Root certificate

Root certificate

In cryptography and computer security, a root certificate is either an unsigned public key certificate or a self-signed certificate that identifies the Root Certificate Authority (CA). A root certificate is part of a public key infrastructure scheme. The most common commercial variety is based on the ITU-T X.509 standard, which normally includes a digital signature from a certificate authority (CA).

Digital certificates are verified using a chain of trust. The trust anchor for the digital certificate is the Root Certificate Authority (CA).

A certificate authority can issue multiple certificates in the form of a tree structure. A root certificate is the top-most certificate of the tree and it is used to "sign" other certificates. All certificates below the root certificate inherit the trustworthiness of the root certificate - a signature by a root certificate is somewhat analogous to "notarizing" an identity in the physical world.

Many software applications assume these root certificates are trustworthy on the user's behalf. For example, a Web browser uses them to verify identities within SSL/TLS secure connections. However, this implies that the user trusts their browser's publisher, the certificate authorities it trusts, and anyone the certificate authority may have issued a certificate-issuing-certificate, to faithfully verify the identity and intentions of all parties that own the certificates. This (transitive) trust in a root certificate is the usual case and is integral to the X.509 certificate chain model.

The root certificate is usually made trustworthy by some mechanism other than a certificate, such as by secure physical distribution. For example, some of the most well-known root certificates are distributed in the Internet browsers by their manufacturers.

External links

* [https://www.verisign.com/support/roots.html Verisign root certificates, including subsidiaries Thawte and Geotrust]
* [http://www.entrust.net/developer/index.cfm Entrust root certificates]
* [http://wiki.cacert.org/wiki/ImportRootCert Import CACert root certs]


Wikimedia Foundation. 2010.

Игры ⚽ Нужен реферат?

Look at other dictionaries:

  • root certificate authority — vyriausioji liudijimų įstaiga statusas T sritis informatika apibrėžtis ↑Liudijimų įstaiga su savo pačios išduotu ↑liudijimu, esančiu ↑liudijimų grandinės viršūnėje. Išduoda liudijimus kitoms liudijimų įstaigoms, kurios vadinamos ↑pavaldžiosiomis… …   Enciklopedinis kompiuterijos žodynas

  • Certificate authority — In cryptography, a certificate authority, or certification authority, (CA) is an entity that issues digital certificates. The digital certificate certifies the ownership of a public key by the named subject of the certificate. This allows others… …   Wikipedia

  • Root Key Ceremony — At the heart of every certificate authority or certification authority (CA) is at least one Root Key(s) or Root Certificate(s) and usually, at least one Intermediate Root Certificate(s). These Digital Certificates are made from a Public and a… …   Wikipedia

  • root CA — vyriausioji liudijimų įstaiga statusas T sritis informatika apibrėžtis ↑Liudijimų įstaiga su savo pačios išduotu ↑liudijimu, esančiu ↑liudijimų grandinės viršūnėje. Išduoda liudijimus kitoms liudijimų įstaigoms, kurios vadinamos ↑pavaldžiosiomis… …   Enciklopedinis kompiuterijos žodynas

  • Certificate server — Certificate servers validate, or certify, keys as part of a Public key infrastructure. Keys are strings of text generated from a series of encryption algorithms that allow you to secure communication for a group of users. Many Web servers, such… …   Wikipedia

  • Public key certificate — Diagram of an example usage of digital certificate In cryptography, a public key certificate (also known as a digital certificate or identity certificate) is an electronic document which uses a digital signature to bind a public key with an… …   Wikipedia

  • Self-signed certificate — In cryptography and computer security, a self signed certificate is an identity certificate that is signed by its own creator. That is, the person that created the certificate also signed off on its legitimacy.In typical public key infrastructure …   Wikipedia

  • Intermediate certificate authorities — Two types of Certificate Authorities There are two types of Certificate authorities (CAs). There are Root CAs and Intermediate CAs. A certificate signed by a Root CA is implicitly trusted by most web browsers. A certificate signed by an… …   Wikipedia

  • Online Certificate Status Protocol — The Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate. It is described in RFC 2560 and is on the Internet standards track. It was created as an alternative… …   Wikipedia

  • Authorization certificate — In computer security, an authorization certificate (also known as an attribute certificate) is a digital document that describes a written permission from the issuer to use a service or a resource that the issuer controls or has access to use.… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”