A.05.70 HP Insight Remote Support Advanced and Remote Device Access Security Overview (October 2011, 5900-1735)
the issuer’s certificate is found and it verifies the server certificate’s signature, the verification process
continues.
4. The issuer’s certificate must now be verified. There are two ways this can go:
a. If the issuer’s certificate is a CA root certificate, the client must have a copy of it for verification.
The client cannot rely on a root certificate that was sent along with a server certificate.
b. If the issuer’s certificate is not a CA root certificate, the client can use either the issuer’s certificate
sent from the server or one stored locally.
5. The issuer’s certificate is checked just as the server’s certificate is checked in steps 1, 2, and 3. Failure
in any of these steps causes verification failure.
6. The recursive process of steps 4 and 5 (and hence, 1, 2, and 3) are repeated until the CA root certificate
is encountered.
In practice, most server certificates are no more than three levels deep. For example, services.isee.hp.com
has the following certificate chain:
VeriSign Class 3 Public Primary CA
VeriSign Class 2 Secure Server CA - G2
services.isee.hp.com (g1w3054g.austin.hp.com)
Figure A-1 Insight Remote Support (example)
Figure A-2 Remote Support Software Management (RSSWM)
50 X.509 Certificates and Insight Remote Support Advanced