Root CA and Intermediate CA

This section describes the relation between a root CA and an intermediate CA and personal or server certificates issued by the intermediate CA.

After getting my PKI certificate issued by the root CA, CAcert.org, can I become an intermediate CA to sign and issue certificates for other servers and individuals?

The answer is yes in theory as shown in this diagram:

PKI CA Administration
PKI CA Administration

The diagram shows you that:

With the private-public key pair and the personal certificate, Amy or Bob can now use PKI enabled applications to perform security related tasks, like adding digital signatures to emails or documents.

With the private-public key pair and the server certificate, www.abc.com or www.xyz.com can now use PKI enabled communication protocols to perform secure transactions, like offering HTTPS based Web sites.

See next sections for tutorial examples on how to issue server and personal certificates.

Last update: 2011.

Table of Contents

 About This Book

 Introduction of PKI (Public Key Infrastructure)

 Introduction of HTTPS (Hypertext Transfer Protocol Secure)

 Using HTTPS with Google Chrome

 Using HTTPS with Mozilla Firefox

 HTTPS with IE (Internet Explorer)

 Perl Scripts Communicating with HTTPS Servers

 PHP Scripts Communicating with HTTPS Servers

 Java Programs Communicating with HTTPS Servers

 Windows Certificate Stores and Console

 .NET Programs Communicating with HTTPS Servers

 CAcert.org - Root CA Offering Free Certificates

PKI CA Administration - Issuing Certificates

Root CA and Intermediate CA

 Requesting and Signing Personal Certificate

 Generating a Private-Public Key Pair for Amy

 Generating a CSR (Certificate Signing Request)

 Verifying Requester's Email Address

 Exporting a Private Key from a KeyStore File

 Signing a CSR into a Certificate

 Importing Certificate Reply Back to KeyStore

 "bad decrypt:./crypto/evp/evp_enc.c:461" Error

 Requesting and Signing Server Certificate

 Comodo Free Personal Certificate

 Digital Signature - Microsoft Word

 Digital Signature - OpenOffice.org 3

 S/MIME and Email Security

 PKI (Public Key Infrastructure) Terminology

 Outdated Tutorials

 References

 Full Version in PDF/EPUB