What is the purpose of Intermediate Certification Authorities store in Windows?

Would it pose any security issue if all of the intermediate certificates were installed in the root store?

Yes. Root-CAs are a pain to revoke. That's why the intermediate-CA idea became popular some years ago. Intermediate CAs are much easier to revoke.

I'd like to know what's the purpose of this intermediate certificate store...

Speed. It's a cache that Windows uses.

...and when should I use it.

You don't. It's automatic.


It is entirely organizational. You may place your certificates wherever you want.

That said, the intermediate CA's play a role in IT infrastructure because they are able to issue certs, but can be limited to only issue for specific purposes. This allows an organization to use a separate ICA different functions (development, production, clients, ...)

The advantage of this is that the root CA can be used less and kept in a more secure situation, while the different functions can operate independently of each other and compromises of one ICA won't affect other functions.

Tags:

Windows

Certificate Authority

Tls

Related

Is there an equivalent of an Apple cryptochip in Android devices? Can I use port 443 without SSL? Decrypting SSL using Wireshark on Linux vs Windows HOW is the malicious URL/payload is delivered to the user on a DOM based XSS attack? Why do email programs block xml files? Is adding a supplementary credit transaction something that could improve online payment security? Is it possible for a vulnerability in one application to be exploited to attack another application on the same server? Is using bcrypt on existing SHA1 hashes good enough when switching password implementation? Password manager in not own device Password Policy: Issue random generated passwords / Let the user choose a password I forgot to shred a file before deleting it (on Windows). How do I shred that part of file system now where the file was located? GnuPG decryption not asking for passphrase

Recent Posts