Certificates come in different ways
There are these, called root certificates, which are on the top of a pyramid.
These can be used to sign/create other certificates, that would be one step down from the top
You can have any number of layers below.
Every certificate which is on a lower level will hold information on the certificate from the level above which was used to create it.
On your device/in your browser, when you browse the web, use the net, a program, like openssl, will try to verify whether in the chain of all these certificates every one is still valid.
To be able to do this, a device/browser comes with a list of the top level certificates(root), and a program to check the chain.
This tool updates these root certificates
In another thread somebody published an update to OpenSSL
Previously, the cert grabber tool, was needed to workaround some problems which basically should not occur anymore if you use above two mentioned updates.
Maybe a bit basic how I describe it, but I hope it clarifies it all a bit
-- Sent from my Palm Pre3 using Forums