A breakdown of this intermediate certificate and how it’s used
One of the main reasons we use SSL certificates is to identify the entity… err, website that you’re connecting to. The way this is done is called PKI or public key infrastructure. When you first connect to a website, your browser examines its certificate. One of the ways it makes sure the certificate is legitimate is by following what’s called a certificate chain.
GeoTrust RSA CA and Where Intermediates Fall in the Certificate Chain
Certificate authorities (CAs), the organizations that issue certificates, do this on a technical level using what are called “root” certificates. These are a special kind of digital certificate that can issue other digital certificates. These root certificates are part of a “root store” that literally lives on your device. Anytime a certificate is presented, your device needs to be able to link it back to one of those roots.
The problem is that issuing certificates directly off those roots is dangerous, so CAs instead issue intermediate roots and use those to issue certificates to websites. Those intermediate roots are part of the certificate chain, but they don’t reside on anyone’s device. This means you need to install a copy of the intermediate root along with your SSL certificate to complete the chain.
It’s important to note that some browsers and devices do cache intermediate certificates in case one isn’t present when they try to connect to a site. This is why it’s important, as a matter of best practice, to always install any intermediates that are included with your SSL certificate — regardless of whether they come from a GeoTrust RSA CA or another certificate authority.
Save Up to 82% on GeoTrust SSL Certificates
Protect a website (or set of domains) in a few minutes with a DV, OV, or EV validated SSL certificate.