PKI Tutorials - Herong's Tutorial Examples - v2.20, by Dr. Herong Yang
Viewing Server Certificate Path in IE
This section provides a tutorial example on how to view certificate path when visiting a 'https' Website in IE. The top certificate in a certificate path is the root CA certificate, which is trusted automatically.
When a browser validates a server certificate, it will try to build a certificate path - an ordered list of certificates that satisfy these conditions:
Here is what I did to see the certificate path for https://login.yahoo.com Website on IE.
1. Run IE and go to https://login.yahoo.com and wait for the log in page to be loaded.
2. Click the lock icon at the end of the Web address field. A small pop up windows shows up.
3. Click the "View certificates" link on the pop up window. The Certificate dialog box shows up.
4. Click the "Certificate Path" tab. A certificate path with 3 certificates shows up:
VeriSign - Root CA certificate |- VeriSign Class 3 Secure Server CA - G3 - Intermediate CA certificate |- *.login.yahoo.com - Web server certificate
5. Double click on "VeriSign" in the path. The root CA certificate dialog box shows up. The General tab shows that:
Issued to: VeriSign Class 3 Public Primary Certification Authority- G5 Issued by: VeriSign Class 3 Public Primary Certification Authority- G5 Valid from 11/7/2006 to 7/16/2036
6. Close the root CA certificate dialog box and double click on "VeriSign Class 3 Secure Server CA - G3" in the path. The intermediate CA certificate dialog box shows up. The General tab shows that:
Issued to: VeriSign Class 3 Secure Server CA - G3 Issued by: VeriSign Class 3 Public Primary Certification Authority- G5 Valid from 2/7/2010 to 2/7/2020
7. Close the intermediate CA certificate dialog box.
8. Now click the "General" tab on the original certificate dialog box:
Issued to: *.login.yahoo.com Issued by: VeriSign Class 3 Secure Server CA - G3 Valid from 4/7/2014 to 4/9/2015
What do you think about this certificate path? Should we trust login.yahoo.com now? I think this is a valid certificate path and we should trust login.yahoo.com, because:
The picture below shows you steps to reach the certificate path:
Table of Contents