What is the primary role of a root certificate authority (CA) in a trust chain?
Think about which entity is the ultimate source of trust in a certificate chain.
The root CA is the trusted anchor that signs intermediate CAs. This signing creates a chain of trust that browsers and systems rely on to verify certificates.
Which of the following correctly lists the order of certificates in a typical trust chain from the server certificate to the root CA?
Consider the path from the certificate presented by the website back to the trusted root.
The trust chain starts with the server certificate, which is signed by an intermediate CA, which in turn is signed by the root CA.
A browser shows a warning that a website's certificate is not trusted. Which of the following is the most likely cause related to the trust chain?
Think about what happens if the browser cannot find a complete path to a trusted root.
If the server does not send the intermediate CA certificate, the browser cannot build a complete trust chain to the root CA, causing a trust warning.
Which statement best explains the difference between a self-signed certificate and a certificate signed by a certificate authority?
Consider how browsers decide to trust a certificate.
CA-signed certificates are trusted because they link back to a trusted root CA through a chain. Self-signed certificates do not have this chain and are not trusted by default.
Suppose an attacker compromises an intermediate certificate authority. What is the most serious security risk this poses to the trust chain?
Think about what control an intermediate CA has in the certificate issuance process.
Compromising an intermediate CA allows an attacker to issue fake certificates trusted by browsers, which can be used to intercept or impersonate secure communications.