What Is the Purpose of the Intermediate Certificate Authority in SSLs?

Home » Knowledge Base » SSL (Secure Sockets Layer) » What Is the Purpose of the Intermediate Certificate Authority in SSLs?

SSL certificates are, without a doubt, becoming more and more ubiquitous throughout the web. Not only do they allow you to secure visitors’ connections to your site, but they can also help you rank better in search results. As such, getting an SSL certificate is a no-brainer in most cases.

But when you do get your SSL certificate, you may be surprised to discover that there are actually three different parts to it – the SSL certificate itself, the Intermediate Certificate Authority (CA), and the Private Key. In this article, we will describe how an SSL works and we will focus on the purpose of the Intermediate Certificate Authority.

 

What Is an SSL Certificate?

SSL, which stands for Secure Sockets Layer, is a popular Digital Certificate. At the heart of every SSL certificate, you will find a set of cryptographic keys. These keys are different on each certificate and they uniquely represent the organization or person for whom the certificate is issued.

 

What Is the Purpose of an SSL Certificate?

The cryptographic keys in SSL certificates are commonly used to enable HTTPS on websites. Additionally, SSL certificates can confirm the identity of the domain where they are installed, thus preventing phishing attacks. SSL certificates have other uses as well, such as verifying that programs and documents have not been tampered with.

Clicking on the padlock icon in your browser address bar will allow you to view additional details for the SSL certificate that is being used.
Clicking on the padlock icon in your browser address bar will allow you to view additional details for the SSL certificate that is being used.

 

How Do SSL Certificates Work?

Each certificate is created by a trusted Certificate Authority. Before issuing the SSL, the Certificate Authority has the task of verifying the data submitted by the applicant. Once all data is confirmed to be correct and factual, a set of cryptographic keys is generated and the certificate is issued.

Most web browsers make it easy to spot the Certificate Authority that has issued the SSL certificate for a specific website.
Most web browsers make it easy to spot the Certificate Authority that has issued the SSL certificate for a specific website.

An SSL certificate’s security value is derived from two main factors: that the Certificate Authority that has issued the SSL is a trusted one and that the Certificate Authority has performed validity checks before issuing the certificate. As such, when you purchase an SSL certificate and install the SSL on your website, the Certificate Authority effectively vouches for the authenticity of your website.

Each Certificate Authority has its own certificate known as a Root CA certificate. This Root CA certificate is used during the creation of your SSL certificate. The Root CA certificates are trusted by most operating systems and web browsers and as such, your SSL certificate is also trusted by extension.

All major operating systems have a database of Root CA certificates that are implicitly trusted.
All major operating systems have a database of Root CA certificates that are implicitly trusted.

It is actually not common for a Certificate Authority to use its Root CA certificate to issue SSL and other end-user certificates. Instead, an additional layer of certificates is used. These additional certificates are called Intermediate Certificate Authority (CA) certificates.

 

What Is the Purpose of the Intermediate CA Certificate?

Intermediate CA certificates act as middlemen between the Root CA certificate and the certificates issued to end-users. All three types of certificates create a chain of trust: the web browser implicitly trusts the Root CA certificate, the Root CA certificate trusts the Intermediate CA certificate, and finally, the Intermediate CA certificate trusts the end-user’s SSL certificate.

In the screenshot you can see the chain of trust between the three types of certificates.
In the screenshot, you can see the chain of trust between the three types of certificates.

 

Why Is the Intermediate Certificate Authority Important?

The idea behind the Intermediate CA certificates is to add an extra layer of protection. This higher level of protection is achieved by not having to use the Root CA certificate to issue certificates for end-users. Instead, the Root CA certificate mainly issues Intermediate CA certificates, and these Intermediate CA certificates create SSLs for third-party organizations and individuals.

 

Is the Intermediate CA Certificate Mandatory?

While it is possible to upload a custom SSL certificate without including the Intermediate CA certificate, it is not recommended. As we have outlined above, the Intermediate CA certificate plays a vital role in the chain of trust between the Root CA certificate and your SSL certificate. By omitting the Intermediate CA certificate, you are breaking this chain of trust.

As a result, most web browsers and operating systems will not be able to recognize that your SSL certificate is coming from a legitimate Certificate Authority. To make matters worse, instead of loading the website, you will likely be presented with a warning message, such as the one shown below:

When you break the chain of trust, web browsers can no longer guarantee that the SSL originates from a trusted source.
When you break the chain of trust, web browsers can no longer guarantee that the SSL originates from a trusted source.

 

Conclusion

The inclusion of the Intermediate Certificate Authority, although optional, is highly recommended for all website owners. Without the Intermediate Certificate Authority, not all web browsers will recognize the installed SSL certificate as a legitimate one and will display messages discouraging visitors from proceeding to your website.

If you would like to ensure that your SSL is using the Intermediate Certificate Authority, you can contact our 24/7 Technical Support Team for assistance. The only requirements are that you need to be using one of our premium shared hosting plans and that you need to have an active SSL certificate on your domain name.

Was this post helpful?

i

Relevant tags:

Connect

Latest posts:

How to Install a MediaWiki Skin

In MediaWiki, skins determine the visual appearance of your wiki website. Skins define how content is presented to users and include such settings for the overall website layout, typography, color scheme, and more. By default, when you install MediaWiki, the platform...

How to Create a Page in MediaWiki

Creating pages in MediaWiki is а core feature that allows you to add content to your MediaWiki website. Whether you are adding details for a project, contributing to a knowledge base, or anything else, learning how to create a page in MediaWiki is crucial for your...

How to Install MediaWiki Extensions

Now that you have installed MediaWiki and learned how to log in to the CMS, it is time to extend MediaWiki's functionality via extensions. MediaWiki extensions are sets of files that add various types of functionality to your MediaWiki website. You can use extensions...

How to Log In to MediaWiki

After you install MediaWiki, it is time to log in to the platform, so you can start working on your new MediaWiki website. To log in, you must open the MediaWiki login page and enter your credentials. Doing so will open the platform’s admin panel. In the following...

How to Install MediaWiki

You can quickly install MediaWiki on any of the AwardSpace web hosting plans. This includes our free web hosting, shared hosting, as well as advanced services such as semi-dedicated hosting and VPS hosting. You can install MediaWiki in a matter of minutes, whichever...



Create a website for free!


Free forever

Our Support Team is Here to Help

 

If you need any questions answered, don't hesitate and contact us. Click the button below and follow the instructions. You can expect an answer within an hour.

 

Contact AwardSpace

 

iNewest knowledge base articles

How to Install a MediaWiki Skin

In MediaWiki, skins determine the visual appearance of your wiki website. Skins define how content is presented to users and include such settings for the overall website layout, typography, color scheme, and more. By default, when you install MediaWiki, the platform...

How to Create a Page in MediaWiki

Creating pages in MediaWiki is а core feature that allows you to add content to your MediaWiki website. Whether you are adding details for a project, contributing to a knowledge base, or anything else, learning how to create a page in MediaWiki is crucial for your...

How to Install MediaWiki Extensions

Now that you have installed MediaWiki and learned how to log in to the CMS, it is time to extend MediaWiki's functionality via extensions. MediaWiki extensions are sets of files that add various types of functionality to your MediaWiki website. You can use extensions...

How to Log In to MediaWiki

After you install MediaWiki, it is time to log in to the platform, so you can start working on your new MediaWiki website. To log in, you must open the MediaWiki login page and enter your credentials. Doing so will open the platform’s admin panel. In the following...

How to Install MediaWiki

You can quickly install MediaWiki on any of the AwardSpace web hosting plans. This includes our free web hosting, shared hosting, as well as advanced services such as semi-dedicated hosting and VPS hosting. You can install MediaWiki in a matter of minutes, whichever...

How to Install an Elgg Theme

After you have installed Elgg core and logged in to the admin dashboard, you can search for themes that can help you customize your new website. Elgg themes are a set of files that help you customize the appearance of your website. Via themes, you can modify website...

Even more web tutorials

Check out our web hosting knowledge base and the WordPress tutorials to learn more, and be better prepared for your website creation and maintenance journey.