How mutual trust is established using a chain of public key certificates?
The mutual authentication process involves the following certificates: Root CA certificate. 509 standard, defining the format of public key certificates. In IoT products, clients upload a root CA certificate or a certificate chain to verify that the certificates that client devices send to edge servers can be trusted.
How is trust determined in PKI?
PKI is a framework for creating a secure method for exchanging information based on public key cryptography. To establish trust in the binding between an end- entity’s public key and other information (e.g. name) in a certificate, the CA digitally signs the certificate information using its signing private key.
What is the purpose of chain of trust?
In computer security, a chain of trust is established by validating each component of hardware and software from the end entity up to the root certificate. It is intended to ensure that only trusted software and hardware can be used while still retaining flexibility.
How to create a trusted client CA certificate chain?
An existing client certificate is required to generate the trusted client CA certificate chain. Trusted client CA certificate is required to allow client authentication on Application Gateway.
Which is part of the SSL certificate chain?
In a typical scenario, SSL certificate that is issued to a server from a CA is a bundle or a chain of certificates (chain of trust) with Root CA certificate, intermediate certificates and a Leaf Certificate. Intermediate certificates belong to any intermediate CAs who are involved in issuance of the certificate.
Which is the root in a certificate chain?
A certificate chain or certificate CA bundle is a sequence of certificates, where each certificate in the chain is signed by the subsequent certificate. The Root CA is the top level of certificate chain while intermediate CAs or Sub CAs are Certificate Authorities that issue off an intermediate root.
How to create certificate chain with OpenSSL create certificate bundle?
To openssl create certificate chain (certificate bundle), concatenate the intermediate and root certificates together. In the below example I have combined my Root and Intermediate CA certificates to openssl create certificate chain in Linux. We will use this file later to verify certificates signed by the intermediate CA.