About

A CA certificate is a certificate used by a certificate authority to sign certificate.

In the chain, it's

• the Root certificate
• or the intermediate certificates. Most organizations create an intermediate certificate and sign server and client certificates with that intermediate. This allows administrators to keep the root locked down even further, they only need to handle it when creating new intermediates (and those intermediates can be quickly revoked).

It's:

• not used for other usage such as server/client authentication, ….
• used to sign server certificate, client certificate

basicConstraints = critical, CA:true