I've recently set up SSL on my Apache install. When I received the certificate back from my supplier, there were two files: root.crt and intermediate.crt. My understanding is that in the VirtualHost you should refer to the intermediate cert only. Is this correct? And if so, what is the purpose of the root version?
Thanks.
You only need to configure in the server the intermediate certificates. Root certificates should not be included. It is assumed that the client must have the root certificate in their truststore.
Including it in the certification chain will increase the size of the SSL Handshake with no purpose because it has to be ignored by client
