Skip to main content
banner image
venafi logo

What Is a Chain Certificate for EV Multi-Domain Certificates?

What Is a Chain Certificate for EV Multi-Domain Certificates?

Chain Certificate for EV Multi-Domain Certificates
June 21, 2018 | David Bisson

A Chain Certificate for EV Multi-Domain Certificates is a type of electronic document that contains the public key and digital signature of a root certificate authority (CA). Upon successful purchase, organizations install their Chain Certificate into their web browser. Doing so creates a chain of trust between end users and their EV Multi-Domain certificates, a type of extended validation (EV) certificate which can apply to at least 100 fully qualified domain names (FQDNs) and up to 250 FDQNs including sub-domains.

Companies obtain root certificates from only trusted CAs, or entities which are authorized to verify someone's identity. Most web browsers and operating systems ship out to consumers with a trust store containing a list of trusted CAs. A device such as a web browser, in turn, uses that list to validate an SSL certificate's issuer.

In the event the device does not find a match, it navigates up what is known as the certificate chain by checking any and all intermediate certificates. These digital certificates sit between the end-user (SSL) certificate and root certificate. As such, an intermediate certificate signs/issues the SSL Certificate.

The device determines whether the intermediate certificate of the issuing CA was signed by a trusted CA. In the event it wasn't, the device continues this process across subsequent intermediate certificates until it discovers a trusted CA match or until it reaches the root certificate. If it ultimately finds no match with a trusted CA along that entire "chain of trust," the device displays an error message.

To adequately protect users, companies should verify that their Chain Certificate for EV Multi-Domain Certificates is up-to-date. They should also validate that the correct CA certificate chain is installed on each Transport Layer Security (TLS) server lest their clients experience an error when trying to reach a given resource. Lastly, they should ensure that all CA certificates expire after the server's TLS certificate.

Organizations can simplify management of chain certificates and prevent business interruptions by using an automated solution such as the Venafi Platform. This utility validates that certificate and chain on every server is correctly installed on a nightly basis. It also supports the automated installation of CA certificate chains with certificates along with the ability to provision and manage such chains. All the while, the Venafi Platform has the ability to manage and enforce trust stores across all systems.

Begin monitoring your full certificate chain today.

Related posts

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

David Bisson
David Bisson

David is a Contributing Editor at IBM Security Intelligence.David Bisson is a security journalist who works as Contributing Editor for IBM's Security Intelligence, Associate Editor for Tripwire and Contributing Writer for Gemalto, Venafi, Zix, Bora Design and others.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more