What is the difference between a Root and a User Certificate?

There are two types of certificates. 

The first is a certificate that is used to validate another certificate.  Such a certificate is typically known as a Root or Intermediate certificate.  Such a certificate does not have the Private key on the local computer and is typically stored in a .cer or .crt file.

The second is a certificate that is used for authentication.  This certificate requires the private key to be available, either on the local machine, on a tpm, or on a smart card attached to the machine. Such a certificate is also referred to as a credential, or as a "user certificate" or "machine certificate". Such a certificate is typically stored in a .pfx file, and secured with a password.

Private keys that are stored in a Smart Card or TPM typically cannot be exported.

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk