Home     Blog

Root Certificate

A Root Certificate is a self-signed certificate or an unsigned public key certificate which forms an important part of the PKI (public key infrastructure). The most common commercial type of root certificates is based on the ISO X.509 standard. Such a certificate (a X.509 certificate) usually carries the digital signature of a certification authority (CA), which is the authorized body for validating the embedded data.

In most enterprise-scale public key infrastructure systems, certificate chains prove or verify the identity of a party. When the certificate is issued by a certification authority, it becomes mandatory that the legitimacy of that certificate authority be certified. This is usually done by a higher certification authority in a veritable chain of command model. However, this chain will end somewhere and that ending stop is known as a root certificate. It is so called because it is the root of the certificate tree or the monarch of the certificate domain.

The Certification Authority is more like the branches of the certificate tree (or the ambassadors of the certificate domain) because they have the capability of extending multiple certificates.

The advantage or disadvantage of root certificates is that they are implicitly trusted. For example, root certificates are included in software applications such as the web browsers – Internet Explorer, Mozilla, Netscape, and Opera – where they play a major role in securing TTL/SSL connections. Such a design, by implication, would mean that the user has to trust the browser’s publisher to include a genuine root certificate, and in the process, the certification authority it trusts. They must also trust anyone to whom that particular certification authority has given the ability to issue a certificate to honestly authenticate the owners of all their certificates. The interesting and intriguing point to be made is this transitive trust is generally taken for granted. There is no practical way to ensure that the entire certification chain is error free. Most web users have no choice but to live with this potential hazard as long as most of the certification authorities prefer to follow the X.509 certification chain model.

VN:F [1.9.22_1171]
Rating: 9.0/10 (1 vote cast)
Root Certificate, 9.0 out of 10 based on 1 rating
Follow Will.Spencer on
  • Julie Roy

    Hi there
    I beleive Im a target/victim of 3 hackers. A mysterious Q drive has appeard and on looing at ‘set assosiates’ through control panel defaults and Access Control the Q Drive has a Virtual App as well as an unknown default and unknown programme. In the Set Assosiation I notice a file named .wxd described as a virtual device driver that holds an unknown default. I also researched a suspicious ip address on the internet and “accessing hard drives” came up on my search. Also a “zfsendtotarget” file is worrying me as again no default or programme. 
    Windows firewall advanced security was alarming as it allowed “share files” and “groups” to access me – Im on a home network not public and yet the sharing facilities are fully open. A “homegroup” icon has just appeard in the past 24 hours. My wireless network adapter had to be reset this week along with public network having to be changed back again to home network, also I found a local host has accessed an Identity/CRL where the network path is Shared, on searching through my objects I notice many new administrators one of which a user/group name of Creator Owner has special permissions and even protected it with a password and as an administrator myself Im unable to remove him or take away his authority to ride over me n my computer and hard drives. One is called ANONYMOUS LOGON so Im at the mercy of these very clever people and I know them.
    The memory of my Qdrive is showing 5.32GB free of 6GB memory. I have spent 8 days of research lead me to beleive that on hacking a facebook account – it is linked with my email address thro Windows Live and through this have accessed me and possibly  onto www to aid them in some form of Fraud. All via Non-Microsoft I can see as when Internet Explorer shows remove access, Windows firewall has not been enabled.
    I also saw that a network projector has been used and my research finds that this is web sharing on a very large scale used to blue chip companies etc and Im just a woman at home with no business affairs at all. Public network duly ammended to home network and within an hour I see that file sharing is on and it should be off by default. The list of privacy violations are endless and very recent too.I have many files that have been downloaded – when my hackers are on line I copy pages that they are on, then paste into my private files and most are in encryptions or codes. I have translated some or searched pastebin and some very worrying results ie, system failure, hacker, malicious, suspicious, malfunction and so forth. In the past few days my system has been tampered with and my laptop makes a noise as if it has “feedback” due to electric Like a microphone and the speakers onmy emachine are loud and echo and I know its the hacker getting more powerful, when I emailed certain authorities I knew he could see my file word doc created showing intense breakdown of what the hackers were acheiving and rushed it over to my external hard drive for protection.
    I need help and confirmation and a professional to look over some css files etc I hold from the hacker. All my emails have been sabotaged and its a race against time. My system has already crashed due to internet explorer running along side windows 7 and i ony have W7. I have restored systems once already but the men are in full swing right now as my sreen appears 3d and off or bad balance affect. Please note I may not get access to hotmail email as its live and has been sabotaged but my telephone number is 07889 477744 please help me, will try copy watchdog in on this too.
    Jule
    Not only am I worried about the online fruad Im seeing through

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
Related Posts

  • Root Certificate Update

    In most enterprise-level public key infrastructure systems, there is a dependence upon certificate chains to verify the identity of a party. When a Certificate Authority (CA) issues a certificate for any party, the legitimacy of that certificate authority must be verified. This is usually done by a higher certificate authority. This higher authority is part of a unique certification hierarchy which is eventually overseen by a root certificate. It is so called because it is the root of the certificate tree or the monarch of the certificate domain. If we visualize each certificate domain as a tree, the Certification Authorities [...]...


  • Certificate Authority

    Certificate Authority or Certification Authority (CA) is an entity, which is core to many PKI (Public Key Infrastructure) schemes, whose purpose is to issue digital certificates to use by other parties. It exemplifies a trusted third party. Some certification authorities may charge a fee for their service while some other CAs are free. It is also not uncommon for government and institutions to have their own CAs. More about Issuing a Certificate The certification authority issues a Public Key Certificate (PKC), which attests that the public key embedded in it indeed belongs to a particular person, server, organization or any [...]...


  • PKI Authorities

    PKI Authorities consists of three different authorities that essentially make up a PKI system. These are the Registration Authority, Certification Authority and Certificate Directory. Registration Authority The jobs of the Registration Authority are to processes user requests, confirm their identities, and induct them into the user database. Certification Authority The tasks of a Certification Authority are to issue public key certificates and to attest that the public key embedded in it indeed belongs to the particular entity as stated in the certificate. The Certification Authority also has the right to cancel a certificate if required, and verify it at any [...]...


  • X.509

    X.509 is an ITU-T (ITU Telecommunication Standardization Sector) standard for PKI (Public Key Infrastructure) in cryptography, which, amongst many other things, defines specific formats for PKC (Public Key Certificates) and the algorithm that verifies a given certificate path is valid under a give PKI (called the certification path validation algorithm). X.509 History X.509 began in association with the X.500 standard in 1988 (Version 1) and it assumed a hierarchical system of certification authorities for issuing of certificates, quite contrary to the then existing web trust models – such as PGP – where any one can sign thereby attesting to the [...]...


  • Key Servers

      A key server is a networked computer used to provide cryptographic keys to other computer programs or end-users. Key servers can be used on both internetal networks as well as across the Internet. Today, the primary keys that are served by key servers are keys in Open PGP, x.509, or PKCS key certificate formats and help serve to verify information by a company or individual in the public key infrastructure architecture. How Key Servers Were Created Key servers were initially developed as part of the overall creation of public key infrastructure or cryptography. In PKI, any one person has [...]...


Home » Security » Cryptology » Root Certificate