How to see certificate for intermediate CA in Keychain?
When I check details of a certificate I only see information about the certificate itself. Is there any way to see the issuer’s certificate? In my case it’s an intermediate CA. The certificate that I care is for S/MIME (hence the tag), but I think this should apply to all kinds of certificates in general.
I think there should be a way because it’s very intuitive in Windows. Also Chrome on macOS displays the full chain for websites. I think Keychain.app has this information because it labels the certificate as a verified one.
Evaluate Certificate
- Launch the Keychain Access.app
- Select the certificate of interest
- Select the menu item: Keychain Access (menu) > Certificate Assistant (sub-menu) > Evaluate "certificate name"…
- Select Continue to choose Generic evaulation (certificate chain validation only)
- Select Show Certificate… button
You can now navigate through the certificate chain and view the leaf, intermediate, and root certificate details.
For any Stored certificate, using Keychain Utility:
Open Keychain Utility, choose any certificate, double click it, select Detais:
The certificate will popup up, click on Details triangle.
Look for the issuer on the info below:
Here is the same certificate showed above, with the window extended to show full information: (NOTE: this osu.edu certificate is EXPIRED, so it is shown as "not trusted", but its issuer chain is present on it, and it is valid [the issuer InCommon CA chain].
Here is an Intermediate CA Certificate stored on my Keychain:
Here is another Intermediate CA Certificate
For any website certificate, using Safari:
After clicking "Show Certificate", folow the same procedure and click on the Details Triangle.