Jump to content

Root certificate

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Michaelfowler (talk | contribs) at 10:17, 10 October 2006 (External links). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

In cryptography and computer security, a root certificate is an unsigned public key certificate, or a self-signed certificate, and is part of a public key infrastructure scheme. The most common commercial variety is based on the ITU-T X.509 standard. Normally an X.509 certificate includes a digital signature from a certificate authority (CA) which vouches for correctness of the data contained in a certificate.

The authenticity of the CA's signature, and whether the CA can be trusted, can be determined by examining its certificate in turn. This chain must however end somewhere, and it does so at the root certificate, so called as it is at the root of a tree structure. (A CA can issue multiple certificates, which can be used to issue multiple certificates in turn, thus creating a tree).

Root certificates are implicitly trusted. They are included with many software applications. The best known is Web browsers; they are used for SSL / TLS secure connections. However this implies that you trust your browser's publisher to include correct root certificates, and in turn the certificate authorities it trusts, and anyone to whom the CA may have issued a certificate-issuing-certificate, to faithfully authenticate the users of all their certificates. This (transitive) trust in a root certificate is merely assumed in the usual case, there being no way in practice to better ground it, but is integral to the X.509 certificate chain model.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Root_certificate&oldid=80589421"