Certificate Authorities & Trust Chains
Learn root CAs, intermediate CAs, and how browsers verify certs.
Welcome
Certificate Authorities are the trust anchors of the internet. In this lesson we trace how root CAs, intermediate CAs, and leaf certificates form a chain of trust.
Root CA
A root CA is self-signed: Issuer == Subject. Root CA private keys are kept offline in HSMs in multiple secure facilities. There are ~150 root CAs trusted by major browsers.
All lessons in this course
- What Is a Certificate? X.509 Structure
- Certificate Authorities & Trust Chains
- Certificate Revocation: CRL & OCSP
- Creating Self-Signed Certs with OpenSSL