What is an Intermediate SSL Certificate? When is it used?
If you're looking for How to Upload SSL Certificates, see SSL Workflow: How to Upload SSL Certificates, Create SSL Profiles, and Add SSL Profiles to Proxy
- Silverline WAF
- Proxy / Proxies
- SSL Certificates
- SSL Profiles
More info: http://en.wikipedia.org/wiki/Intermediate_certificate_authorities
If the certificate was not issued by a trusted CA, the connecting device (e.g., a web browser) will then check to see if the certificate of the issuing CA was issued by a trusted CA, and so on until either a trusted CA is found (at which point a trusted, secure connection will be established) or no trusted CA can be found (at which point the device will usually display a warning).
To facilitate this process of verifying a "chain" of trust, every certificate includes the fields "Issued To" and "Issued By". An intermediate CA will show different information in these two fields, showing a connecting device where to continue checking, if necessary, in order to establish trust.
Root CA's, on the other hand, are "Issued To" and "Issued By" themselves, so no further checking is possible or necessary in order to establish trust (or lack thereof).
For example, if a certificate issued to "example.com" and issued by "Intermediate CA1", and the visiting web browser trusts "Root CA", trust may be established in the following manner:
- Certificate 1, inserted in the first Cert text box - Issued To: example.com; Issued By: Intermediate CA 1
- Certificate 2, inserted in 2nd Intermediate text box - Issued To: Intermediate CA 1; Issued By: Intermediate CA 2
- Certificate 3, inserted in 3rd to Nth Intermediate text box - Issued To: Intermediate CA 2; Issued By: Intermediate CA 3
- Certificate 4, inserted in last Intermediate text box - Issued To: Intermediate CA 3; Issued By: Root CA
The visiting web browser trusts "Root CA", and a secure connection can now be established. Since this process is often called "certificate chaining," intermediate CA certs are sometimes called "chained certificates". For enhanced security purposes, most end user certificates today are issued by intermediate certificate authorities.
Installing an intermediate CA signed certificate on a web server or load balancer usually requires installing a bundle of certificates.
Below is the method for verifying the different certs:
The Root CA