Can I be my own trusted CA via an signed intermediate certificate?

certificate ssl x509

Your question reads to me and to others as "How do I issue certificates to entities inside and outside of my organization that are trusted by arbitrary internet users?"

If that is your question than the answer is "You don't.". If it isn't, please clarify.

I also recommend reading "Windows Server 2008 PKI and Certificate Security by Brian Komar" and consider all of the various PKI scenarios for your applications. You don't need to use Microsoft's CA to get something out of the book.


A quick search shows that such things exist, but with the 'contact us for a quote' suggests it won't be cheap:

https://www.globalsign.com/en/certificate-authority-root-signing/

I make no claims about the company, but that page might give you terms to use to find other companies doing the same.

Related

Is the 10-DNS-lookup limit in the SPF spec typically enforced?
Why should one have a secondary DNS server?
What are the merits of SAS vs SATA drives? [closed]
Naming convention for PC in a network
How to keep user logged-in when disconnecting from RDP session
How to copy user privileges with MySQL?
Is it possible to log the response data in nginx access log?
List user's folder access permissions
Handling http and https requests using a single port with nginx
Relatively easy way to block all traffic from a specific country?
How to authenticate users in nested groups in Apache LDAP?
How do registrars register authoritative name servers with root name servers?