It's D, I checked my own certificate issued by my organization.
Intermediate CA has same values of Basic Constraint and Key Usage as Root CA, the only difference being for Root CA issuer=subject.
For User cert (my own cert) there is no Basic Constraint field at all, and key usage has encryption etc but not Cert Signing.
The Basic Constraint Extension and more specific the CA=True is used to verify if it is a CA certificate or an end entity certificate.
This is not related with the "issue to"
In order to be accepted as an issuer for other certificates, a CA certificate must be marked as such: they must contain a Basic Constraints extension with the cA flag set to TRUE. If a client (e.g. a Web browser) sees a purported server certificate chain, with the "X.com" certificate, not marked as a CA, used as an intermediate CA, then the client will reject the chain.
Please see https://tools.ietf.org/html/rfc5280#section-6.1.4
(k) If certificate i is a version 3 certificate, verify that the
basicConstraints extension is present and that cA is set to
TRUE. (If certificate i is a version 1 or version 2
certificate, then the application MUST either verify that
certificate i is a CA certificate through out-of-band means
or reject the certificate. Conforming implementations may
choose to reject all version 1 and version 2 intermediate
certificates.)
So correct answer is not A or D.
The right answer is B
If you grab any subordinate certificate from your browser SSL session, they all have these same constraints the root CA certificate has, CA=true and KeyCertSign. The only difference is that the issues and subject are not the same. They are the same for Root CA, but different for subordinate CA. There is no such such for a computer algoritm as a person or device, so if there is a name on it, it does not mean anything. The most important things are the basic constraints and the difference between the subject and the issuer.
It is a subordinate CA certificate.
The correct answer is A. Under the Basic Constraints/Subject Type section of the certificate, it is set to CA. If this were a certificate for an endpoint or user it would Subject Type=End Entity
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Samanosuke
Highly Voted 5 years, 6 months agorohit747
Most Recent 3 years, 5 months agoCyril_the_Squirl
4 years agoAps123
4 years, 5 months agoramzie
4 years, 6 months agoOCZY
4 years, 6 months agocarroyoc
4 years, 10 months agoKonstah
4 years, 7 months agoLevis
4 years, 10 months agoLevis
4 years, 10 months agoFr4nx
4 years, 11 months agonsc92
4 years, 11 months agojoeytrib
4 years, 11 months agomontonearm
5 years, 1 month ago