Certificate Chain is introduced to solve the risk of leakage caused by having root certificate issues user certificate. If the private key of the root certificate is leaked, then it will affect all user certificates signed by this root certificate with very serious security risks following. So, to avert security risks of root certificate, the certificate authority (CA) adopts a root certificate to sign the intermediate certificate. An intermediate certificate is used to sign the user certificate. Even if something goes wrong with the intermediate certificate, the wrong intermediate certificate can be abandoned for the security of the root certificate while scaling down the scope of associated user certificates, from all to partial. In short, the certificate chain consists of a root certificate, intermediate certificate(s), and user certificate(s). Only when every certificate on the certificate chain is valid, the corresponding service will then deem the current certificate for the user valid and trusted.