0

I have a reading about SSL certificates and its happening. I have read that the CA signs the certificate and also gives the private key to the web server. The doubt arises when intermediate certificates come into play.

If an intermediate certificates signs for the web server, does it mean that they provide the private key for the web server?

Am I missing out anything in this?

Keshav
  • 47
  • 1
  • 7
  • 1
    No you haven't. You have read that the CA signs the CSR and provides the signed certificate and a certificate chain to the CSR submitter. *Nobody* provides the private key for the web server. It provides its own private key, from which the CSR is manufactured, and therefore the signed certificate. 'Intermediate certificates signs for the web server' is meaningless. Off topic. – user207421 Jan 04 '18 at 09:05
  • I got it, Thank you anyway! My bad, I misunderstood! – Keshav Jan 04 '18 at 13:20

1 Answers1

1

The CA does NOT provide the private key - if it did it would not be private anymore since the CA would know it. When applying for a certificate YOU generate a public/private key-pair and send the public key to the CA in a certificate signing request and the CA (whether it is a root or intermediate CA) generates a certificate that this public key is actually yours.

piet.t
  • 11,718
  • 21
  • 43
  • 52