All about Root Certificate (CA)

All about Root Certificate (CA)

The Root Certificate (CA) is the part of the key that CAs use to sign the issued SSL certificates. By issuing a root certificate, each such authority ensures that the users or organizations requesting SSL are verified and that actions with the domain are legal.Certification authorities with a twenty-year history: GlobalSign, Comodo, Symantec, TrustWave, GeoTrust . They use “named” root certificates that are recognized by most modern browsers.If a GlobalSign root certificate is installed on the site , the browser identifies it as issued by a trusted “guarantor” and proceeds to private verification of the site.If there is no information about the root certificate of the center in the browser, the site does not have a “guarantor”, and the browser considers it to be invalid. This sometimes happens with self-signed security certificates (for example, Let’s Encrypt ):

your connection is not secure

Read about this in the article The browser writes that the connection is not secure or the connection is untrusted .However, the root certificate alone is not enough. For a specific domain to be considered secure, in addition to the root certificate, an intermediate certificate and an individual domain certificate are required , which are also issued by the certification authority when SSL is issued. The validity of intermediate and “individual” certificates is confirmed by the root certificate. The chain of certificates installed on the site gives reason to consider it a “secure SSL certificate” on the Internet.

Your site data is protected

Install an SSL certificate and your site will run over a secure HTTPS connection

Where can I get the root certificate?

Root certificates are issued by certification authorities. REG.RU cooperates with six certification centers. Select the SSL certificate that suits your needs and order it from the SSL Certificates page .You can also take advantage of the REG.RU special offer and get a free SSL certificate for 1 year when ordering a domain or hosting. Read about it in the article: How to order a free SSL certificate?After ordering SSL and activating it, a letter will be sent to the specified contact mail with the necessary data to install the certificate on the site (in particular, the root certificate ). Read more about the contents of the letter in the article Where to get data for installing an SSL certificate .

Can I create a root certificate myself?

To create a root certificate yourself, you need to obtain the status of a certification center. This procedure is associated with significant financial costs, therefore, in most cases, we recommend contacting existing certification authorities.

Installing the certificate chain

The list of trusted certificates used to create the chain comes in the information letter after the release and activation of SSL. To install a chain of certificates (including the root one), follow the detailed instructions in the reference section: Installing an SSL certificate .