∟Viewing Server Certificate Path with Chrome on Android Phone
This section provides a tutorial example on how to view server certificate path when visiting a 'https' Website with Chrome on Android phone. The top certificate in a certificate path is the root CA certificate, which is trusted by browser settings.
When a browser validates a server certificate, it will try to build a certificate path
- an ordered list of certificates that satisfy these conditions:
The first certificate must a CA (Certificate Authority) certificate that is trusted by the browser.
The subject of each certificate, except for the last, must be the issuer of the next certificate.
The last certificate is the server certificate to be validated.
Here is what I did to see the certificate path for https://m.facebook.com Website with Chrome
on Android phone.
1. Run Chrome on your Android phone
and go to https://m.facebook.com and wait for the log in page to be displayed.
2. Tap the lock icon at the left side of the URL address area.
The connection information is displayed.
3. Tap on "Details" link.
Connection details are displayed.
4. Tap on "Certificate information" link.
The Website server certificate is displayed.
5. Tap on the dropdown arrow next to "*.facebook.com".
The certificate path is displayed.
DigiCert SHA2 High Assurance Server CA
DigiCert High Assurance EV Root CA
6. Tap on "DigiCert High Assurance EV Root CA" in the path
to see more information about the root CA certificate.
7. Tap on "DigiCert SHA2 High Assurance Server CA" in the path,
to see more information about the intermediate CA certificate.
What do you think about this certificate path?
Should we trust login.yahoo.com now?
I think this is a valid certificate path and we should trust *.login.yahoo.com,
The root CA certificate "DigiCert High Assurance EV Root CA"
can be trusted because it was pre-installed in Chrome as a trusted certificate.
The intermediate CA certificate "DigiCert SHA2 High Assurance Server CA"
can be trusted because it was issued by a trusted root CA.
The *.login.yahoo.com certificate "*.facebook.com"
can be trusted because it was issued by a trusted intermediate CA.
The picture below shows you the certificate path view of a server certificate: