures
- Symmetric and asymmetric key pairs
- Cryptographic hash functions
- Encryption algorithms
Start now, and by the end of this course you'll have the knowledge to create SSL certificates, as well as revoke and renew them, from the command line.