∟Viewing Server Certificate Path in Mozilla Firefox
This section provides a tutorial example on how to view certificate path when visiting a 'https' Website in Mozilla Firefox. The top certificate in a certificate path is the root CA certificate, which is trusted automatically.
When a browser validates a server certificate, it will try to build a certificate path
- an ordered list of certificates that satisfy these conditions:
The first certificate must a CA (Certificate Authority) certificate that is trusted by the browser.
The subject of each certificate, except for the last, must be the issuer of the next certificate.
The last certificate is the server certificate to be validated.
Here is what I did to see the certificate path for https://login.yahoo.com Website on Mozilla Firefox.
1. Visit https://login.yahoo.com with Mozilla Firefox,
and view the server certificate again.
2. Click the "Details" tab on the Certificate Viewer.
A certificate path with 3 certificates shows up
in the Certificate Hierarchy section:
DigiCert High Assurance EV Root CA - Root CA certificate
|- DigiCert SHA2 High Assurance Server CA - Intermediate CA certificate
|- *.login.yahoo.com - Web server certificate
3. Click on "DigiCert High Assurance EV Root CA" in the path
to see more about this root CA certificate.
4. Click on "DigiCert SHA2 High Assurance Server CA" in the path
to see more about this intermediate CA certificate
5. Click on "*.login.yahoo.com" in the path.
to see more about this HTTPS Web server certificate.
What do you think about this certificate path? Should we trust login.yahoo.com now?
I think this is a valid certificate path and we should trust login.yahoo.com,
The root CA certificate "DigiCert High Assurance EV Root CA"
is trusted because it was pre-installed in Firefox.
The intermediate CA certificate "DigiCert SHA2 High Assurance Server CA"
is trusted because it was issued by a trusted root CA.
The login.yahoo.com certificate "*.login.yahoo.com"
is trusted because it was issued by a trusted intermediate CA.
The picture below shows an example of a certificate path: