As well as issuing SSL Certificate, a Trusted Root CA certificate can also be used to create another certificate, which in turn will then be used to issue SSL Certificates. This can be seen from the example certificate shown below. The majority of SSL certificates in use around the world are Chained Certificates, also referred to as Intermediate Certificates.
As the Intermediate Certificate is issued by the Trusted Root CA, any SSL Certificates issued by the Intermediate Certificate inherits the trust of the Trusted Root – effectively creating a certification chain of trust.
Who uses an Intermediate Certificate? Some of the largest organizations in the world use SSL Certificates that have been issued this way. In many cases the chaining is not limited to a single intermediate. As is the case with the example certificate below, there are 3 intermediate certificates.
Are there any known problems with the use of Intermediate Certificates?
No. All web browsers developed after Internet Explorer 3 and Netscape 3 use SSL version 3 as standard. The previous versions SSL V2.0 and V1.0 had inherent security flaws meaning their usage has been virtually eliminated.
Are there any problems with the installation of Intermediate Certificates?
No. The process of installing an intermediate certificate (If even necessary, as upgrades from one year to the next do not require the intermediate to be re-installed a second time) on to a web server is exactly the same as installing the end SSL certificate itself and takes only 30 seconds to a minute – certainly not worth paying a premium for!