An intermediate certificate is a certificate authority certificate that sits between a root and end-entity certificates in a trust chain. It matters because delegated issuance helps protect root keys and makes certificate management more practical at scale.
What is Intermediate Certificate?
Instead of issuing all certificates directly from a root, organizations commonly use intermediate certificates to handle routine issuance. This reduces exposure of root keys and allows more flexible operational separation while preserving chain-based trust validation.
What Intermediate Certificate Commonly Supports
Common uses include safer CA hierarchy design, delegated certificate issuance, public TLS ecosystems, and internal enterprise PKI operations.
Intermediate Certificate vs. Root Certificate
A root certificate is the ultimate trust anchor. An intermediate certificate inherits trust from the root and then issues or signs lower-level certificates.
Frequently Asked Questions
Why use intermediates?
Because they reduce direct root-key exposure and make PKI operations more manageable.
Can a chain have more than one intermediate?
Yes. Some environments use multiple intermediate layers for policy or operational reasons.
Related Cybersecurity Terms
