Certificate Chain

The ordered sequence of certificates from a server's leaf certificate up through one or more intermediate CAs to a trusted root, used by clients to verify trust.

A certificate chain is the path from a server's leaf certificate to a root CA the client already trusts, usually through one or two intermediate CA certificates in between. The server is responsible for sending the leaf plus all intermediates during the TLS handshake; only the root must already be in the client's trust store. A missing or wrong intermediate is a classic deployment bug: it works in Chrome (which can fetch intermediates via AIA) but breaks in older clients, curl, and many SDKs. Tools like SSL Labs and `openssl s_client -showcerts` expose exactly which certs the server hands over.

Reference

MDN: How HTTPS works

Related terms

Certificate Authority
SSL/TLS Certificate
TLS Handshake

Referenced on

Free DNS & Network Tools
HTTP Header Checker
SMTP Diagnostics
SSL/TLS Error Codes Reference and Fixes

Back to the full glossary

Reference

Related terms

See also

Referenced on