Explanation certificates

Dear Readers,

I am struggling understanding Certificates in the TLS protocol. I have read about 4 certificates.

The 4 certificates:

  • Client certificate
  • Server certificate
  • Root certificate
  • Intermediate certificate

I want to know how they relate to each other. Can someone clarify that for me?

Thank you.

Clients certificates you can ignore for 99% of cases. Those aren’t used in standard HTTPS where just an encrypted connection is required.

Root certificates are the certificates which are fully trusted by the client, such as the browser. Your browser has a big collection of trusted root certificates. Root certificates are “self signed”: the cert is signed with the private key which corresponds with the public key in the same certificate.

Certificates in general contain public keys. Public keys are a part of a public/private key pair. With the “coupled” private key, other certificates can be signed. Root certificates mostly sign intermediate certificates. This is because of security. If one would use intermediate certificates to sign the “server certificate” and somehow the key used to sign those cert would be leaked, you’d have to revoke the certificate. That would be a big problem if that cert would be a root cert, because then a new root cert would need to be included in all the browsers again. When you use a intermediate cert, the damage would be smaller.

Server certificates are simply the “end” certificate you’d install on your server.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.