24 be verified by getting the CA's public signing key. In turn the CA's certificate |
24 be verified by getting the CA's public signing key. In turn the CA's certificate |
25 might require verifying in which case the process is repeated until the process |
25 might require verifying in which case the process is repeated until the process |
26 bottoms out when an entity which is already trusted is reached; that entity |
26 bottoms out when an entity which is already trusted is reached; that entity |
27 is usually self signed. This process is illustrated in the figure below: </p> <fig id="GUID-A0956B2A-B12F-58E1-9172-C1EDBBE593CE"> |
27 is usually self signed. This process is illustrated in the figure below: </p> <fig id="GUID-A0956B2A-B12F-58E1-9172-C1EDBBE593CE"> |
28 <title> Certificate chain </title> |
28 <title> Certificate chain </title> |
29 <image href="GUID-EA5E9A07-587C-5E64-A157-1077AD9E56ED_d0e638347_href.png" placement="inline"/> |
29 <image href="GUID-EA5E9A07-587C-5E64-A157-1077AD9E56ED_d0e631967_href.png" placement="inline"/> |
30 </fig> <p>The set of certificates from an EE up to a trusted root CA certificate |
30 </fig> <p>The set of certificates from an EE up to a trusted root CA certificate |
31 is called a <keyword>certificate chain</keyword>. Once a certificate chain |
31 is called a <keyword>certificate chain</keyword>. Once a certificate chain |
32 has been constructed ,the EE's key pair at the start can be validated. </p> </section> |
32 has been constructed ,the EE's key pair at the start can be validated. </p> </section> |
33 <section><title> Input to Certificate Validation</title> <p id="GUID-21CE5C18-856E-57B6-A5B6-3C1104EB8151"><b> End |
33 <section><title> Input to Certificate Validation</title> <p id="GUID-21CE5C18-856E-57B6-A5B6-3C1104EB8151"><b> End |
34 Entity & Intermediate Certificates</b> </p> <p>A set of certificates, |
34 Entity & Intermediate Certificates</b> </p> <p>A set of certificates, |