PKI Tutorials - Herong's Tutorial Examples - Version 2.04, by Dr. Herong Yang
Viewing Server Certificate Path in Firefox 35
This section provides a tutorial example on how to view certificate path when visiting a 'https' Web site in Firefox 35. The top certificate in a certificate path is the root CA certificate, which is trusted automatically.
When a browser validates a server certificate, it will try to build a certificate path - an ordered list of certificates that satisfy these conditions:
Here is what I did to see the certificate path for https://login.yahoo.com Web site on Firefox 35.
1. Visit https://login.yahoo.com with Firefox 35, and view the server certificate again.
2. Click the "Details" tab on the Certificate Viewer. A certificate path with 3 certificates shows up in the Certificate Hierarchy section:
VeriSign Class 3 Public Primary Certification Authority - G5 - The root CA certificate |- VeriSign Class 3 Secure Server CA - G3 - The intermediate CA certificate |- *.login.yahoo.com - The Web server certificate
3. Click on "VeriSign Class 3 Public Primary Certification Authority - G5" in the path. Then click on "Issuer" and other fields in the Certificate Fields section to see more about this root CA certificate:
Subject: VeriSign Class 3 Public Primary Certification Authority - G5 Issuer: VeriSign Class 3 Public Primary Certification Authority - G5 Validity - Not Before: 11/7/2006 - Not After: 7/16/2036
4. Click on "VeriSign Class 3 Secure Server CA - G3" in the path. Then click on "Issuer" and other fields in the Certificate Fields section to see more about this intermediate CA certificate:
Subject: VeriSign Class 3 Secure Server CA - G3 Issuer: VeriSign Class 3 Public Primary Certification Authority - G5 Validity - Not Before: 2/7/2010 - Not After: 2/7/2020
5. Click on "*.login.yahoo.com" in the path. Then click on "Issuer" and other fields in the Certificate Fields section to see more about this HTTPS Web server certificate:
Subject: *.login.yahoo.com Issuer: VeriSign Class 3 Secure Server CA - G3 Validity - Not Before: 4/7/2014 - Not After: 4/9/2015
What do you think about this certificate path? Should we trust login.yahoo.com now? I think this is a valid certificate path and we should trust login.yahoo.com, because:
The picture below shows an example of a certificate path:
Last update: 2015.
Table of Contents
Introduction of PKI (Public Key Infrastructure)
Introduction of HTTPS (Hypertext Transfer Protocol Secure)
Using HTTPS with IE (Internet Explorer) 10
Visiting "https" Web Site with Firefox 35
Viewing Server Certificate in Firefox 35
Server Certificate General Information
►Viewing Server Certificate Path in Firefox 35
Exporting Server Certificate to File in Firefox 35
Viewing Pre-Installed Certificates in Firefox 35
Listing of Trusted Root CA in Firefox 35
Exporting Certificate to File from Firefox 35
Deleting Root CA Certificates from Firefox 35
Firefox 35 Displaying Certificate Error Page
Adding Security Exception in Firefox 35
Failing to Import Root CA Certificates to Firefox 35
Certificate Trust Settings in Firefox 35
Perl Scripts Communicating with HTTPS Servers
PHP Scripts Communicating with HTTPS Servers
Java Programs Communicating with HTTPS Servers
Certificate Stores and Certificate Console
.NET Programs Communicating with HTTPS Servers
CAcert.org - Root CA Offering Free Certificates
PKI CA Administration - Issuing Certificates
Digital Signature - Microsoft Word 2007
Digital Signature - OpenOffice.org 3