PKI Tutorials - Herong's Tutorial Examples - Version 2.03, by Dr. Herong Yang
Viewing Server Certificate Path in Chrome 40
This section provides a tutorial example on how to view server certificate path when visiting a 'https' Web site in Chrome 40. The top certificate in a certificate path is the root CA certificate, which is trusted by browser settings.
When a browser validates a server certificate, it will try to build a certificate path - an ordered list of certificates that satisfy these conditions:
Here is what I did to see the certificate path for https://login.yahoo.com Web site on Chrome 40.
1. Run Chrome 40 and go to https://login.yahoo.com and wait for the log in page to be displayed.
2. Click the lock icon at the left side of the URL address area. The page security dialog box shows up.
3. Click the "Connection" tab. The connection security information is displayed.
4. Click the "Certificate information" link. The Certificate dialog box shows up.
5. Click the "Certificate Path" tab. A certificate path with 3 certificates shows up in the Certificate Path section:
VeriSign Class 3 Public Primary Certification Authority - G5 |- VeriSign Class 3 Secure Server CA - G3 |- *.login.yahoo.com
6. Click on "VeriSign Class 3 Public Primary Certification Authority - G5" in the path to see more information about the root CA certificate.
7. Click on "VeriSign Class 3 Secure Server CA - G3" in the path, to see more information about the intermediate CA certificate.
What do you think about this certificate path? Should we trust login.yahoo.com now? I think this is a valid certificate path and we should trust *.login.yahoo.com, because:
The picture below shows you the certificate path view of a server certificate:
Last update: 2015.
Table of Contents