What is the purpose of Intermediate Certification Authorities store in Windows?

Would it pose any security issue if all of the intermediate certificates were installed in the root store?

Yes. Root-CAs are a pain to revoke. That's why the intermediate-CA idea became popular some years ago. Intermediate CAs are much easier to revoke.

I'd like to know what's the purpose of this intermediate certificate store...

Speed. It's a cache that Windows uses.

...and when should I use it.

You don't. It's automatic.


It is entirely organizational. You may place your certificates wherever you want.

That said, the intermediate CA's play a role in IT infrastructure because they are able to issue certs, but can be limited to only issue for specific purposes. This allows an organization to use a separate ICA different functions (development, production, clients, ...)

The advantage of this is that the root CA can be used less and kept in a more secure situation, while the different functions can operate independently of each other and compromises of one ICA won't affect other functions.