Intermediate Certificate Authorities

Intermediate Certificate Authorities

There are two types of certificate authorities (CAs), root CAs and intermediate CAs. In order for a certificate to be trusted, and often for a secure connection to be established at all, that certificate must have been issued by a CA that is included in the trusted store of the device that is connecting.

If the certificate was not issued by a trusted CA, the connecting device (e.g., a web browser) will then check to see if the certificate of the issuing CA was issued by a trusted CA, and so on until either a trusted CA is found (at which point a trusted, secure connection will be established) or no trusted CA can be found (at which point the device will usually display an error).

To facilitate this process of verifying a "chain" of trust, every certificate includes the fields "Issued To" and "Issued By". An intermediate CA will show different information in these two fields, showing a connecting device where to continue checking, if necessary, in order to establish trust.

Root CA's, on the other hand, are "Issued To" and "Issued By" themselves, so no further checking is possible or necessary in order to establish trust (or lack thereof).

For example, if a certificate issued to "" and issued by "Intermediate CA1", and the visiting web browser trusts "Root CA", trust may be established in the following manner:

Certificate 1 - Issued To:; Issued By: Intermediate CA 1
Certificate 2 - Issued To: Intermediate CA 1; Issued By: Intermediate CA 2
Certificate 3 - Issued To: Intermediate CA 2; Issued By: Intermediate CA 3
Certificate 4 - Issued To: Intermediate CA 3; Issued By: Root CA

The visiting web browser trusts "Root CA", and a secure connection can now be established. Since this process is often called "certificate chaining," intermediate CA certs are sometimes called "chained certificates". For enhanced security purposes, most end user certificates today are issued by intermediate certificate authorities.

Installing an intermediate CA signed certificate on a web server or load balancer usually requires installing a bundle of certificates.

Read more about Intermediate Certificate Authorities:  Intermediate Certificate Authority: Organizations

Other articles related to "certificate, certificates, intermediate certificate authorities, intermediate":

Sixth Form Certificate
... Sixth Form Certificate was a New Zealand secondary school qualification gained at the end of Form 6 (Year 12) that was awarded until 2002 ... Sixth Form Certificate was originally developed to allow schools to provide a more comprehensive range of courses than was available from University Entrance subjects ... Sixth Form Certificate has always been internally assessed by schools ...
Church Divinity School Of The Pacific - Certificate Programs
... Certificates of one, two, or three years of study may be given to non-degree students who have successfully completed the appropriate full academic years ... These certificate programs include Certificate of Anglican Studies (C.A.S) Certificate of Theological Studies (C.T.S) Hybrid Certificate of Anglican Studies (HyCAS) ...
Certificate - Academic Qualification
... Academic certificate Professional certification, a vocational award A confirmation that a person has passed a Test (assessment) to prove competence Australia Higher School Certificate (New ...
Sydney—Victoria - Demographics
64.3% Protestant 30.5% No religious affiliation 3.6% Education No certificate, diploma or degree 31.3% High school certificate 23.5% Apprenticeship or trade certificate or diploma 14.3% Community college, CEGEP or ...
Intermediate Certificate Authorities - Intermediate Certificate Authority: Organizations
... In a related but distinct usage of the phrase, "Intermediate CA" may refer to a certificate issuing organization that does not, or is unable to issue certificates that chain to a Root CA that is owned by ... Here the ambiguity comes from the use of the term "certificate authority", which can refer either to a certificate issuing organization or the certificates used by those organizations to issue end-user certificates ...

Famous quotes containing the words authorities, intermediate and/or certificate:

    Some authorities hold that the young ought not to lie at all. That, of course, is putting it rather stronger than necessary; still, while I cannot go quite so far as that, I do maintain, and I believe I am right, that the young ought to be temperate in the use of this great art until practice and experience shall give them that confidence, elegance and precision which alone can make the accomplishment graceful and profitable.
    Mark Twain [Samuel Langhorne Clemens] (1835–1910)

    Complete courage and absolute cowardice are extremes that very few men fall into. The vast middle space contains all the intermediate kinds and degrees of courage; and these differ as much from one another as men’s faces or their humors do.
    François, Duc De La Rochefoucauld (1613–1680)

    God gave the righteous man a certificate entitling him to food and raiment, but the unrighteous man found a facsimile of the same in God’s coffers, and appropriated it, and obtained food and raiment like the former. It is one of the most extensive systems of counterfeiting that the world has seen.
    Henry David Thoreau (1817–1862)