Hi @rivinoo
Thank you for your answer.
A certificate is used to authenticate an entity that it is who it says it is. A certificate cannot be used to create a new certificate, since it doesn’t contain a private key. The generator has a key pair, and to confirm its certificate is in fact the correct certificate, the public key in the certificate is compared with the generator’s certificate. Why do you say the second certificate doesn’t belong to the chain? Isn’t the issuer name of the second certificate same is the subject certificate of the first certificate? Isn’t the first certificate’s public key used to verify the second certificate?
A certificate doesn’t necessarily need to be on the same file \ buffer
Regards,
Mbed TLS Support
Ron