Types of Root Signing Certificates

  • Symantec (formerly VeriSign) Managed PKI
  • GeoTrust’s GeoRoot
  • Thawte Root Certificates
  • Comodo Trusted Root Certificate
  • GlobalSign’s Trusted Root CA Certificate
  • DigiCert Root certificates
  • Entrust Root certificates
  • Go Daddy Root Certificate Authority
  • RSA Root Signing Service
  • PGP Trust Center RootSigning
  • Cybertrust Verizon Managed PKI

What are the requirements to get a Root Signing certificate?

  • Substantial net worth and insurance
  • The organization must meet the standards of a Certificate Authority (CA)
  • A Certification Practice Statement (CPS) having the exact policies about issuing and managing your certificates
  • A FIPS 140-2 Level 2 compliant device for generating and managing your root certificate keys

List of Root Signing Certificate Providers

  • Symantec
  • GeoTrust
  • Thawte
  • Comodo
  • GlobalSign
  • DigiCert
  • Entrust
  • Go Daddy
  • RSA
  • PGP
  • Cybertrust Verizon

How Can I Buy a Root Signing Certificate?

Any organization intending to buy a Root Signing Certificate needs to furnish all the requirements as mentioned above in point #5. After submitting all the required data, you can purchase the certificate from any Root Signing Certificate provider as per their specific instructions.

Identification of a Root CA:

Sometimes we mistakenly identify a Root CA as an Intermediate CA. But it is easy to understand which is the root CA and which one is the Intermediate CA. You have to look only to: Issued to and Issued by, if both are the same, then it is a root certificate, otherwise it is an Intermediate CA. Also, you can look at the Certification Path. The cert which appears at the top of the list is the Root CA.

Identification of a Root CA


Other useful articles on Root Signing certificates

Choose your SSL from the world's most trusted brands

Follow Us

Positive SSL