← All posts
5 min read

Certificates and Trust Chains: Connecting Public Keys to Identities

#technology#security#certificates#pki
📑 On this page

Public-key cryptography can verify that a party controls a private key. A browser still needs to know whether that key belongs to the website the user requested.

A digital certificate binds identity information to a public key through a trusted issuer's signature.

Browsers validate a chain of signatures to a trusted root and also check names, dates, intended use, and other constraints.

A concrete example: shop.example.com

The server presents a certificate containing approved names including shop.example.com, its public-key information, validity dates, and the issuer's signature.

The browser:

  1. checks the requested hostname,
  2. verifies certificate signatures through intermediates,
  3. reaches a trusted root,
  4. checks validity and usage,
  5. and confirms the server possesses the corresponding private key during TLS.

Certificate contents

An X.509 certificate commonly includes:

  • subject information,
  • subject public key,
  • issuer,
  • serial number,
  • validity period,
  • signature algorithm,
  • permitted key uses,
  • and extensions such as subject alternative names.

The certificate is a signed data structure, not the private key itself.

Certificate authorities

A certificate authority, or CA, verifies according to policy and signs certificates.

For public web certificates, domain validation demonstrates control of a domain through mechanisms such as DNS or an HTTP challenge. It does not certify that the website's business claims are honest.

Organizations can also operate private CAs for internal identities.

Root certificates

Root CAs are trust anchors distributed in operating systems, browsers, applications, or enterprise stores.

A root is typically self-signed; trust comes from its controlled inclusion in the store, not from its self-signature. Root programs impose policy and audit requirements because a trusted root can affect many users.

Intermediate certificates

Root keys are highly sensitive and often kept offline. Roots sign intermediate CA certificates, and intermediates issue end-entity certificates.

This creates operational separation and limits some compromise. Servers should present the required intermediate certificates so clients can build the chain.

Chain validation

Validation checks each signature and constraint from the leaf certificate through intermediates to a trusted root.

The client also evaluates:

  • basic constraints,
  • path length,
  • key usage,
  • name constraints,
  • algorithm strength,
  • and policy where applicable.

A mathematically valid signature is insufficient if an intermediate was not authorized to issue that certificate type.

Hostname validation

For HTTPS, the requested hostname must match an allowed name in the certificate, usually a subject alternative name.

A certificate for example.com does not automatically authorize every unrelated name. Wildcards have defined matching rules and should be used carefully.

Skipping hostname validation permits interception with any otherwise trusted certificate.

Validity periods

Certificates have not-before and not-after times.

Shorter lifetimes reduce the period of exposure from certain failures and encourage automation. They also make reliable renewal essential. Monitor expiration and test deployment before the old certificate ends.

Correct system time is important for validation.

Revocation

A certificate may need invalidation before expiry because of private-key compromise, incorrect issuance, or changed authorization.

Revocation mechanisms include certificate revocation lists and online status protocols. They face availability, privacy, freshness, and client-behavior tradeoffs.

Short-lived certificates and rapid replacement complement revocation rather than eliminating incident response.

Certificate transparency

Public certificate transparency logs record issued web certificates in auditable append-only systems.

Domain owners can monitor logs for unexpected issuance. Transparency improves detection and accountability; it does not prevent every mis-issuance before use.

Automated issuance

Protocols such as ACME automate domain validation, issuance, and renewal.

Automation reduces manual expiration failures, but credentials and DNS or infrastructure permissions used for validation become valuable assets. Scope and monitor them carefully.

Private-key protection

The certificate may be public; the matching private key must be protected.

Use restricted access, managed secret or key systems, hardware where warranted, rotation, audit logs, and incident procedures. Avoid copying one key across many unrelated servers if separate keys reduce blast radius.

Mutual TLS

TLS can authenticate clients with certificates as well as servers.

Mutual TLS is useful for service-to-service identity in some environments, but it requires lifecycle management for client issuance, renewal, revocation, authorization mapping, and lost devices. Certificate identity does not by itself decide application permissions.

Common failures

Failures include:

  • expired certificates,
  • missing intermediates,
  • hostname mismatch,
  • trusted but wrong private key,
  • disabled validation,
  • obsolete algorithms,
  • excessive CA permissions,
  • and renewal automation that was never tested.

Monitor from the perspective of real clients, not only the issuing server.

A certificate does not grant application access

A certificate can authenticate a domain, device, workload, or person according to an issuance process. The application must still map that identity to current authorization.

For example, a valid employee client certificate may prove control of an issued key, but the employee could have changed roles or lost permission to a payroll service. Check live policy after certificate authentication.

Likewise, HTTPS proves that the connection reached a server authorized for the requested name under the browser's trust model. It does not prove that the site's products are genuine, its statements are accurate, or a user should disclose information there. Cryptographic identity is one input to trust, not a universal endorsement.

Knowledge check

  1. What does a certificate bind together?
  2. Why is a root trusted if it is self-signed?
  3. What role do intermediate CAs play?
  4. Which checks occur beyond signature validation?
  5. How do short lifetimes and revocation complement each other?

The one idea to remember

Certificates scale public-key trust by linking names and keys through signed chains to controlled trust anchors. Assurance depends on correct issuance, hostname and constraint validation, private-key custody, renewal, revocation, transparency, and client behavior.