sertifikaattiketjut

Sertifikaattiketjut, known as certificate chains, are sequences of digital certificates that establish a trust path from a specific entity, such as a website or application, to a trusted root certificate authority (CA). Each certificate in the chain is issued by the one that follows it, creating a hierarchical relationship. The chain typically begins with the leaf certificate, which belongs to the entity being authenticated. Above this, one or more intermediate certificates are included. These intermediates bridge the gap between the leaf certificate and the root CA, allowing the root to sign many certificates without exposing its private key. The topmost certificate is the root certificate, which is self‑signed and distributed widely in trusted root stores of operating systems and browsers.

When a client receives a certificate chain, it verifies each link by checking the digital signature of