This isn't true, or at least isn't true with a correctly configured CA. Look at your trusted CA store on your machine, how many intermediates do you notice in there versus how many sites and CAs use (many different) intermediates?
Yes they do, again that's kind of the point of a certificate...
That's still not true, and is the point they're making. The only certificate that the client need trust explicitly is the root CA.
Then, when a server presents a full certificate chain, the intermediate shows as being signed by the root, which the client trust, therefore the intermediate is...
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.