Are the public keys of root certificate and intermediate certificate contained in an SSL certificate?

Question

I read this, but it doesn't say if the public keys of the root and intermediaries are inside.

Neardupe https://security.stackexchange.com/questions/56389/ssl-certificate-framework-101-how-does-the-browser-actually-verify-the-validity and see https://en.wikipedia.org/wiki/File:Chain_Of_Trust.svg — dave_thompson_085, Jun 16 '23 at 00:56

score 1 · Accepted Answer · answered Jun 15 '23 at 13:42

No, an X.509 certificate does not contain other public keys. And the keys alone wouldn't be very useful, anyway. In order for a client to verify a certificate, it needs the complete certificates of all intermediate CAs, not just the public keys. So web servers typically provide an entire chain of certificates.

The certificate of the root CA is not provided, because it must already be in the client's trust store as a trust anchor.

Are the public keys of root certificate and intermediate certificate contained in an SSL certificate?

1 Answers1