12 lines
560 B
Plaintext
12 lines
560 B
Plaintext
Validation of X.509 certificates is essential to create secure SSL/TLS sessions not vulnerable to man-in-the-middle attacks.
|
|
|
|
The certificate chain validation includes these steps:
|
|
|
|
* The certificate is issued by its parent Certificate Authority or the root CA trusted by the system.
|
|
* Each CA is allowed to issue certificates.
|
|
* Each certificate in the chain is not expired.
|
|
|
|
It's not recommended to reinvent the wheel by implementing custom certificate chain validation.
|
|
|
|
TLS libraries provide built-in certificate validation functions that should be used.
|