https://community.cisco.com/t5/application-networking/intermediate-ssl-certificate/m-p/1918324#M37018 <P><SPAN style="font-family: tahoma,arial,helvetica,sans-serif;">Hi Guys,</SPAN></P><P></P><P><SPAN style="font-family: tahoma,arial,helvetica,sans-serif;">Can anyone please explain what is an intermediate SSL certificate and if it has got anything do with the configuration of Chaningroup in ACE</SPAN></P><P></P><P><SPAN style="font-family: tahoma,arial,helvetica,sans-serif;">What is the use of an intermediate SSL certificate ?</SPAN></P><P></P><P><SPAN style="font-family: tahoma,arial,helvetica,sans-serif;">CF</SPAN></P> Sun, 08 Apr 2012 13:27:29 GMT Cisco Freak 2012-04-08T13:27:29Z https://community.cisco.com/t5/application-networking/intermediate-ssl-certificate/m-p/1918324#M37018 <P><SPAN style="font-family: tahoma,arial,helvetica,sans-serif;">Hi Guys,</SPAN></P><P></P><P><SPAN style="font-family: tahoma,arial,helvetica,sans-serif;">Can anyone please explain what is an intermediate SSL certificate and if it has got anything do with the configuration of Chaningroup in ACE</SPAN></P><P></P><P><SPAN style="font-family: tahoma,arial,helvetica,sans-serif;">What is the use of an intermediate SSL certificate ?</SPAN></P><P></P><P><SPAN style="font-family: tahoma,arial,helvetica,sans-serif;">CF</SPAN></P> Sun, 08 Apr 2012 13:27:29 GMT https://community.cisco.com/t5/application-networking/intermediate-ssl-certificate/m-p/1918324#M37018 Cisco Freak 2012-04-08T13:27:29Z https://community.cisco.com/t5/application-networking/intermediate-ssl-certificate/m-p/1918325#M37019 <HTML><HEAD></HEAD><BODY><P>Hi CF,</P><P></P><P>End entity certificates chained to an intermediate certificate&nbsp; represent the highest possible security solution for Certification&nbsp; Authorities and therefore their customers.&nbsp; There exists a very small&nbsp; possibility, consistent amongst all certification authorities, that the&nbsp; certificate used to sign end entity certificates could be compromised.&nbsp; The signing process itself mandates that the signing certificate must be&nbsp; accessible in order to perform the signing operation.&nbsp; In the case of&nbsp; an intermediate certificate, the corresponding root certificate is&nbsp; secured/locked away, eliminating the possibility of it being compromised&nbsp; by daily signing processes.&nbsp; End entity certificates directly signed by&nbsp; root certificates (i.e. no intermediate protection) provide no recourse&nbsp; should the root certificate itself become compromised. If an&nbsp; Intermediate were to be compromised then new intermediates could be&nbsp; created and new end entity certificates could be issued. </P><P></P><P>Once a&nbsp; root itself is compromised there is no solution or replacement strategy.&nbsp;&nbsp; It is therefore considered industry best practice to use intermediate&nbsp; certificates. </P><P></P><P>Courtesy : WhichSSL</P><P></P><P></P><P>Now coming to ACE , we need to configure the certificate chain group , to allocate all the root certificates , if we miss one of the root certificate in the chain group , end user will be getting the certificate warning.</P><P></P><P>So it is complusory we shold configure the chaingroup will all the root certificate assosicated with the Intermediate certificate.</P><P></P><P>HTH,</P><P></P><P>PMD</P></BODY></HTML> Sun, 08 Apr 2012 14:35:05 GMT https://community.cisco.com/t5/application-networking/intermediate-ssl-certificate/m-p/1918325#M37019 parveesm123 2012-04-08T14:35:05Z https://community.cisco.com/t5/application-networking/intermediate-ssl-certificate/m-p/4009250#M51168 <P>Basically, there is a chain of certificates is required for a browser to show the secured domain. This could run to many lines if we had to make you understand here. Read this detailed and easy explanation of <A href="https://www.https.in/blog/ssl-certificate-chain/" target="_blank" rel="noopener">SSL certificate chain</A>&nbsp;</P> Fri, 10 Jan 2020 06:43:38 GMT https://community.cisco.com/t5/application-networking/intermediate-ssl-certificate/m-p/4009250#M51168 httpsIndia50866 2020-01-10T06:43:38Z