The certificate chain, also called certification path, is a sequence of hierarchically connected certificates that is used to authenticate an entity, i.e. a person or a company, to the client. At the beginning of the chain is the certificate of the person or company. Each certificate in the chain is signed by the entity identified by the subsequent certificate in the chain. At the end there is a root CA certificate as the highest trustworthy instance, which has been signed by the trustworthy institution (CA) itself (self-sign).

The parts of the chain

Private key

The "Private Key" is part of the encryption process of an SSL connection. It is only known to the owner. It is generated automatically when the CSR key is generated. The private key is stored on the Websever. The certificate cannot be used without the appropriate private key on the server.

CSR (certificate signing request)

A CSR (Certificate Signing Request), also known as a CSR key, is required by the respective Certificate Authority (CA) to create an SSL certificate. It is an encrypted body of text that is created on the server on which the SSL Certificate is later to be installed. It consists of encrypted information that, for example, describes the certificate issuer, the domain name (common name) and the company that operates the website in more detail. It also contains the public key.

Certificate

A certificate is issued by a trusted institution (CA) and is intended to confirm the authenticity of a person or company.

Intermediate certificate

An intermediate certificate is a certificate that has been signed and authenticated by the root certificate. If an SSL certificate is signed by an intermediate certificate, the intermediate certificate must be installed on the website server in order to establish the connection between the SSL certificate and the root certificate.

Root certificate

A root certificate was signed by the trusted institution (CA) itself (self-sign). It serves to validate the validity of all certificates issued by the certification authority.