Share via

The relationship/hierarchy of Certificate Chain behind JWT of Azure CVMs

Joey 175 Reputation points
2025-03-19T12:34:12.76+00:00

Background

Our team is using Azure Confidential Virtual Machines (SNP and TDX), and I can successfully obtain the JWT Attestation Result for the CVMs. The JWTs can be verified using tools like jwt.io or other JWT validation utilities.

Questions

The jku field in the JWT header points to an Azure Certificate Site (e.g., "https://sharedeus2.eus2.attest.azure.net/certs") where three certificates are provided. The kid field in the JWT header is bound to one of these certificates.

Q1: I want to confirm whether the certificate referred to by the kid field verifies the JWT. Besides, whether the 3 certificates on the jku site consist of a certificate chain.

Upon decoding and converting these jku certificates into PEM format, I found three additional certificates within each X509v3 extension field. These appear to be Intel SGX certificates after parsing, potentially because the Azure Attestation Service is hosted on Intel SGX.

Q2: Will the verification of the attestation JWT reach on verifying the SGX certificate chain?

Q3: How is the SGX certificate chain bound to the certificate chain displayed on the jku site?

I mean, there is very likely some binding between these two chains. I want to understand the relationship behind it, at least at a high level.

Thank you in advance for any suggestion and assistance!

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
8,713 questions
Accepted answer
  1. Alex Burlachenko 4,235 Reputation points
    2025-03-19T17:04:56.4466667+00:00

    Hi Joey,

    I would try to answer to your questions one by one.

    Q1: Does the certificate referred to by the kid field verify the JWT? Are the 3 certificates on the jku site part of a certificate chain?

    Yes, the certificate referenced by the kid field is used to verify the JWT's signature. The 3 certificates on the jku site form a certificate chain. The kid points to the leaf certificate, and the other two are intermediate certificates that complete the chain up to the root certificate.

    Q2: Does the verification of the attestation JWT involve verifying the SGX certificate chain?

    Yes, the verification process includes validating the SGX certificate chain. The JWT attestation result is tied to the SGX enclave, and the SGX certificates ensure the integrity and authenticity of the attestation.

    Q3: How is the SGX certificate chain bound to the certificate chain displayed on the jku site?

    The SGX certificate chain is embedded within the X509v3 extensions of the certificates on the jku site. These extensions contain SGX-specific information, linking the Azure Attestation Service's certificate chain to the SGX hardware root of trust. At a high level, the binding ensures that the attestation result (JWT) is cryptographically tied to the SGX enclave and the Azure Attestation Service's certificate chain.

    Just in cases link for MSFT official doc's Azure Attestation Documentation.

    Best regards,

    Alex

    P.S. If my answer help to you, please Accept my answer

    1 person found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.