| Field | Value | Copy |
|---|---|---|
| {{ row.k }} | {{ row.v }} |
A certificate chain is only valid when each certificate is signed by the next issuer above it. When the wrong intermediate is installed, or when a chain is assembled in the wrong order, TLS clients can fail validation even if the leaf certificate looks correct.
This tool checks whether a leaf certificate is signed by a candidate issuer certificate. It verifies the signature using the issuer public key and also compares the leaf issuer name to the issuer subject name to catch common mix-ups.
The helper parses both PEM certificates, extracts the Subject and Issuer distinguished names, and runs a signature verification check. A positive result means the issuer public key validates the leaf signature, which is the core requirement for a chain link.
Issuer name matching is reported as a separate check because some chains contain equivalent names that differ in formatting. Signature verification is the deciding factor.