This section provides a tutorial example on how to view server certificate path when visiting a 'https' Website in Apple Safari. The top certificate in a certificate path is the root CA certificate, which is trusted by browser settings.
When a browser validates a server certificate, it will try to build a certificate path
- an ordered list of certificates that satisfy these conditions:
The first certificate must a CA (Certificate Authority) certificate that is trusted by the browser.
The subject of each certificate, except for the last, must be the issuer of the next certificate.
The last certificate is the server certificate to be validated.
Here is what I did to see the certificate path for https://login.yahoo.com Website on Apple Safari.
1. Run Apple Safari and go to https://login.yahoo.com and wait for the log in page to be displayed.
2. Click the lock icon at the left side of the URL address area.
The page security dialog box shows up.
3. Click the "Show Certificate" button.
The server certificate summary shows up with its certificate path:
DigiCert High Assurance EV Root CA - Root CA certificate
|- DigiCert SHA2 High Assurance Server CA - Intermediate CA certificate
|- *.login.yahoo.com - Web server certificate
6. Click on "DigiCert High Assurance EV Root CA" in the path
to see more information about the root CA certificate.
7. Click on "DigiCert SHA2 High Assurance Server CA" in the path,
to see more information about the intermediate CA certificate.
What do you think about this certificate path?
Should we trust login.yahoo.com now?
I think this is a valid certificate path and we should trust *.login.yahoo.com,
The root CA certificate "DigiCert High Assurance EV Root CA"
can be trusted because it was pre-installed in Safari as a trusted certificate.
The intermediate CA certificate "DigiCert SHA2 High Assurance Server CA"
can be trusted because it was issued by a trusted root CA.
The *.login.yahoo.com certificate "*.login.yahoo.com"
can be trusted because it was issued by a trusted intermediate CA.
The picture below shows you the certificate path view of a server certificate: