X.509 verify chain

Verify chain of X.509 PKI certificates presented in PEM format.

An X.509 certificate chain is a sequence of certificates, where each certificate in the chain is signed by the subsequent certificate. This chain typically starts with the certificate of the end entity (like a web server), followed by one or more intermediate certificates, and ends with a root certificate. The root certificate is self-signed and typically embedded in the certificate store of the operating system or the application performing the verification. The process of X.509 certificate chain verification involves validating each certificate in the chain against the one that follows it, up to the root certificate. This process ensures the trustworthiness of the certificate chain, confirming that the end entity certificate was indeed issued by a trusted authority. The verification checks include validating the digital signatures, checking the certificate status (e.g., not expired, not revoked), and ensuring the correct usage of the certificate (e.g., for server authentication).