Trusted Certificate Authorities

Hi Andrew,

May need some more context on this question.

When you ask what exactly is being checked in a PKI certificate to validate it: It's taking the signature (encrypted hash) from the server certificate and decrypt that using the public-key of the signer. Then, comparing this value against the result of calculating your own hash of the server certificate.

The "Trusted Certificate Authorities" point to the valid signing chains for the certificate you expect to see from your server.

But probably you mean something else with your question, please abbreviatie.

Hi Erwin

thanks for your quick reply

Do you know the parameters that are checked in the valid signing chain when you have a root cert in the Trusted Certificate Authorities eg date, CN

Andy

In PKI the attributes that are used to built the CA chain are:

Preferred method implemented most of the time: AKI/SKI attributes. Authority Key Identifier of the certificate points to the Subject Key Identifier of it's signer -- public key hash values.

Alternative method:: Subject/Issuer attributes. Issuer of the certificate points to the Subject of it's signer -- named values.

Furthermore, validity of a certificate is always checked based on the "valid to" (datetime attribute) and CRL/OCSP checks.