Categories
Technical

What is an intermediate certificate?

I just completed a new CSR (Certificate Signing Request). Upon its completion I was issued my new cert along with an intermediate certificate to be installed on my host server. This gives me the perfect opportunity to share with what an intermediate certificate is.

An intermediate certificate is used to bundle “chains” to your SSL certificate leading back to a root certificate authority. This of it as a proxy or gateway to the source of where all certificates are signed. They provide maximum browser and server coverage to ensure visitors won’t receive “invalid SSL” warnings when they visit your site.

For example, if a certificate issued to “example.com” and issued by “Intermediate CA1”, and the visiting web browser trusts “Root CA”, trust may be established in the following manner:

Certificate 1 – Issued To: example.com; Issued By: Intermediate CA 1
Certificate 2 – Issued To: Intermediate CA 1; Issued By: Intermediate CA 2
Certificate 3 – Issued To: Intermediate CA 2; Issued By: Intermediate CA 3
Certificate 4 – Issued To: Intermediate CA 3; Issued By: Root CA

The visiting web browser trusts “Root CA”, and a secure connection can now be established. Since this process is often called “certificate chaining,” intermediate CA certs are sometimes called “chained certificates”. For enhanced security purposes, most end user certificates today are issued by intermediate certificate authorities. -source

For more info have a look at the following links:

Certificate authorities

Public-key cryptography

Cryptography stubs