I've learned that SSL certificates can be chained, and the browser will use the issuer's public key to verify the issuer's signature. I have read this article, which has a very helpful diagram, but it doesn't answer my specific question. SSL Certificate framework 101: How does the browser actually verify the validity of a given server certificate?
In the case of a 5-level certificate chain, does the browser:
- Get the first 4 certificates in a single request to the original website?
- Is it 4 separate files, or 1 file containing all 4 certificates?
- Or get one certificate at a time after processing each one (4 separate requests)?
- If every issuer is from a different domain, does the browser get the certificates from 4 different domains, or just from the original website?
- Or some other method?
Aucun commentaire:
Enregistrer un commentaire