---
title: "What is the structure of Cert Chain?"
slug: "what-is-the-structure-of-cert-chain"
updated: 2024-06-12T20:05:00Z
published: 2024-06-12T20:05:00Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://support.fortanix.com/llms.txt
> Use this file to discover all available pages before exploring further.

# What is the structure of Cert Chain?

### App Certs

- Description – App certs are configured when an application is converted, and app certs are issued when the application starts. These certificates are signed by the Zone Root CA, which issues certificates only to enclaves presenting a valid attestation.
- Validity Period – 90 days

### Zone Root CA Cert

- Description – On installation of Fortanix Confidential Computing Manager (CCM), a Zone Root CA certificate is created. All the other certificates (node attestation and application certificates) have a trust chain back to the zone root CA.
- Validity Period –5 years

## Related

- [Installation Guide - On-Premises](/fortanix-data-security-manager-installation-guide-on-prem.md)
- [What is a Join token?](/what-is-a-join-token.md)
- [How to obtain data describing the remote enclave from the cert?](/how-to-obtain-data-describing-the-remote-enclave-from-the-cert.md)