<!-- /* Font Definitions */ @font-face font-family:宋体; panose-1:2 1 6 0 3 1 1 1 1 1; mso-font-alt:SimSun; mso-font-charset:134; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:3 135135232 16 0 262145 0; @font-face font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:-1610611985 1073750139 0 0 159 0; @font-face font-family:"\@宋体"; panose-1:2 1 6 0 3 1 1 1 1 1; mso-font-charset:134; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:3 135135232 16 0 262145 0; /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal mso-style-parent:""; margin:0cm; margin-bottom:.0001pt; text-align:justify; text-justify:inter-ideograph; mso-pagination:none; font-size:10.5pt; mso-bidi-font-size:11.0pt; font-family:Calibri; mso-fareast-font-family:宋体; mso-bidi-font-family:"Times New Roman"; mso-font-kerning:1.0pt; /* Page Definitions */ @page mso-page-border-surround-header:no; mso-page-border-surround-footer:no; @page Section1 size:612.0pt 792.0pt; margin:72.0pt 90.0pt 72.0pt 90.0pt; mso-header-margin:36.0pt; mso-footer-margin:36.0pt; mso-paper-source:0; div.Section1 page:Section1; -->
/* Style Definitions */
table.MsoNormalTable
mso-style-name:普通表格;
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";
mso-ansi-language:#0400;
mso-fareast-language:#0400;
mso-bidi-language:#0400;
See Also For more information about the certificate chaining process in Windows, see the "Troubleshooting Certificate Status and Revocation" white paper on the TechNet page of the Microsoft Web site at /technet/security/prodtech/pubkey /tshtcrl.asp.
3. When a certificate is presented that cannot be chained back to one of the trusted root CAs, the chain is considered broken, and strictly speaking, the certificate won't be trusted. However, an application could be written that does not check the chain, accepts a chain that does not extend back to a trusted root, or allows the user to accept a certificate regardless of the state of the chain. To understand what will happen in each case requires understanding these elements for the application. Indeed, there are other factors that will also come into play such as CRL checking.
Certificate Chaining on the Internet
The certificate chaining process is managed across the Internet by including the root CA certificate in the certificate store of the browser, and hence, on Windows systems, in the certificate store of the computer. When the browser is first installed, the certificate store includes the root CA certificates of public CAs. When the browser connects to any site that has a certificate that can be chained back to a certificate in its certificate store and then authenticated, a secure channel can be negotiated. If an untrusted certificate (that is, the root CA certificate is not in the store) is presented, it is rejected. However, if the root CA is not present in the Trusted Root or Untrusted Root containers, the user will be prompted to select whether to trust the certificate. The user, in many cases, can accept the certificate without proof of trust, but that is another story.
About us