Intermediate certificate authorities

From Wikipedia, the free encyclopedia

Contents 1 Two types of Certificate Authorities 2 Intermediate Certificate Authority verification process 3 Intermediate Certificate Authority certificate installation 4 Intermediate Certificate Authorities

[edit] Two types of Certificate Authorities

There are two types of Certificate authorities (CAs). There are Root CAs and Intermediate CAs. A certificate signed by a Root CA is implicitly trusted by most web browsers. An certificate signed by an Intermediate CA may not be implicitly trusted by most web browsers. Intermediate CA certs are sometimes called "chained root certificates". An Intermediate CA signed certificate often costs significantly less than a Root CA signed certificate.

[edit] Intermediate Certificate Authority verification process

To verify an Intermediate CA signed certificate the web browser has to verify both the certificate of the site in question against the Intermediate CA and the browser has to verify the certificate of the Intermediate CA against a Root CA. This requires an extra trip for the browser, but once the SSL session is started there is no performance penalty beyond the initial CA verification.

[edit] Intermediate Certificate Authority certificate installation

Installing an Intermediate CA signed certificate on a web server or load balancer usually requires installing a bundle of certificates (one for the server against the Intermediate CA and one of the Intermediate CA against a Root CA).

[edit] Intermediate Certificate Authorities

• GlobalSign
• Comodo
• DigiCert
• DigiSign
• Enterprise SSL
• Go Daddy
• InstantSSL
• ipsCA
• LiteSSL
• PositiveSSL
• Starfield Technologies
• XRamp Technologies