When a certificate is received with a view to verifying identity, a number of tests and checks can be carried out:
The receiver assesses the certificate for basic validity such as integrity, start/end date, usage information, strength of public key, and so on.
The receiver verifies the Subject, and any Subject Alternative Name(s), against the source of the certificate. For example the IP address or the domain name. This is called 'Certificate Identity Verification'.
The receiver extracts the certificates Issuer. The receiver searches its Trusted Certificate Store (TCS) for a matching trusted certificate. When found, the receiver uses the public key of the trusted certificate to check the received certificate's signature. This is repeated until a trusted Root CA certificate is found.
The received certificate is checked to see if it has been revoked by the CA. That is, certificate has be canceled or withdrawn by the authority.
Due to the variety of implementations, certificate content, configurable setting and heritage, many systems and applications differ greatly in their application of such tests.
