Types of Root Signing Certificates
- Symantec (formerly VeriSign) Managed PKI
- GeoTrust’s GeoRoot
- Thawte Root Certificates
- Comodo Trusted Root Certificate
- GlobalSign’s Trusted Root CA Certificate
- DigiCert Root certificates
- Entrust Root certificates
- Go Daddy Root Certificate Authority
- RSA Root Signing Service
- PGP Trust Center RootSigning
- Cybertrust Verizon Managed PKI
What are the requirements to get a Root Signing certificate?
- Substantial net worth and insurance
- The organization must meet the standards of a Certificate Authority (CA)
- A Certification Practice Statement (CPS) having the exact policies about issuing and managing your certificates
- A FIPS 140-2 Level 2 compliant device for generating and managing your root certificate keys
List of Root Signing Certificate Providers
- Go Daddy
- Cybertrust Verizon
How Can I Buy a Root Signing Certificate?
- Any organization intending to buy a Root Signing Certificate needs to furnish all the requirements as mentioned above.
- After submitting all the required data, you can purchase the certificate from any Root Signing Certificate provider as per their specific instructions.
Identification of a Root CA:
Sometimes we mistakenly identify a Root CA as an Intermediate CA. But it is easy to understand which is the root CA and which one is the Intermediate CA. You have to look only to: Issued to and Issued by, if both are the same, then it is a root certificate, otherwise it is an Intermediate CA. Also, you can look at the Certification Path. The cert which appears at the top of the list is the Root CA.