Hi, > > I am new to SSL/TLS Certificates. Please help me understand what is the > > difference between ROOT CA Certs and Intermediate Certs or Chain Certs. I > > will appreciate if i can refer to some books or tutorials to know about > > SSL/TLS technology. > > The closest thing you'll probably encounter in the real world to a digital > certificate is a diploma or degree from an educational institution.
and to take this anaology to the final step.... University of Cambridge is the Root - you know and trust..... other Universities and Technical colleges are roots too - you know and trust them (your certificate store/keychain will be full of trusted Roots) - however, other orgs can hand out degrees too...these are affiliated to the main (root) CAs and have a lot of rules/checks/balances.... so, john smith, Degree from College of Town, underwritten by University of Foo you trust Foo....so you then trust College of Town.... which means you trust the degree John holds. College of Town is, in this case, an intermediate Certificate. alan ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org