?
Solved

SSL:  What is the difference between a root and intermediate certificate

Posted on 2014-03-24
2
Medium Priority
?
4,805 Views
Last Modified: 2014-03-26
Regarding SSL

What is the difference between a root and intermediate certificate
0
Comment
Question by:Anthony Lucia
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 29

Accepted Solution

by:
becraig earned 1000 total points
ID: 39951802
The root certificate is the certificate of the publishing authority and is generally valid for a longer duration.

Intermediates certs are usually a shorter life and chain to the root of the certification authority.

Intermediates CA's generally allow issuing of end user certificates allowing less visibility and access to the root as well as less potential for compromise.

The CA you can say acts as a manufacturer, where designs and plans are created and the CA can act as a factory creating models based on designs by the manufacturer for eventual sale provisioning to end users.
0
 
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 1000 total points
ID: 39953883
Simpler: A root certificate is self-signed, has the "CA" flag set, and is in the root store for your computer and/or web browser.

An intermediate certificate is one that has the "CA" flag set and is signed by another certificate that has the "CA" flag set (you can have multiple levels of indirection, but to be valid, it must be signed by a valid CA or by a root CA)

an end certificate is one without the CA flag set, hence cannot be used to sign certificates further from the root.
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Check out the latest tech news, community articles, and expert highlights in August's newsletter.
I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question