In cryptography and computer security, a root certificate is a public key certificate that identifies a root certificate authority (CA).[1] Root certificates are self-signed (and it is possible for a certificate to have multiple trust paths, say if the certificate was issued by a root that was cross-signed) and form the basis of an X.509-based public key infrastructure (PKI). Either it has matched Authority Key Identifier with Subject Key Identifier, in some cases there is no Authority Key identifier, then Issuer string should match with Subject string (RFC 5280). For instance, the PKIs supporting HTTPS[2] for secure web browsing and electronic signature schemes depend on a set of root certificates.
A certificate authority can issue multiple certificates in the form of a tree structure. A root certificate is the top-most certificate of the tree, the private key which is used to "sign" other certificates. All certificates signed by the root certificate, with the "CA" field set to true, inherit the trustworthiness of the root certificate—a signature by a root certificate is somewhat analogous to "notarizing" identity in the physical world. Such a certificate is called an intermediate certificate or subordinate CA certificate. Certificates further down the tree also depend on the trustworthiness of the intermediates.
The root certificate is usually made trustworthy by some mechanism other than a certificate, such as by secure physical distribution. For example, some of the best-known root certificates are distributed in operating systems by their manufacturers. Microsoft distributes root certificates belonging to members of the Microsoft Root Certificate Program to Windows desktops and Windows Phone 8.[2] Apple distributes root certificates belonging to members of its own root program.
^"What Are CA Certificates?". Microsoft TechNet. 2003-03-28.
^ ab"Windows and Windows Phone 8 SSL Root Certificate Program (Member CAs)". Microsoft TechNet. October 2014.
computer security, a rootcertificate is a public key certificate that identifies a rootcertificate authority (CA). Rootcertificates are self-signed (and...
An offline rootcertificate authority is a certificate authority (as defined in the X.509 standard and RFC 5280) which has been isolated from network...
a self-signed certificate, called a rootcertificate, trust anchor, or trust root. A certificate authority self-signs a rootcertificate to be able to...
certificate may be shared among multiple CAs or their resellers. A root CA certificate may be the base to issue multiple intermediate CA certificates...
each component of hardware and software from the end entity up to the rootcertificate. It is intended to ensure that only trusted software and hardware can...
Infineon RootCertificate Intel EK RootCertificate Intel EK Intermediate Certificate NationZ EK RootCertificate NationZ EK Intermediate Certificate NationZ...
which trust is assumed and not derived. In the X.509 architecture, a rootcertificate would be the trust anchor from which the whole chain of trust is derived...
Memory Devices JEP 317: Experimental Java-Based JIT Compiler JEP 319: RootCertificates JEP 322: Time-Based Release Versioning The first of these JEP 286...
each submitted certificate or precertificate has a valid signature chain leading back to a trusted rootcertificate authority certificate. Refuse to publish...
being intercepted, one can examine the certificate associated with any secure web site, the rootcertificate should indicate whether it was issued for...
Dell computers had shipped with an identical pre-installed rootcertificate known as "eDellRoot". This raised such security risks as attackers impersonating...
pair to get a certificate from any certificate authority, when one has access to the private key. Also the user can pin public keys of root or intermediate...
way up to a 'self-signed' rootcertificate. Rootcertificates must be available to those who use a lower-level CA certificate and so are typically distributed...
without their informed consent. Some unwanted software bundles install a rootcertificate on a user's device, which allows hackers to intercept private data...
Subject certificate and proceeds through a number of intermediate certificates up to a trusted rootcertificate, typically issued by a trusted certificate authority...
an attack would involve requiring all Internet users to install a rootcertificate controlled by the Kazakh government into all their devices, allowing...
certificate authority, issuing two types of certificate. First, they issued certificates under their own name (where the root CA was "DigiNotar Root CA")...
issuing all Certificates under the DigiCert Trusted Root TLS Certificate. Liana B. Baker (2017-08-02). "Symantec to sell Web certificates business to...
including Applause and BetaBound, and requires users to install a Facebook rootcertificate on their phone. On iOS, this is prohibited by Apple's Enterprise Developer...
world. Since 2000, Hongkong Post is a recognized rootcertificate authority and issues digital certificates under the trade name "e-Cert". Hongkong Post also...
SAS 70 standard for root key ceremonies. At the heart of every certificate authority (CA) is at least one root key or rootcertificate and usually at least...
issuance of certificates and a dispute with Google, the GeoTrust RootCertificate became untrusted. This led to the sale of Symantec's certificate business...
superfish adware on some Lenovo notebooks, a researcher found a trusted rootcertificate on affected Lenovo machines to be insecure, as the keys could easily...