3

When I use my browser (a TLS client) to navigate to a secure web page (e.g. https://example.com), during the TLS handshake, the browser will receive an end-entity certificate from the web server of example.com. It'll most likely be signed by an intermediate CA, using its private key. To verify this signature, the browser must have the intermediate CA's public key, and thus certificate. Since this intermediate CA certificate is not in the browser's or the OS's root store, the browser must fetch it from somewhere.

My question is - where do TLS clients, like my browser, fetch intermediate CA certificates from? And how can they do it securely?

dayuloli
  • 133
  • 6

1 Answers1

6

They are all sent together by the server

All certificates, except for the root certificate, are sent together as one bundle.

Technically, you may include the root certificate as well, but it will be ignored by the client.

If the server only sends the "leaf" certificate, then it depends on the browser if they are able to somehow get the missing intermediate certificates. One way, for instance, is for them to cache intermediate certificates from previous connections. Chrome uses the Authority Information Access extension to locate missing intermediate certificates that way.

If all of these attempts fail, and the intermediate certificates are not available, then the certificate verification will fail.

  • 1
    *"If the server only sends the "leaf" certificate, but not the intermediate certificates, then verification will fail."* - this is not fully true in practice. At least the desktop browsers try to work around broken chains by filling in missing certificates. Firefox seems to do this by caching intermediate certificates from previous connections while Chrome seems to use the CA issuers entry in the AIA extensions to locate the missing CA. – Steffen Ullrich Jun 12 '19 at 16:39
  • @SteffenUllrich Thanks, I will incorporate this into my answer. –  Jun 13 '19 at 11:17
  • 1
    Firefox bug report about using AIA: https://bugzilla.mozilla.org/show_bug.cgi?id=399324. TL;DR their study shows it would lessen problems only by ~5% of all connection errors, which is not good enough for them to do it considering the privacy consequences of that extra access. – Patrick Mevzek Aug 20 '19 at 20:35