From a security point of view, the private key of the root certificate is critical and should be kept in the certificate provider's secure data center. Furthermore, the public key of the root certificate is given to browsers such as Microsoft and Google to be added to their list of trusted roots. Any compromise of the root certificate's key would deem the complete certificate chain built by the certificate provider as untrustworthy.
An intermediate certificate authority is an entity that is authorized to sign certificates. Logically, the root CA must sign all certificates. For security reasons, the intermediate CA signs certificates on behalf of the root CA, but intermediate certificates are signed by the root CA. ...