Red Hat CERTIFICATE SYSTEM 8 - DEPLOYMENT Deployment Manual page 28

Chapter 1. Introduction to Public-Key Cryptography
the root CA, based on the CA hierarchy shown in
Authorities".
Figure 1.7. Example of a Certificate Chain
A certificate chain traces a path of certificates from a branch in the hierarchy to the root of the
hierarchy. In a certificate chain, the following occur:
• Each certificate is followed by the certificate of its issuer.
• Each certificate contains the name (DN) of that certificate's issuer, which is the same as the subject
name of the next certificate in the chain.
Figure 1.7, "Example of a Certificate
In
of the CA, USA CA, that issued that certificate. USA CA's DN is also the subject name of the next
certificate in the chain.
• Each certificate is signed with the private key of its issuer. The signature can be verified with the
public key in the issuer's certificate, which is the next certificate in the chain.
Figure 1.7, "Example of a Certificate
In
be used to verify the USA CA's digital signature on the certificate for the Engineering CA.
1.3.5.3. Verifying a Certificate Chain
Certificate chain verification makes sure a given certificate chain is well-formed, valid, properly signed,
and trustworthy. The following procedure is used to form and verify a certificate chain, starting with the
certificate being presented for authentication:
18
Figure 1.6, "Example of a Hierarchy of Certificate
Chain", the Engineering CA certificate contains the DN
Chain", the public key in the certificate for the USA CA can