Good evening everybody, (I hope this is the right category…)
I have some questions about the cross-signing that happened between Letsencrypt and IdenTrust.
As far as I know, Letsencrypt has generated its own Root CA Certificate and signed an intermediate certificate with it. Since Letsencrypt was not trusted by all browsers, IdenTrust cross-signed the intermediate certificate so that all certificates would be automatically trusted. (This is a common technique).
When I look at Letsencrypts Intermediate Certificates, I can only see one certificate (which appears to be issued by IdenTrust), but I dont see an intermediate certificate which is signed by Letsencrypt (except on the website.)
I want to know, how Letsencrypt can chain up to their own Root (LE Root X1), if the intermediate certificate issued by the LE Root is not existant. I wondered, if the LE Intermediate Chain certificate is included into the DST Root Certificate, so that a chain to both Root certificates would be possible ( if thats the case, I would love to know how this is possible).
Thank you all very much, for your time