How To Distinguish Between A Root Certificate And An Intermediate Certificate

book

Article ID: 49457

calendar_today

Updated On:

Products

CA Cleanup CA Datacom CA DATACOM - AD CA CIS CA Common Services for z/OS CA 90s Services CA Database Management Solutions for DB2 for z/OS CA Common Product Services Component CA Common Services CA Datacom/AD CA ecoMeter Server Component FOC CA Easytrieve Report Generator for Common Services CA Infocai Maintenance CA IPC Unicenter CA-JCLCheck Common Component CA Mainframe VM Product Manager CA Chorus Software Manager CA On Demand Portal CA Service Desk Manager - Unified Self Service CA PAM Client for Linux for zSeries CA Mainframe Connector for Linux on System z CA Graphical Management Interface CA Web Administrator for Top Secret CA CA- Xpertware CA Top Secret CA Top Secret - LDAP CA Top Secret - VSE

Issue/Introduction

Description:

How can one distinguish between a Root certificate and an intermediate certificate?

Solution:

If you list the certificates, you will see a subject distinguished name (SDN) and an issuer distinguished name (IDN). If the issuer distinguished name and subject distinguished name are not the same, then the certificate is signed. If a certificate is signed, the issuer distinguished name will indicate who signed it.

An intermediate certificate is a root certificate that has been signed by another root certificate. The issuer distinguished name of the intermediate root certificate will show who signed it.

If the IDN and SDN are the same and the certificate is on the CERTAUTH acid, it is the root certificate.

If the IDN and SDN are not the same, and there is a
CERTIFICATE WAS SIGNED BY: ACID(xxx) DIGICERT(yyy)
that is the intermediate certificate.

And the CA signing certificate is the '(yyy)' in the
CERTIFICATE WAS SIGNED BY: ACID(xxx) DIGICERT(yyy).

The root certificate is not signed. If it was signed, then it would be an intermediate root. A root certificate is self signed, in other words, not signed by another certificate. The root is the end of the certificate chain. Just like a metal chain, there is an end. The link at the end is the root. The rest of the links are intermediate.

Environment

Release:
Component: AWAGNT