Root Certificates vs. Intermediate Certificates Explained
Vložit
- čas přidán 12. 06. 2024
- What is the difference between Root Certificates and Intermediate Certificates? What are trust stores and certificate chains? Venafi Ecosystem Architect Paul Cleary explains everything you need to know!
Want to learn more? Check out the Venafi blog: bit.ly/3GTcOEn - Věda a technologie
awesome explanation!
Very well stated. Good stuff!
Very good explanation.
👍
So, you have the root cert in a generator and from that it stems? then every next one is in its own gen that stems too? Each had their own set permissions of limitations?
Well done. Liked and subscribed.
So is the chain of trust followed up the web server’s intermediate(s) and root installed certificates? Some descriptions sound like the browser is following the certificate chain on the client (browser)
Thanks for your question! In short, you are correct that the browser is responsible for establishing the chain of trust. To verify a certificate, a browser will obtain a sequence of certificates, each one having signed the next certificate in the sequence, connecting the signing CA’s root to the server’s certificate. For more details, check out this Venafi blog post: www.venafi.com/blog/how-does-browser-trust-certificate?
Awesome, just need some diagrams for us bad listeners
Someone told me that roots cas are powered off and offline . How can it validate back up to the root of this is the case.
Thanks for your great question! You are correct that for security purposes, the root CA is powered off and offline, and is inaccessible whenever it’s not performing a signing operation on a subordinate CA certificate (aka 99% of the time). That being said, the PUBLIC portion of the Root CA certificate is included in the subordinate CA, plus any end-entity certificate signed by the SubCA. This means validation can continue happening even when the Root CA and/or Intermediate (aka Subordinate) is offline!
@@VenafiCo great. Thanks. I'm organization uses venafi and I just started using it daily and I'm trying to learn as much as possible .
@@VenafiCo Thanks very much for the question and the detailed answer. That helped me understand the concept for my company TLS Root plan as well!
ca we directly certify by root CA removing intermediate certificate
I just happened to get into root certificate and found China Financial
PeŔfF€Ct
Good explanation.