About
A CA certificate is a certificate used by a certificate authority to validate a certificate signed by the CA private key.
In the chain, it's
- the Root certificate
- or the intermediate certificates. Most organizations create an intermediate certificate and sign server and client certificates with that intermediate. This allows administrators to keep the root locked down even further, they only need to handle it when creating new intermediates (and those intermediates can be quickly revoked).
It's:
- not used for other usage such as server/client authentication, ….
- used to sign server certificate, client certificate
A CA certificate is a certificate with the basicConstraints extension set to true
basicConstraints = critical, CA:true