Arm Mbed and Pelion Device Management support forum

Find all certificates that build a chain to a given leaf certificate

Let’s say I would want to find all certificates that correspond to the chain of my leaf certificate. Is there a built-in function inside mbedtls for that?
Somethign like Input: Leaf Certificate - Output: Leaf Certificate - Sub CA of Leaf - Root CA of Sub CA

If not, what fields would I have to compare inside two certificates to deduce that the leaf certificate really is part of the SubCA / CA’s PKI.

Issuer Leaf == CA Subject
Leaf AKI == CA SKI

Hi @TrinityTonic
I am not sure I follow your use case.

As mentioned in other post, I would suggest you follow what is done in x509_crt_check_parent().
However, this function only finds a candidate for a parent, f course, the parent’s public key(embedded in its certificate) should be used to verify the leaf certificate, so even if the parent has correct Issuer name, the signature algorithm should be correct, and also, verified ( e.g. not expired, revoked, etc…)
Regards,
Mbed TLS Support
Ron