When performing authentication, SSL uses a technique called public-key cryptography.
Public-key cryptography is based on the concept of a key pair, which consists of a public key and a private key. Data that has been encrypted with a public key can be decrypted only with the corresponding private key. Conversely, data that has been encrypted with a private key can be decrypted only with the corresponding public key.
The owner of the key pair makes the public key available to anyone, but keeps the private key secret.
The Distinguished Name of the entity that owns the public key
The Distinguished Name of the entity that issued the certificate
The period of time during which the certificate is valid
The public key itself
An organization that issues certificates can establish a hierarchy of CAs. The root CA has a self-signed certificate. Each subordinate CA has a certificate that is signed by the next highest CA in the hierarchy. A certificate chain is the certificate of a particular CA, plus the certificates of any higher CAs up through the root CA.