Root Certificate vs. Intermediate Certificates: Learn the Difference Among the Two
Leaf SSL/TLS Certificate Installed on the Website Is a Small Part of a Certificate Chaining
Likewise, many are not even bothered about knowing the difference between the root certificates and intermediate certificates. But, if you’re one of those who likely gong to install your purchased SSL/TLS Certificate on your own, then it’s recommended that you go through this article and learn what’s certificate chains, and the difference among root certificates vs. intermediate certificates.
So, without delaying it further, let’s get into it.
If you’re installing an SSL/TLS Certificate on your own, and you’re a first-timer, then it’s not new that you may get surprised for a moment apart from the installation process, mainly because the ZIP archive folder which you receive in an email from the CA, consists of different SSL files.
Moreover, the file received by the CA via email includes the server certificate, which is specifically for your domain, and the other is the intermediate certificate, which helps you link your server’s certificate with the CA’s root certificate.
Also, if you’re thinking that these server certificates, root certificates, intermediate certificates, the chain of trust are getting onto your nerves, then go through this article, and you’ll learn about these certificates along with other things such as difference among the root certificates and intermediate certificates while learning what makes it so crucial for the working of the SSL/TLS. But, before jumping into these, let’s first look into the chain of trust and then the whole picture.
What’s SSL Chain of Trust?
Moreover, all the certificates in the chain, namely, end-entity, intermediate, and root certificate must be trusted appropriately. And, these three parts together are known as the chain of trust.
Here’s the below image showing the working of the chain of trust:
For instance, here’s the Certificate chain of http://aboutssl.org/,
What’s a Root Certificate?
Also, these end-user or leaf SSL certificates, which are installed on the website, have a validity period of two years and, the root certificates have much longer. For example, take a look at the validity period of DigiCert’s EV root certificate.
What’s an Intermediate Certificate?
Furthermore, these Intermediate certificates work as a “Chain of Trust” between the root certificate and an end-entity SSL/TLS certificate.
Also, in Windows OS, separate tabs are kept, such as Trusted Root certificate authorities and intermediate certificate authorities which can be found in an account console of local computer like below:
Root Certificates vs. Intermediate Certificates: Here’s the Difference
Also, it doesn’t have roots in the browser’s trust stores, but the intermediate roots chain backs to a trusted third-party root. It’s also known as cross-signing.
Besides, Root CAs do not issue any SSL certificate directly from their roots. Instead, they add an additional layer of security by issuing intermediates and then further sign certificates using those issued intermediates, which helps in avoiding any damage due to mis-issuance or security threat.
So, in turn, if the revocation has to be done, there won’t be any need to revoke root certificates, and the revocation of intermediate can help solve the issue, as it’ll distrust all the related intermediates.