Hey everyone, another question on certificate chains...
When a site applies for an ssl certificate, do they have to apply to a root CA? or can they apply to a root, or one of the many smaller CA companies? Then once they obtain a cert from that smaller CA, the company gets it's cert signed by a real root? Is evidence of this, when you look at the certificate viewer in a browser and it says something like
Quote:
VERISIGN CLASS C ROOT CA
SomeSmallerCA inc.
example.com
The company, example.com applied for their cert at SomeSmallerCA, inc, which in turned got it's cert signed by Verisign?
Now if I see something like :
Quote:
VERISIGN CLASS C ROOT CA
VERISIGN CLASS C EXTENDED VAL.
example.com
The above means that the company, example.com applied directed to the root CA, but they then signed their main cert with an intermediary cert?
So one is a bottom up application and the other is a top down application process? Can there be a mixture of both? Where you apply to a smaller company which goes up to a root, but the root signs an intermediary, before then finally signing to the smaller CA?
Thanks!