Question:
I am a little confused as to the purpose of the WWDR Intermediate Certificate used in iOS development. After following these steps:
- generate a public/private key pair;
- generate a certificate signing request (CSR) based on the generated pair, and send it to Apple;
- receive back a certificate, signed by Apple, that verifies that I own the private key associated with the submitted public key,
I would already seem to have everything I would need to sign an application (using my private key) and have proved to Apple that I am the owner of the private key. I therefore arrive at the following related questions:
- Why is the WWDR Intermediate Certificate necessary?
- What information does the WWDR Intermediate Certificate encapsulate?
- At what stage of the code-signing process is the information encapsulated by the WWDR Intermediate Certificate used, and how?
Context:
I am an Android developer who has been doing iOS development for the past 3 months. So far, I have built up my understanding of:
- the basic principles of public key cryptography;
- how PKC allows for the signing of entities;
- the need for a chain of trust between the individual and a CA for a signature to be useful.
I have read questions like this one that indicate the WWDR Intermediate Certificate is necessary to validate that all other certificates acquired via CSRs sent to Apple are valid. How is that validation performed? Is downloading an intermediate certificate a typical way to verify that the signer of another certificate is a CA?