Solved

SSL:  What is the difference between a root and intermediate certificate

Posted on 2014-03-24
2
3,869 Views
Last Modified: 2014-03-26
Regarding SSL

What is the difference between a root and intermediate certificate
0
Comment
Question by:Anthony Lucia
2 Comments
 
LVL 29

Accepted Solution

by:
becraig earned 250 total points
ID: 39951802
The root certificate is the certificate of the publishing authority and is generally valid for a longer duration.

Intermediates certs are usually a shorter life and chain to the root of the certification authority.

Intermediates CA's generally allow issuing of end user certificates allowing less visibility and access to the root as well as less potential for compromise.

The CA you can say acts as a manufacturer, where designs and plans are created and the CA can act as a factory creating models based on designs by the manufacturer for eventual sale provisioning to end users.
0
 
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 250 total points
ID: 39953883
Simpler: A root certificate is self-signed, has the "CA" flag set, and is in the root store for your computer and/or web browser.

An intermediate certificate is one that has the "CA" flag set and is signed by another certificate that has the "CA" flag set (you can have multiple levels of indirection, but to be valid, it must be signed by a valid CA or by a root CA)

an end certificate is one without the CA flag set, hence cannot be used to sign certificates further from the root.
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

It’s the first day of March, the weather is starting to warm up and the excitement of the upcoming St. Patrick’s Day holiday can be felt throughout the world.
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

680 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question