Another Certificate question

Hey everyone, another question on certificate chains...

When a site applies for an ssl certificate, do they have to apply to a root CA? or can they apply to a root, or one of the many smaller CA companies? Then once they obtain a cert from that smaller CA, the company gets it's cert signed by a real root? Is evidence of this, when you look at the certificate viewer in a browser and it says something like

The company, example.com applied for their cert at SomeSmallerCA, inc, which in turned got it's cert signed by Verisign?

Now if I see something like :

The above means that the company, example.com applied directed to the root CA, but they then signed their main cert with an intermediary cert?

So one is a bottom up application and the other is a top down application process? Can there be a mixture of both? Where you apply to a smaller company which goes up to a root, but the root signs an intermediary, before then finally signing to the smaller CA?

Thanks!

In the first case, Verisign has given a certificate to SomeSmallerCA. If you trust Verisign, you can be sure that you are talking to SomeSmallerCA. This does not mean that Verisign assures you that SomeSmallerCA knows what they are doing. So in the first example you have to trust that SomeSmallerCA has verified that example.com is who they say they are. The Verisign certificate only guarantees that you are talking to SomeSmallerCA.

In the second example Verisign is saying that they did an extended validation. There are two levels of validation and "extended" is the better of the two. I'm not sure of the details.