Certificate chain について調べる

localhost の HTTPS 対応をする際に出てきた Certificate chain がよくわかってないので調べる過程を残しとく

Certificate chain
It most likely looks as follows:

Server certificate - stores a certificate signed by intermediate.
Intermediate certificate - stores a certificate signed by root.
Root certificate - stores a self-signed certificate.

Intermediate certificate should be installed on the server, along with the server certificate.
Root certificates are embedded into the software applications, browsers and operating systems.

The application serving the certificate has to send the complete chain, this means the server certificate itself and all the intermediates. The root certificate is supposed to be known by the client.

https://stackoverflow.com/questions/31673587/error-unable-to-verify-the-first-certificate-in-nodejs

Intermediate Certificates は中間にいくつあってもいいらしい

https://www.youtube.com/watch?v=l_ZbduoVQqs

よく見かける用語

cert.pem contains the server certificate by itself
chain.pem contains the additional intermediate certificate or certificates that web browsers will need in order to validate the server certificate
fullchain.pem All certificates, including server certificate (aka leaf certificate or end-entity certificate). The server certificate is the first one in this file, followed by any intermediates.
privkey.pem Private key for the certificate.

https://community.letsencrypt.org/t/public-and-private-keys/25493?u=emahuni

chain = root
fullchain = cert + chain = cert + root

https://github.com/FiloSottile/mkcert/issues/214#issuecomment-552141000