User`s guide
XSR User’s Guide 237
Chapter 11 Describing Public-Key Infrastructure (PKI)
Configuring the Virtual Private Network
Figure 41 Certificate Chain Example
A certificate chain traces a path of certificates from a branch in the hierarchy
to the root of the hierarchy. In a certificate chain, the following occurs:
Each certificate is followed by the certificate of its issuer.
Each certificate contains the name of that certificate's issuer, which is
the same as the subject name of the next certificate in the chain.
In Figure 41, the Admin CA certificate contains the name of the CA
(that is, US CA), that issued that certificate. USA CA's name is also
the subject name of the next certificate in the chain.
Each certificate is signed with the private key of its issuer. The
signature can be verified with the public key in the issuer's certificate,
which is the next certificate in the chain.
In Figure 41, the public key in the certificate for the U.S. CA can verify
the U.S. CA's digital signature on the certificate for the Admin CA.
Marketing CA
Root CA
U.S. CA
Europe CA
Sales CA
Admin CA
Asia CA
Program
verifying the
certificate
Certificate
issued by
CA certificate
signed by self
CA certificate
signed by
Root CA
CA certificate
signed by
Trusted authority
Admin CA
U.S. CA
Intermediate authority
Intermediate authority