The Chain of Trust refers to your SSL certificate and how it is linked back to a trusted Certificate Authority. In order for an SSL certificate to be trusted it has to be traceable back to the trust root it was signed off of, meaning all certificates in the chain – server, intermediate, and root, need to be properly trusted.
There are 3 parts to the chain of trust:
Root Certificate – A root certificate is a digital certificate that belongs to the issuing Certificate Authority. It comes pre-downloaded in most browsers and is stored in what is called a “trust store.” The root certificates are closely guarded by the Certificate Authorities.
Intermediate Certificate – Intermediate certificates branch off of root certificates like branches off of trees. They act as middle-men between the protected root certificates and the server certificates issued out to the public. There will always be at least one intermediate certificate in a chain, but there can be more than one.
Server Certificate – The server certificate is the one issued to the specific domain.
How does the Chain of Trust work?
When you install your SSL certificate, you’ll also be sent an intermediate root certificate or bundle. When a browser downloads your website’s SSL certificate upon arriving at your homepage, it begins chaining that certificate back to its root. It will begin by following the chain to the intermediate that has been installed, from there it continues to tracing backwards until it arrives at a trusted root certificate. If the certificate is valid and can be chained back to a trusted root, it will be trusted. If it can’t be chained back to a trusted root, the browser will issue a warning about the certificate.