> From: owner-openssl-us...@openssl.org [mailto:owner-openssl- > us...@openssl.org] On Behalf Of Mr.Rout > > 1) what is intermediate certificate validation ?
When you generate a CSR, the CA can sign it directly, or they can sign it via an intermediate. I'm not quite sure what's the point of the intermediate, but the root CA signs the intermediate, and the intermediate signs the CSR. I think this allows for varying levels of trust - If you're using a cheap or free root CA, you probably just have a really low level of verification. You were able to read an email they sent to somebody presumed to be authoritative for that domain or whatnot. > 2) Is it required to keep chained certificate or End user certificate at > Server Side Generally, if your server cert is signed via intermediate, your server will need the server cert + the root cert + the intermediate. > 3) How to generate intermediate certificate using Openssl command ? If you are self-signing your certs, I think you probably want to skip the intermediate, and just sign directly with your root. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
