Intermediate Certificates


This article applies to:

  • All R3000 filtering Units

Question:

  • What are the advantages of an intermediate certificate?

Information:

The first advantage of using intermediate certificates is enhanced security of the root certificate private key.  If a root certificate is used to issue certificates on a daily basis then the corresponding private key of the root certificate must also loaded and available on the Certificate Authority Server(s) constantly.  On the other hand, if instead an intermediate certificates is used to issue certificates on a daily basis then the private key of the root certificate can be removed from the CA Server and stored in off-line media that is not vulnerable to compromise by hackers.    For this reason, most major CAs have adjusted their certificate structures so that the majority of their certificates are being issued using intermediate certificates.


The second advantage of using intermediate certificates is enhanced backward compatibility.  For example, you may have heard of the new EV SSL certificates that are being offered by many of the Major CAs.  EV certificates are issued in accordance with the highest SSL certificate standards available.  All of these certificates are issued from new root certificates.  Through the use of intermediate certificates, CAs are able to improve the compatibility of their EV certificates with older browsers through a process known as cross-signing.  You will find that all EV certificates utilize intermediate certificates.

Notes:

Special thanks to Christopher Skarda for submitting this article


Last Modified 6/22/2009.
https://support.trustwave.com/kb/KnowledgebaseArticle12797.aspx