PKI Tutorials - Herong's Tutorial Examples

∟Using HTTPS with Apple Safari

∟View Server Certificate Path in Apple Safari

This section provides a tutorial example on how to view server certificate path when visiting a 'https' Website in Apple Safari. The top certificate in a certificate path is the root CA certificate, which is trusted by browser settings.

When a browser validates a server certificate, it will try to build a certificate path - an ordered list of certificates that satisfy these conditions:

• The first certificate must a CA (Certificate Authority) certificate that is trusted by the browser.
• The subject of each certificate, except for the last, must be the issuer of the next certificate.
• The last certificate is the server certificate to be validated.

Here is what I did to see the certificate path for https://login.yahoo.com Website on Apple Safari.

1. Run Apple Safari and go to https://login.yahoo.com and wait for the log in page to be displayed.

2. Click the lock icon at the left side of the URL address area. The page security dialog box shows up.

3. Click the "Show Certificate" button. The server certificate summary shows up with its certificate path:

DigiCert High Assurance EV Root CA         - Root CA certificate
 |- DigiCert SHA2 High Assurance Server CA - Intermediate CA certificate
     |- *.login.yahoo.com                  - Web server certificate

6. Click on "DigiCert High Assurance EV Root CA" in the path to see more information about the root CA certificate.

7. Click on "DigiCert SHA2 High Assurance Server CA" in the path, to see more information about the intermediate CA certificate.

What do you think about this certificate path? Should we trust login.yahoo.com now? I think this is a valid certificate path and we should trust *.login.yahoo.com, because:

• The root CA certificate "DigiCert High Assurance EV Root CA" can be trusted because it was pre-installed in Safari as a trusted certificate.
• The intermediate CA certificate "DigiCert SHA2 High Assurance Server CA" can be trusted because it was issued by a trusted root CA.
• The *.login.yahoo.com certificate "*.login.yahoo.com" can be trusted because it was issued by a trusted intermediate CA.

The picture below shows you the certificate path view of a server certificate:

Table of Contents

 About This Book

 Introduction of PKI (Public Key Infrastructure)

 Introduction of HTTPS (Hypertext Transfer Protocol Secure)

 Using HTTPS with Google Chrome

 Using HTTPS with Mozilla Firefox

 HTTPS with Microsoft Edge

►Using HTTPS with Apple Safari

 Visiting "https" Website with Apple Safari

 Showing Server Certificate in Apple Safari

 Viewing Certificate Details in Apple Safari

►View Server Certificate Path in Apple Safari

 Export Server Certificate to File from Safari

 View Trusted Root CA Certificates in Safari

 HTTPS with IE (Internet Explorer)

 Android and Server Certificate

 iPhone and Server Certificate

 Windows Certificate Stores and Console

 RDP (Remote Desktop Protocol) and Server Certificate

 macOS Certificate Stores and Keychain Access

 Perl Scripts Communicating with HTTPS Servers

 PHP Scripts Communicating with HTTPS Servers

 Java Programs Communicating with HTTPS Servers

 .NET Programs Communicating with HTTPS Servers

 CAcert.org - Root CA Offering Free Certificates

 PKI CA Administration - Issuing Certificates

 Comodo Free Personal Certificate

 Digital Signature - Microsoft Word

 Digital Signature - OpenOffice.org 3

 S/MIME and Email Security

 PKI (Public Key Infrastructure) Terminology

 Archived Tutorials

 References

 Full Version in PDF/EPUB

View Server Certificate Path in Apple Safari - Updated in 2022, by Herong Yang