What is an intermediate certificate?

The intermediate certificate is a certificate that was issued as a dividing layer between the Certificate Authority and the end user’s certificate. It serves as a verification device that tells a browser that a certificate was issued on a safe, valid source, the CA’s root certificate. These root certificates are part of the browsers by default.

The intermediate certificate is issued along with every SSL certificate order, and needs to be installed on the server at the same time. By using the fingerprint of the intermediate certificate that is part of the end user’s certificate, a browser can check whether the certificate was issued on a valid root certificate.

It may occur that an end user certificate was issued on a chain of multiple intermediate certificates. In that case, all appropriate intermediate certificates must be installed on the server. Only then will the browser be able to retrace the string of fingerprints and certificates to the root certificate in the browser.