Recent content by Pegasi

This isn't true, or at least isn't true with a correctly configured CA. Look at your trusted CA store on your machine, how many intermediates do you notice in there versus how many sites and CAs use (many different) intermediates? Yes they do, again that's kind of the point of a certificate...

That's still not true, and is the point they're making. The only certificate that the client need trust explicitly is the root CA. Then, when a server presents a full certificate chain, the intermediate shows as being signed by the root, which the client trust, therefore the intermediate is...