loading image
Verifying Domain loading image
SSL Validation Banner

What is a Trusted-Root SSL Certificate?

Get a quick rundown on trusted roots

When connecting to a web server that is using SSL, the visitor's browser decides whether or not to trust the web site's SSL certificate based on which Certificate Authority (CA) has issued the actual SSL certificate. To determine this, the browser looks at the list of Certificate Authorities it trusts known as the "Trust Store" or "Root Store", which is kept internally in the Browser or the underlying Operating System. In the Windows OS you may have come across the program which handles this – Cert Manager (or certmgr.msc). If the issuing CA is included in the Trust Store then the secure connection is initiated and the user will see the green padlock and/or green address bar when it's an EV certificate.

Most SSL certificates you come across are issued by CAs who own and use their own Trusted Root certificates, such as those issued by DigiCert, GeoTrust®, Thawte® and RapidSSL®. As DigiCert, GeoTrust®, Thawte® and RapidSSL® are known to web browser vendors as trusted issuing authorities, their Trusted Root CA certificates has already been added to all popular web browsers, hence the name "Trusted-Root" SSL certificates. GeoTrust®, Thawte® and RapidSSL®, subsidiaries of DigiCert, have multiple widely-trusted roots.

There are certificates out there that do not come from a Trusted-Root, and are "un-trusted" certificates. These are issued to and from themselves, known as "self-signed" certificates, or they are from an Internal CA. This means that the browser only trusts the Certificate if its explicitly told to. When the browser encounters this certificate it will present a full page error, unless they have been added to the computers' Trust Store. For this reason, un-trusted certificates are not suitable for use on public websites. These certificates are sometimes used to secure access to internal networks, such as with a corporate intranet, however managing this can be quite a hassle as it requires IT experience to ensure the certificate performs appropriately on all devices.

CAs that use their own Trusted Root CA certificate and have had long term relationships with the top browser vendors (such as Microsoft and Netscape) for the inclusion of their Trusted Root CA certificates are seen as considerably more credible and stable. They are also easier to set up as they are natively trusted and can be quickly installed and them accesses by desktops, laptops, iPhones, Android devices, etc.

Why RSO Image

Why Choose Us?

As an SSL Pioneer, there have been 400,000+ site owners that love our convenient selection of the world’s most popular solutions, streamlined support, awesome experts and unlimited resources & tools to get the job done right at an EXTREMELY AFFORDABLE RATE!

  • Google Chrome web browser image
  • Microsoft Edge web browser image
  • Firefox web browser image
  • Opera web brower image
  • Safari web browser image

Our certs are supported on 99.9% of web browsers, iPhones & mobile devices

Our Awesome Customers

View SSL reviews & testimonials