> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of Kaushal Shriyan
>
> I am new to SSL/TLS Certificates. Please help me understand what is the
> difference between ROOT CA Certs and Intermediate Certs or Chain Certs. I
> will appreciate if i can refer to some books or tutorials to know about
> SSL/TLS
> technology.
I don't know how you learn about SSL/TLS, other than (a) reading the internet,
and working on it a lot, (b) taking some courses on general cryptography (there
is a free online course at coursera.com, which is quite good.) and (c) the
thing that I actually found the most useful, a general book on cryptography
called Cryptography Engineering, by Bruce Schneier, Niels Ferguson, Tadayashi
Kohno.
The root cert is self signed (so it is signed by itself.) The intermediate
cert is signed by the root cert. And your leaf cert is signed by the
intermediate.
A client who receives the cert chain (the root, intermediate, and leaf) can
follow a process to (1) verify that the leaf cert is not corrupted, and that
the intermediate cert has verified it. (b) verify that the intermediate cert
is not corrupted, and that the root cert has verified it, and that the
intermediate cert is in fact authorized by the root cert to perform the
authorization of the leaf cert. and (c) verify that the root cert is among the
list of certs that the client "trusts."
How and why do you trust any root certs? Generally they're built-in to your OS
or your browser, so you're just blindly trusting that those guys know what
they're doing.
:��I"Ϯ��r�m�����
(����Z+�K��+����1���x���h����[�z�(����Z+����f�y���������f���h��)z{,���
