Can anyone please explain what is an intermediate SSL certificate and if it has got anything do with the configuration of Chaningroup in ACE
What is the use of an intermediate SSL certificate ?
End entity certificates chained to an intermediate certificate represent the highest possible security solution for Certification Authorities and therefore their customers. There exists a very small possibility, consistent amongst all certification authorities, that the certificate used to sign end entity certificates could be compromised. The signing process itself mandates that the signing certificate must be accessible in order to perform the signing operation. In the case of an intermediate certificate, the corresponding root certificate is secured/locked away, eliminating the possibility of it being compromised by daily signing processes. End entity certificates directly signed by root certificates (i.e. no intermediate protection) provide no recourse should the root certificate itself become compromised. If an Intermediate were to be compromised then new intermediates could be created and new end entity certificates could be issued.
Once a root itself is compromised there is no solution or replacement strategy. It is therefore considered industry best practice to use intermediate certificates.
Courtesy : WhichSSL
Now coming to ACE , we need to configure the certificate chain group , to allocate all the root certificates , if we miss one of the root certificate in the chain group , end user will be getting the certificate warning.
So it is complusory we shold configure the chaingroup will all the root certificate assosicated with the Intermediate certificate.
Basically, there is a chain of certificates is required for a browser to show the secured domain. This could run to many lines if we had to make you understand here. Read this detailed and easy explanation of SSL certificate chain