A cross-certificate enables the use of certificates across the boundaries of different public key infrastructures (PKIs).
PKIs are cryptographic systems that can issue and verify digital certificates.
Digital communication is secured by certificates issued in this way.
What is a cross certificate?
A mutual trust relationship between two certificate authorities requires each certificate authority to issue a certificate to the other to establish the relationship in both directions. After two certification authorities establish trust conditions and issue certificates to each other, entities within the separate PKIs can interact according to the policies specified in the certificates.
Example: 20 instances means 380 (20 * 19) cross-certificates between these entities.
One solution for an excessive number of cross certificates is a bridge certification. A bridge certification authority exchanges cross certificates with all participating instances. In this way, the certificates of each encryption infrastructure can be traced back to the certificates of each other participating encryption infrastructure via the cross certificates of the bridge certification authority. The bridge certification authority thus forms a hub for the trust relationships of the participating PKIs.
Here you can find an informative article from the German Federal Office for Information Security on this topic:
Do you have any more questions?