The Difference Between Root Certificates and Intermediate Certificates.pdf

This preview shows page 1 - 3 out of 13 pages.

2/17/2020 The Difference Between Root Certificates and Intermediate Certificates 1/13 Most Viewed Latest Most Commented Your email address SUBSCRIBE About Us Resource Library Write for Hashed Out Shop The Difference Between Root Certificates and Intermediate Certificates That end user SSL certificate is only one part of a certificate chain. Let’s talk about intermediate and root CA certificates for a few minutes. SSL (or more accurately, TLS) is a technology that most end users know little to nothing about. Even the people acquiring it typically don’t know much beyond the fact they need an SSL certificate, and they have to install it on their server to serve their website via HTTPS. That’s why when you start mentioning Intermediate certificates and CAs and Root certificates and CAs most people’s eyes start to glaze over, which makes it a topic you should probably stay away from on a first date (certificate chains are more of a fourth or fifth date conversation). But given that SSL is kind of our thing, and because we get asked a lot of questions about them, today we’re going to delve into certificate chains, intermediates and roots. It may seem like a lot at first, but hopefully by the end of this article it will seem pretty straightforward. So without further ado, let’s hash it out. ( 21 votes, average: 5.00 out of 5) The Difference Between Root Certificates and Intermediate Certificates FACEBOOK TWITTER GOOGLE + LINKEDIN MAIL June 26, 2019 26
2/17/2020 The Difference Between Root Certificates and Intermediate Certificates 2/13 What is a Root Program? The root certificate, often called a trusted root, is at the center of the trust model that undergirds Public Key Infrastructure, and by extension SSL/TLS. Let’s start by discussing root programs and work our way out from there. Every device includes something called a root store. A root store is a collection of pre-downloaded root certificates (and their public keys) that live on the device itself. Generally, the device will use whatever root store is native to its OS, otherwise it might use a third-party root store via an app like a web browser. There are several major root programs of note: Microsoft Apple Google Mozilla Apple users, both macOS and iOS, rely on the Apple root store, likewise for Microsoft users and its root store. Android uses Google’s. And the Mozilla suite of products uses its own proprietary root store. The root programs run under extremely strict guidelines. In addition to the regulations and restrictions put forth by the CA/B Forum’s Baseline Requirements, some root programs – for instance, Mozilla’s – add even more stringent requirements on top. The reason for this is simple: trust.

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture