Today, I just finished self-studying on topic "Understanding CA Trust Models" and below are lesson summary:
-To create a scalable solution, you have to design a CA architecture so that CAs can validate certificates issued by other CAs by establishing trusts between CAs.
-Trusts are established between CAs by having each CA issue a certificate to the other CA.
-With mesh trust architectures, all CAs issue certificates for all other CAs. This provides multiple trust paths that can be used for certificate validation.
-Hierarchical trusts establish a top-level CA known as a root CA. Subordinate CAs can be created below that. All users issued certificates in the hierarchy know the root CA, so certificate validation across multiple arms of the hierarchical structure validate through the root CA.
-Bridge CAs connect mesh and hierarchical architectures together. They do not issue certificates to end users, only to other CAs.