I did search around and find similar questions, however not exactly fitting to my scenario that I am going to discuss...
I have a client machine which have the rootCA certificate installed. The client is using the default validation engine in TLS 1.2/1.3 (which ever is supported by server, but not < TLS 1.2) defined in OpenSSL.
When the client connect to the server, it recieves a chained certificate like:
[server certificate]---->[CA2]--->[CA1]
The CA1 certificate is signed by the rootCA whose certificate is already present with the client.
My question is, as the client trusts the rootCA certificate and rootCA issues certificate to intermediate CA CA1 and CA1 issues certificate to CA2 and the server certificate is issued by CA2. the complete chain is trusted? even though the client is unaware of who CA1 and CA2 are...
