Unix/Linux Go Back    

Security Discuss UNIX and Linux computer and network security, cyber security, cyber attacks, IT security, and more.

Another Certificate question


Thread Tools Search this Thread Display Modes
Old Unix and Linux 08-02-2014   -   Original Discussion by Lost in Cyberia
Lost in Cyberia's Unix or Linux Image
Lost in Cyberia Lost in Cyberia is offline
Registered User
Join Date: Jun 2013
Last Activity: 14 September 2016, 6:27 PM EDT
Posts: 58
Thanks: 5
Thanked 0 Times in 0 Posts
Another Certificate question

Hey everyone, another question on certificate chains...

When a site applies for an ssl certificate, do they have to apply to a root CA? or can they apply to a root, or one of the many smaller CA companies? Then once they obtain a cert from that smaller CA, the company gets it's cert signed by a real root? Is evidence of this, when you look at the certificate viewer in a browser and it says something like
SomeSmallerCA inc.

The company, example.com applied for their cert at SomeSmallerCA, inc, which in turned got it's cert signed by Verisign?

Now if I see something like :

The above means that the company, example.com applied directed to the root CA, but they then signed their main cert with an intermediary cert?

So one is a bottom up application and the other is a top down application process? Can there be a mixture of both? Where you apply to a smaller company which goes up to a root, but the root signs an intermediary, before then finally signing to the smaller CA?


Last edited by rbatte1; 08-04-2014 at 07:38 AM.. Reason: Added QUOTE tags
Sponsored Links
Old Unix and Linux 08-05-2014   -   Original Discussion by Lost in Cyberia
Perderabo's Unix or Linux Image
Perderabo Perderabo is offline Forum Advisor  
Unix Daemon (Administrator Emeritus)
Join Date: Aug 2001
Last Activity: 26 February 2016, 12:31 PM EST
Location: Ashburn, Virginia
Posts: 9,930
Thanks: 63
Thanked 471 Times in 271 Posts
In the first case, Verisign has given a certificate to SomeSmallerCA. If you trust Verisign, you can be sure that you are talking to SomeSmallerCA. This does not mean that Verisign assures you that SomeSmallerCA knows what they are doing. So in the first example you have to trust that SomeSmallerCA has verified that example.com is who they say they are. The Verisign certificate only guarantees that you are talking to SomeSmallerCA.

In the second example Verisign is saying that they did an extended validation. There are two levels of validation and "extended" is the better of the two. I'm not sure of the details.
Sponsored Links

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Linux More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
question about certificate for domain programAngel Security 0 01-17-2012 08:24 AM
curl certificate error Anjan1 Shell Programming and Scripting 5 01-10-2011 10:05 PM
SSL certificate majid.merkava Security 1 01-07-2011 08:31 PM
SSL certificate netxus Web Programming 1 10-07-2009 12:57 AM
Unix Certificate afuzile Forum Support Area for Unregistered Users & Account Problems 1 02-22-2006 07:17 AM

All times are GMT -4. The time now is 01:48 PM.